Title: [93739] branches/chromium/835
- Revision
- 93739
- Author
- [email protected]
- Date
- 2011-08-24 14:35:49 -0700 (Wed, 24 Aug 2011)
Log Message
Merge 93732
BUG=94011
Review URL: http://codereview.chromium.org/7734002
Modified Paths
Diff
Modified: branches/chromium/835/LayoutTests/platform/wk2/Skipped (93738 => 93739)
--- branches/chromium/835/LayoutTests/platform/wk2/Skipped 2011-08-24 21:33:38 UTC (rev 93738)
+++ branches/chromium/835/LayoutTests/platform/wk2/Skipped 2011-08-24 21:35:49 UTC (rev 93739)
@@ -1515,7 +1515,6 @@
plugins/netscape-plugin-setwindow-size.html
plugins/nested-plugin-objects.html
plugins/pass-different-npp-struct.html
-plugins/plugin-remove-subframe.html
plugins/reentrant-update-widget-positions.html
plugins/reloadplugins-no-pages.html
plugins/return-negative-one-from-write.html
Modified: branches/chromium/835/Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm (93738 => 93739)
--- branches/chromium/835/Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm 2011-08-24 21:33:38 UTC (rev 93738)
+++ branches/chromium/835/Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm 2011-08-24 21:35:49 UTC (rev 93739)
@@ -691,7 +691,9 @@
NSURL *URL = "" URL];
NSString *JSString = [URL _webkit_scriptIfJavaScriptURL];
ASSERT(JSString);
-
+
+ RefPtr<NetscapePluginInstanceProxy> protect(this); // Executing arbitrary _javascript_ can destroy the proxy.
+
NSString *result = [[m_pluginView webFrame] _stringByEvaluatingJavaScriptFromString:JSString forceUserGesture:pluginRequest->allowPopups()];
// Don't continue if stringByEvaluatingJavaScriptFromString caused the plug-in to stop.
Modified: branches/chromium/835/Source/WebKit/mac/WebView/WebFrame.mm (93738 => 93739)
--- branches/chromium/835/Source/WebKit/mac/WebView/WebFrame.mm 2011-08-24 21:33:38 UTC (rev 93738)
+++ branches/chromium/835/Source/WebKit/mac/WebView/WebFrame.mm 2011-08-24 21:35:49 UTC (rev 93739)
@@ -608,6 +608,7 @@
- (NSString *)_stringByEvaluatingJavaScriptFromString:(NSString *)string forceUserGesture:(BOOL)forceUserGesture
{
ASSERT(_private->coreFrame->document());
+ RetainPtr<WebFrame> protect(self); // Executing arbitrary _javascript_ can destroy the frame.
JSValue result = _private->coreFrame->script()->executeScript(string, forceUserGesture).jsValue();
@@ -1204,9 +1205,11 @@
// Get the frame frome the global object we've settled on.
Frame* frame = anyWorldGlobalObject->impl()->frame();
ASSERT(frame->document());
+ RetainPtr<WebFrame> webFrame(kit(frame)); // Running arbitrary _javascript_ can destroy the frame.
+
JSValue result = frame->script()->executeScriptInWorld(core(world), string, true).jsValue();
- if (!frame) // In case the script removed our frame from the page.
+ if (!webFrame->_private->coreFrame) // In case the script removed our frame from the page.
return @"";
// This bizarre set of rules matches behavior from WebKit for Safari 2.0.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
