Diff
Modified: trunk/Source/WebCore/ChangeLog (97928 => 97929)
--- trunk/Source/WebCore/ChangeLog 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/ChangeLog 2011-10-20 03:53:02 UTC (rev 97929)
@@ -1,3 +1,49 @@
+2011-10-19 Kentaro Hara <[email protected]>
+
+ Added a ConstructorMode check to all existing custom V8 constructors.
+ https://bugs.webkit.org/show_bug.cgi?id=70464
+
+ Reviewed by Adam Barth.
+
+ This patch adds the following two lines to all existing custom V8 constructors:
+
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
+ This checks whether a programmer is trying to allocate an object via "new X",
+ or C++ is trying to allocate an object via the function template and wrap the
+ object with a JS flavor. (See here for more details: bug 70015) In the latter case,
+ a constructor callback should not be executed (i.e. should return immediately).
+
+ No new tests. No change in behavior.
+
+ * bindings/v8/custom/V8ArrayBufferCustom.cpp: Added the ConstructorMode check.
+ (WebCore::V8ArrayBuffer::constructorCallback):
+ * bindings/v8/custom/V8ArrayBufferViewCustom.h: Ditto.
+ (WebCore::constructWebGLArray):
+ * bindings/v8/custom/V8AudioContextCustom.cpp: Ditto.
+ (WebCore::V8AudioContext::constructorCallback):
+ * bindings/v8/custom/V8DOMFormDataCustom.cpp: Ditto.
+ (WebCore::V8DOMFormData::constructorCallback):
+ * bindings/v8/custom/V8DataViewCustom.cpp: Ditto.
+ (WebCore::V8DataView::constructorCallback):
+ * bindings/v8/custom/V8HTMLAudioElementConstructor.cpp: Ditto.
+ (WebCore::v8HTMLAudioElementConstructorCallback):
+ * bindings/v8/custom/V8HTMLImageElementConstructor.cpp: Ditto.
+ (WebCore::v8HTMLImageElementConstructorCallback):
+ * bindings/v8/custom/V8HTMLOptionElementConstructor.cpp: Ditto.
+ (WebCore::v8HTMLOptionElementConstructorCallback):
+ * bindings/v8/custom/V8MessageChannelConstructor.cpp: Ditto.
+ (WebCore::V8MessageChannel::constructorCallback):
+ * bindings/v8/custom/V8WebKitMutationObserverCustom.cpp: Ditto.
+ (WebCore::V8WebKitMutationObserver::constructorCallback):
+ * bindings/v8/custom/V8WebKitPointConstructor.cpp: Ditto.
+ (WebCore::V8WebKitPoint::constructorCallback):
+ * bindings/v8/custom/V8WebSocketCustom.cpp: Ditto.
+ (WebCore::V8WebSocket::constructorCallback):
+ * bindings/v8/custom/V8XMLHttpRequestConstructor.cpp: Ditto.
+ (WebCore::V8XMLHttpRequest::constructorCallback):
+
2011-10-19 Carol Szabo <[email protected]>
CSS Counters have wrong values
Modified: trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferCustom.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferCustom.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferCustom.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -45,6 +45,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
// If we return a previously constructed ArrayBuffer,
// e.g. from the call to ArrayBufferView.buffer, this code is called
// with a zero-length argument list. The V8DOMWrapper will then
Modified: trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.h 2011-10-20 03:53:02 UTC (rev 97929)
@@ -98,6 +98,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
int argLen = args.Length();
if (!argLen) {
// This happens when we return a previously constructed
Modified: trunk/Source/WebCore/bindings/v8/custom/V8AudioContextCustom.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8AudioContextCustom.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8AudioContextCustom.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -46,6 +46,9 @@
if (!args.IsConstructCall())
return throwError("AudioContext constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
Frame* frame = V8Proxy::retrieveFrameForCurrentContext();
if (!frame)
return throwError("AudioContext constructor associated frame is unavailable", V8Proxy::ReferenceError);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8DOMFormDataCustom.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8DOMFormDataCustom.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8DOMFormDataCustom.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -47,6 +47,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
HTMLFormElement* form = 0;
if (args.Length() > 0 && V8HTMLFormElement::HasInstance(args[0]))
form = V8HTMLFormElement::toNative(args[0]->ToObject());
Modified: trunk/Source/WebCore/bindings/v8/custom/V8DataViewCustom.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8DataViewCustom.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8DataViewCustom.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -41,6 +41,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
if (!args.Length()) {
// see constructWebGLArray -- we don't seem to be able to distingish between
// 'new DataView()' and the call used to construct the cached DataView object.
Modified: trunk/Source/WebCore/bindings/v8/custom/V8HTMLAudioElementConstructor.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8HTMLAudioElementConstructor.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8HTMLAudioElementConstructor.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -56,6 +56,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
Frame* frame = V8Proxy::retrieveFrameForCurrentContext();
if (!frame)
return throwError("Audio constructor associated frame is unavailable", V8Proxy::ReferenceError);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8HTMLImageElementConstructor.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8HTMLImageElementConstructor.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8HTMLImageElementConstructor.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -53,6 +53,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
Frame* frame = V8Proxy::retrieveFrameForCurrentContext();
if (!frame)
return throwError("Image constructor associated frame is unavailable", V8Proxy::ReferenceError);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8HTMLOptionElementConstructor.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8HTMLOptionElementConstructor.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8HTMLOptionElementConstructor.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -53,6 +53,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
Frame* frame = V8Proxy::retrieveFrameForCurrentContext();
if (!frame)
return throwError("Option constructor associated frame is unavailable", V8Proxy::ReferenceError);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8MessageChannelConstructor.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8MessageChannelConstructor.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8MessageChannelConstructor.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -53,6 +53,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
// Get the ScriptExecutionContext (WorkerContext or Document)
ScriptExecutionContext* context = getScriptExecutionContext();
if (!context)
Modified: trunk/Source/WebCore/bindings/v8/custom/V8WebKitMutationObserverCustom.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8WebKitMutationObserverCustom.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8WebKitMutationObserverCustom.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -53,6 +53,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
if (args.Length() < 1)
return throwError("Not enough arguments", V8Proxy::TypeError);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -47,6 +47,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
float x = 0;
float y = 0;
if (args.Length() > 1) {
Modified: trunk/Source/WebCore/bindings/v8/custom/V8WebSocketCustom.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8WebSocketCustom.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8WebSocketCustom.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -57,6 +57,10 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
if (args.Length() == 0)
return throwError("Not enough arguments", V8Proxy::SyntaxError);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8XMLHttpRequestConstructor.cpp (97928 => 97929)
--- trunk/Source/WebCore/bindings/v8/custom/V8XMLHttpRequestConstructor.cpp 2011-10-20 03:32:20 UTC (rev 97928)
+++ trunk/Source/WebCore/bindings/v8/custom/V8XMLHttpRequestConstructor.cpp 2011-10-20 03:53:02 UTC (rev 97929)
@@ -50,6 +50,9 @@
if (!args.IsConstructCall())
return throwError("DOM object constructor cannot be called as a function.", V8Proxy::TypeError);
+ if (ConstructorMode::current() == ConstructorMode::WrapExistingObject)
+ return args.Holder();
+
// Expect no parameters.
// Allocate a XMLHttpRequest object as its internal field.
ScriptExecutionContext* context = getScriptExecutionContext();
