Title: [200965] trunk/Source/WebCore
- Revision
- 200965
- Author
- [email protected]
- Date
- 2016-05-16 13:46:01 -0700 (Mon, 16 May 2016)
Log Message
Don't execute _javascript_ within HTMLMediaElement::stop()
https://bugs.webkit.org/show_bug.cgi?id=157655
Reviewed by Chris Dumez.
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
Move the setting of m_activeDOMObjectsAreSuspended to true earlier so we won't execute
any JS while suspending the objects.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
Bail early if the controls script hasn't been injected yet or the DOM object has been
stopped or suspended.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (200964 => 200965)
--- trunk/Source/WebCore/ChangeLog 2016-05-16 20:26:40 UTC (rev 200964)
+++ trunk/Source/WebCore/ChangeLog 2016-05-16 20:46:01 UTC (rev 200965)
@@ -1,3 +1,19 @@
+2016-05-12 Ada Chan <[email protected]>
+
+ Don't execute _javascript_ within HTMLMediaElement::stop()
+ https://bugs.webkit.org/show_bug.cgi?id=157655
+
+ Reviewed by Chris Dumez.
+
+ * dom/ScriptExecutionContext.cpp:
+ (WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
+ Move the setting of m_activeDOMObjectsAreSuspended to true earlier so we won't execute
+ any JS while suspending the objects.
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
+ Bail early if the controls script hasn't been injected yet or the DOM object has been
+ stopped or suspended.
+
2016-05-16 Ryosuke Niwa <[email protected]>
Focus ordering should respect slot elements
Modified: trunk/Source/WebCore/dom/ScriptExecutionContext.cpp (200964 => 200965)
--- trunk/Source/WebCore/dom/ScriptExecutionContext.cpp 2016-05-16 20:26:40 UTC (rev 200964)
+++ trunk/Source/WebCore/dom/ScriptExecutionContext.cpp 2016-05-16 20:46:01 UTC (rev 200965)
@@ -224,6 +224,8 @@
return;
}
+ m_activeDOMObjectsAreSuspended = true;
+
m_activeDOMObjectAdditionForbidden = true;
#if !ASSERT_DISABLED || ENABLE(SECURITY_ASSERTIONS)
m_activeDOMObjectRemovalForbidden = true;
@@ -242,7 +244,6 @@
m_activeDOMObjectRemovalForbidden = false;
#endif
- m_activeDOMObjectsAreSuspended = true;
m_reasonForSuspendingActiveDOMObjects = why;
}
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (200964 => 200965)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2016-05-16 20:26:40 UTC (rev 200964)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2016-05-16 20:46:01 UTC (rev 200965)
@@ -6547,6 +6547,11 @@
void HTMLMediaElement::updateMediaControlsAfterPresentationModeChange()
{
+ // Don't execute script if the controls script hasn't been injected yet, or we have
+ // stopped/suspended the object.
+ if (!m_mediaControlsHost || document().activeDOMObjectsAreSuspended() || document().activeDOMObjectsAreStopped())
+ return;
+
DOMWrapperWorld& world = ensureIsolatedWorld();
ScriptController& scriptController = document().frame()->script();
JSDOMGlobalObject* globalObject = JSC::jsCast<JSDOMGlobalObject*>(scriptController.globalObject(world));
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes