Skip to site navigation (Press enter)

[webkit-changes] [200965] trunk/Source/WebCore

adachan Mon, 16 May 2016 13:46:25 -0700

Title: [200965] trunk/Source/WebCore

Revision: 200965
Author: [email protected]
Date: 2016-05-16 13:46:01 -0700 (Mon, 16 May 2016)

Log Message

Don't execute _javascript_ within HTMLMediaElement::stop()
https://bugs.webkit.org/show_bug.cgi?id=157655


Reviewed by Chris Dumez.

* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
Move the setting of m_activeDOMObjectsAreSuspended to true earlier so we won't execute
any JS while suspending the objects.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
Bail early if the controls script hasn't been injected yet or the DOM object has been
stopped or suspended.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/dom/ScriptExecutionContext.cpp
trunk/Source/WebCore/html/HTMLMediaElement.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (200964 => 200965)


--- trunk/Source/WebCore/ChangeLog	2016-05-16 20:26:40 UTC (rev 200964)
+++ trunk/Source/WebCore/ChangeLog	2016-05-16 20:46:01 UTC (rev 200965)
@@ -1,3 +1,19 @@
+2016-05-12  Ada Chan  <[email protected]>
+
+        Don't execute _javascript_ within HTMLMediaElement::stop()
+        https://bugs.webkit.org/show_bug.cgi?id=157655
+
+        Reviewed by Chris Dumez.
+
+        * dom/ScriptExecutionContext.cpp:
+        (WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
+        Move the setting of m_activeDOMObjectsAreSuspended to true earlier so we won't execute
+        any JS while suspending the objects.
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
+        Bail early if the controls script hasn't been injected yet or the DOM object has been
+        stopped or suspended.
+
 2016-05-16  Ryosuke Niwa  <[email protected]>
 
         Focus ordering should respect slot elements

Modified: trunk/Source/WebCore/dom/ScriptExecutionContext.cpp (200964 => 200965)


--- trunk/Source/WebCore/dom/ScriptExecutionContext.cpp	2016-05-16 20:26:40 UTC (rev 200964)
+++ trunk/Source/WebCore/dom/ScriptExecutionContext.cpp	2016-05-16 20:46:01 UTC (rev 200965)
@@ -224,6 +224,8 @@
         return;
     }
 
+    m_activeDOMObjectsAreSuspended = true;
+
     m_activeDOMObjectAdditionForbidden = true;
 #if !ASSERT_DISABLED || ENABLE(SECURITY_ASSERTIONS)
     m_activeDOMObjectRemovalForbidden = true;
@@ -242,7 +244,6 @@
     m_activeDOMObjectRemovalForbidden = false;
 #endif
 
-    m_activeDOMObjectsAreSuspended = true;
     m_reasonForSuspendingActiveDOMObjects = why;
 }

Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (200964 => 200965)


--- trunk/Source/WebCore/html/HTMLMediaElement.cpp	2016-05-16 20:26:40 UTC (rev 200964)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp	2016-05-16 20:46:01 UTC (rev 200965)
@@ -6547,6 +6547,11 @@
 
 void HTMLMediaElement::updateMediaControlsAfterPresentationModeChange()
 {
+    // Don't execute script if the controls script hasn't been injected yet, or we have
+    // stopped/suspended the object.
+    if (!m_mediaControlsHost || document().activeDOMObjectsAreSuspended() || document().activeDOMObjectsAreStopped())
+        return;
+
     DOMWrapperWorld& world = ensureIsolatedWorld();
     ScriptController& scriptController = document().frame()->script();
     JSDOMGlobalObject* globalObject = JSC::jsCast<JSDOMGlobalObject*>(scriptController.globalObject(world));

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes