Diff
Modified: branches/safari-611-branch/LayoutTests/ChangeLog (273531 => 273532)
--- branches/safari-611-branch/LayoutTests/ChangeLog 2021-02-26 02:51:43 UTC (rev 273531)
+++ branches/safari-611-branch/LayoutTests/ChangeLog 2021-02-26 02:51:47 UTC (rev 273532)
@@ -1,5 +1,64 @@
2021-02-25 Russell Epstein <[email protected]>
+ Cherry-pick r273438. rdar://problem/74753272
+
+ Regression(r268700) postMessage changes prototype of basic types
+ https://bugs.webkit.org/show_bug.cgi?id=222228
+ <rdar://problem/74612853>
+
+ Reviewed by Geoffrey Garen.
+
+ Source/WebCore:
+
+ r268700 updated ScriptExecutionContext::globalObject() to call:
+ `WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).page())`
+ instead of
+ `frame ? frame->script().globalObject(mainThreadNormalWorld()) : nullptr`
+
+ This was not right for subframes because globalObject() gets the globalObject from
+ the page's main frame instead of the document's frame.
+
+ This patch gets rid of the error-prone WebCore::globalObject() taking in a Page*
+ and replaces it with one taking in a Frame* to avoid such issues in the future.
+
+ Test: fast/dom/Window/postMessage-Object-prototype.html
+
+ * bindings/js/ScriptState.cpp:
+ (WebCore::globalObject):
+ * bindings/js/ScriptState.h:
+ * dom/ScriptExecutionContext.cpp:
+ (WebCore::ScriptExecutionContext::globalObject):
+ * inspector/InspectorFrontendHost.cpp:
+ (WebCore::InspectorFrontendHost::addSelfToGlobalObjectInWorld):
+ (WebCore::InspectorFrontendHost::showContextMenu):
+
+ LayoutTests:
+
+ Add layout test coverage.
+
+ * fast/dom/Window/postMessage-Object-prototype-expected.txt: Added.
+ * fast/dom/Window/postMessage-Object-prototype.html: Added.
+ * fast/dom/Window/resources/postMessage-Object-prototype-frame.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@273438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-02-24 Chris Dumez <[email protected]>
+
+ Regression(r268700) postMessage changes prototype of basic types
+ https://bugs.webkit.org/show_bug.cgi?id=222228
+ <rdar://problem/74612853>
+
+ Reviewed by Geoffrey Garen.
+
+ Add layout test coverage.
+
+ * fast/dom/Window/postMessage-Object-prototype-expected.txt: Added.
+ * fast/dom/Window/postMessage-Object-prototype.html: Added.
+ * fast/dom/Window/resources/postMessage-Object-prototype-frame.html: Added.
+
+2021-02-25 Russell Epstein <[email protected]>
+
Cherry-pick r273385. rdar://problem/74753323
Runtime-disabled CSS features still appear enabled via CSS.supports()
Added: branches/safari-611-branch/LayoutTests/fast/dom/Window/postMessage-Object-prototype-expected.txt (0 => 273532)
--- branches/safari-611-branch/LayoutTests/fast/dom/Window/postMessage-Object-prototype-expected.txt (rev 0)
+++ branches/safari-611-branch/LayoutTests/fast/dom/Window/postMessage-Object-prototype-expected.txt 2021-02-26 02:51:47 UTC (rev 273532)
@@ -0,0 +1,11 @@
+Tests that the prototype of objects serialized via postMessage is correct.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS event.data instanceof Object
+PASS event.data.array instanceof Array
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: branches/safari-611-branch/LayoutTests/fast/dom/Window/postMessage-Object-prototype.html (0 => 273532)
--- branches/safari-611-branch/LayoutTests/fast/dom/Window/postMessage-Object-prototype.html (rev 0)
+++ branches/safari-611-branch/LayoutTests/fast/dom/Window/postMessage-Object-prototype.html 2021-02-26 02:51:47 UTC (rev 273532)
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<script src=""
+<body>
+<script>
+description("Tests that the prototype of objects serialized via postMessage is correct.");
+jsTestIsAsync = true;
+
+_onload_ = () => {
+ let testFrame = document.createElement("iframe");
+ testFrame.src = ""
+ document.body.append(testFrame);
+};
+</script>
+</body>
+</html>
Added: branches/safari-611-branch/LayoutTests/fast/dom/Window/resources/postMessage-Object-prototype-frame.html (0 => 273532)
--- branches/safari-611-branch/LayoutTests/fast/dom/Window/resources/postMessage-Object-prototype-frame.html (rev 0)
+++ branches/safari-611-branch/LayoutTests/fast/dom/Window/resources/postMessage-Object-prototype-frame.html 2021-02-26 02:51:47 UTC (rev 273532)
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+window.addEventListener('message', event => {
+ if (event.data instanceof Object)
+ top.testPassed("event.data instanceof Object");
+ else
+ top.testFailed("event.data instanceof Object");
+ if (event.data.array instanceof Array)
+ top.testPassed("event.data.array instanceof Array");
+ else
+ top.testFailed("event.data.array instanceof Array");
+ top.finishJSTest();
+})
+
+const testObject = {
+ array: [ 1, 2, 3, 4 ]
+};
+window.postMessage(testObject);
+</script>
+</body>
+</html>
Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (273531 => 273532)
--- branches/safari-611-branch/Source/WebCore/ChangeLog 2021-02-26 02:51:43 UTC (rev 273531)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog 2021-02-26 02:51:47 UTC (rev 273532)
@@ -1,5 +1,80 @@
2021-02-25 Russell Epstein <[email protected]>
+ Cherry-pick r273438. rdar://problem/74753272
+
+ Regression(r268700) postMessage changes prototype of basic types
+ https://bugs.webkit.org/show_bug.cgi?id=222228
+ <rdar://problem/74612853>
+
+ Reviewed by Geoffrey Garen.
+
+ Source/WebCore:
+
+ r268700 updated ScriptExecutionContext::globalObject() to call:
+ `WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).page())`
+ instead of
+ `frame ? frame->script().globalObject(mainThreadNormalWorld()) : nullptr`
+
+ This was not right for subframes because globalObject() gets the globalObject from
+ the page's main frame instead of the document's frame.
+
+ This patch gets rid of the error-prone WebCore::globalObject() taking in a Page*
+ and replaces it with one taking in a Frame* to avoid such issues in the future.
+
+ Test: fast/dom/Window/postMessage-Object-prototype.html
+
+ * bindings/js/ScriptState.cpp:
+ (WebCore::globalObject):
+ * bindings/js/ScriptState.h:
+ * dom/ScriptExecutionContext.cpp:
+ (WebCore::ScriptExecutionContext::globalObject):
+ * inspector/InspectorFrontendHost.cpp:
+ (WebCore::InspectorFrontendHost::addSelfToGlobalObjectInWorld):
+ (WebCore::InspectorFrontendHost::showContextMenu):
+
+ LayoutTests:
+
+ Add layout test coverage.
+
+ * fast/dom/Window/postMessage-Object-prototype-expected.txt: Added.
+ * fast/dom/Window/postMessage-Object-prototype.html: Added.
+ * fast/dom/Window/resources/postMessage-Object-prototype-frame.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@273438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-02-24 Chris Dumez <[email protected]>
+
+ Regression(r268700) postMessage changes prototype of basic types
+ https://bugs.webkit.org/show_bug.cgi?id=222228
+ <rdar://problem/74612853>
+
+ Reviewed by Geoffrey Garen.
+
+ r268700 updated ScriptExecutionContext::globalObject() to call:
+ `WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).page())`
+ instead of
+ `frame ? frame->script().globalObject(mainThreadNormalWorld()) : nullptr`
+
+ This was not right for subframes because globalObject() gets the globalObject from
+ the page's main frame instead of the document's frame.
+
+ This patch gets rid of the error-prone WebCore::globalObject() taking in a Page*
+ and replaces it with one taking in a Frame* to avoid such issues in the future.
+
+ Test: fast/dom/Window/postMessage-Object-prototype.html
+
+ * bindings/js/ScriptState.cpp:
+ (WebCore::globalObject):
+ * bindings/js/ScriptState.h:
+ * dom/ScriptExecutionContext.cpp:
+ (WebCore::ScriptExecutionContext::globalObject):
+ * inspector/InspectorFrontendHost.cpp:
+ (WebCore::InspectorFrontendHost::addSelfToGlobalObjectInWorld):
+ (WebCore::InspectorFrontendHost::showContextMenu):
+
+2021-02-25 Russell Epstein <[email protected]>
+
Cherry-pick r273415. rdar://problem/74763807
Move PostResolutionCallbackDisabler to resolveComputedStyle
Modified: branches/safari-611-branch/Source/WebCore/bindings/js/ScriptState.cpp (273531 => 273532)
--- branches/safari-611-branch/Source/WebCore/bindings/js/ScriptState.cpp 2021-02-26 02:51:43 UTC (rev 273531)
+++ branches/safari-611-branch/Source/WebCore/bindings/js/ScriptState.cpp 2021-02-26 02:51:47 UTC (rev 273532)
@@ -92,9 +92,9 @@
return frame->script().globalObject(world);
}
-JSC::JSGlobalObject* globalObject(DOMWrapperWorld& world, Page* page)
+JSC::JSGlobalObject* globalObject(DOMWrapperWorld& world, Frame* frame)
{
- return page ? page->mainFrame().script().globalObject(world) : nullptr;
+ return frame ? frame->script().globalObject(world) : nullptr;
}
JSC::JSGlobalObject* globalObject(WorkerOrWorkletGlobalScope& workerOrWorkletGlobalScope)
Modified: branches/safari-611-branch/Source/WebCore/bindings/js/ScriptState.h (273531 => 273532)
--- branches/safari-611-branch/Source/WebCore/bindings/js/ScriptState.h 2021-02-26 02:51:43 UTC (rev 273531)
+++ branches/safari-611-branch/Source/WebCore/bindings/js/ScriptState.h 2021-02-26 02:51:47 UTC (rev 273532)
@@ -42,7 +42,6 @@
class DOMWrapperWorld;
class Frame;
class Node;
-class Page;
class ScriptExecutionContext;
class WorkerOrWorkletGlobalScope;
@@ -53,7 +52,7 @@
JSC::JSGlobalObject* mainWorldExecState(Frame*);
JSC::JSGlobalObject* globalObject(DOMWrapperWorld&, Node*);
-WEBCORE_EXPORT JSC::JSGlobalObject* globalObject(DOMWrapperWorld&, Page*);
+WEBCORE_EXPORT JSC::JSGlobalObject* globalObject(DOMWrapperWorld&, Frame*);
JSC::JSGlobalObject* globalObject(WorkerOrWorkletGlobalScope&);
} // namespace WebCore
Modified: branches/safari-611-branch/Source/WebCore/dom/ScriptExecutionContext.cpp (273531 => 273532)
--- branches/safari-611-branch/Source/WebCore/dom/ScriptExecutionContext.cpp 2021-02-26 02:51:43 UTC (rev 273531)
+++ branches/safari-611-branch/Source/WebCore/dom/ScriptExecutionContext.cpp 2021-02-26 02:51:47 UTC (rev 273532)
@@ -512,7 +512,7 @@
JSC::JSGlobalObject* ScriptExecutionContext::globalObject()
{
if (is<Document>(*this))
- return WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).page());
+ return WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).frame());
if (is<WorkerOrWorkletGlobalScope>(*this))
return WebCore::globalObject(downcast<WorkerOrWorkletGlobalScope>(*this));
Modified: branches/safari-611-branch/Source/WebCore/inspector/InspectorFrontendHost.cpp (273531 => 273532)
--- branches/safari-611-branch/Source/WebCore/inspector/InspectorFrontendHost.cpp 2021-02-26 02:51:43 UTC (rev 273531)
+++ branches/safari-611-branch/Source/WebCore/inspector/InspectorFrontendHost.cpp 2021-02-26 02:51:47 UTC (rev 273532)
@@ -157,7 +157,7 @@
void InspectorFrontendHost::addSelfToGlobalObjectInWorld(DOMWrapperWorld& world)
{
- auto& lexicalGlobalObject = *globalObject(world, m_frontendPage);
+ auto& lexicalGlobalObject = *globalObject(world, m_frontendPage ? &m_frontendPage->mainFrame() : nullptr);
auto& vm = lexicalGlobalObject.vm();
JSC::JSLockHolder lock(vm);
auto scope = DECLARE_CATCH_SCOPE(vm);
@@ -501,7 +501,7 @@
#if ENABLE(CONTEXT_MENUS)
ASSERT(m_frontendPage);
- auto& lexicalGlobalObject = *globalObject(debuggerWorld(), m_frontendPage);
+ auto& lexicalGlobalObject = *globalObject(debuggerWorld(), &m_frontendPage->mainFrame());
auto& vm = lexicalGlobalObject.vm();
auto value = lexicalGlobalObject.get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "InspectorFrontendAPI"));
ASSERT(value);
