Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: acece69bd261c37f0a66d82d4abc80bed8b09bd7
https://github.com/WebKit/WebKit/commit/acece69bd261c37f0a66d82d4abc80bed8b09bd7
Author: Chris Dumez <[email protected]>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M Source/WebCore/bindings/js/JSDOMWrapper.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.h
M Source/WebCore/dom/MessageEvent.cpp
M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
M Tools/TestWebKitAPI/Tests/WebKitCocoa/UserContentWorld.mm
A Tools/TestWebKitAPI/Tests/WebKitCocoa/postMessage-various-types.html
Log Message:
-----------
window.postMessage with OffscreenCanvas is broken with isolated world message
listener
https://bugs.webkit.org/show_bug.cgi?id=259362
rdar://112618195
Reviewed by Darin Adler.
When constructing a MessageEvent, we would deserialize the `data`
SerializedScriptValue
and cache the resulting JSValue. When accessing MessageEvent.data from the main
world,
we would return the cached JSValue and everything would work fine.
However, upon accessing MessageEvent.data from a non-main world, the cached
JSValue
would not be usable and we would deserialize the original SerializedScriptValue
again.
The issue is that a SerializedScriptValue is not meant to be deserialized
several times.
This is because the deserialization "consumes" certain internal objects. For
examples,
OffscreenCanvas are stored as DetachedOffscreenCanvas internally and consumed
upon
deserialization to construct OffscreenCanvas objects again.
To address the issue, this patch makes several changes:
1. MessageEvent::create() now stores the deserialized JSValue inside the
MessageEvent
object instead of the SerializedScriptValue. As a result, when accessing
MessageEvent.data from the main world, we'll just return the internal
JSValue.
When accessing MessageEvent.data from a non-main world,
cachedPropertyValue() will
detect that the internal JSValue is no compatible with this world and call
cloneAcrossWorlds() on the internal JSValue to generate one suitable for the
non-main
world. Internally, cloneAcrossWorlds() creates a SerializedScriptValue from
the JSValue
and then deserializes that SerializedScriptValue in the target world.
2. As currently implemented, cloneAcrossWorlds() would drop transferrable
objects such
as OffscreenCanvas and MessagePort. To address the issue, we now introduce a
new
CloneAcrossWorlds SerializationContext. When in this context,
SerializedScriptValue
serialization will store OffscreenCanvas/MessagePort in the JSValue inside
internal
vectors and merely serialize indexes inside those vectors. Upon
deserialization, we
deserialize the index and lookup the OffscreenCanvas/MessagePort from the
internal
vector. Then, we call toJS() on the implementation object to get a JS
wrapper for the
target world.
* Source/WebCore/bindings/js/JSDOMWrapper.cpp:
(WebCore::cloneAcrossWorlds):
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::isTypeExposedToGlobalObject):
(WebCore::CloneSerializer::serialize):
(WebCore::CloneSerializer::CloneSerializer):
(WebCore::CloneSerializer::dumpOffscreenCanvas):
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneDeserializer::deserialize):
(WebCore::CloneDeserializer::CloneDeserializer):
(WebCore::CloneDeserializer::readInMemoryOffscreenCanvas):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::SerializedScriptValue::SerializedScriptValue):
(WebCore::SerializedScriptValue::create):
(WebCore::SerializedScriptValue::deserialize):
* Source/WebCore/bindings/js/SerializedScriptValue.h:
* Source/WebCore/dom/MessageEvent.cpp:
(WebCore::MessageEvent::create):
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/UserContentWorld.mm:
(-[UserContentWorldMessageHandler
userContentController:didReceiveScriptMessage:]):
(TEST):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/postMessage-various-types.html: Added.
Canonical link: https://commits.webkit.org/266465@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
