Title: [120002] trunk/Source/WebKit2
- Revision
- 120002
- Author
- [email protected]
- Date
- 2012-06-11 13:16:58 -0700 (Mon, 11 Jun 2012)
Log Message
Crash when a plug-in tries to use the NPRuntime API with _javascript_ disabled
https://bugs.webkit.org/show_bug.cgi?id=88797
<rdar://problem/11574844>
Reviewed by Brady Eidson.
* PluginProcess/PluginControllerProxy.cpp:
(WebKit::PluginControllerProxy::initialize):
Handle the windowNPObjectID being 0.
(WebKit::PluginControllerProxy::windowScriptNPObject):
Handle m_windownPObject being null.
* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::windowScriptNPObject):
Return null if _javascript_ is disabled.
(WebKit::PluginView::pluginElementNPObject):
Ditto.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (120001 => 120002)
--- trunk/Source/WebKit2/ChangeLog 2012-06-11 20:16:27 UTC (rev 120001)
+++ trunk/Source/WebKit2/ChangeLog 2012-06-11 20:16:58 UTC (rev 120002)
@@ -1,3 +1,25 @@
+2012-06-11 Anders Carlsson <[email protected]>
+
+ Crash when a plug-in tries to use the NPRuntime API with _javascript_ disabled
+ https://bugs.webkit.org/show_bug.cgi?id=88797
+ <rdar://problem/11574844>
+
+ Reviewed by Brady Eidson.
+
+ * PluginProcess/PluginControllerProxy.cpp:
+ (WebKit::PluginControllerProxy::initialize):
+ Handle the windowNPObjectID being 0.
+
+ (WebKit::PluginControllerProxy::windowScriptNPObject):
+ Handle m_windownPObject being null.
+
+ * WebProcess/Plugins/PluginView.cpp:
+ (WebKit::PluginView::windowScriptNPObject):
+ Return null if _javascript_ is disabled.
+
+ (WebKit::PluginView::pluginElementNPObject):
+ Ditto.
+
2012-06-11 Kenneth Rohde Christiansen <[email protected]>
Add QML api for setting device width and height
Modified: trunk/Source/WebKit2/PluginProcess/PluginControllerProxy.cpp (120001 => 120002)
--- trunk/Source/WebKit2/PluginProcess/PluginControllerProxy.cpp 2012-06-11 20:16:27 UTC (rev 120001)
+++ trunk/Source/WebKit2/PluginProcess/PluginControllerProxy.cpp 2012-06-11 20:16:58 UTC (rev 120002)
@@ -102,8 +102,8 @@
return false;
}
- m_windowNPObject = m_connection->npRemoteObjectMap()->createNPObjectProxy(creationParameters.windowNPObjectID, m_plugin.get());
- ASSERT(m_windowNPObject);
+ if (creationParameters.windowNPObjectID)
+ m_windowNPObject = m_connection->npRemoteObjectMap()->createNPObjectProxy(creationParameters.windowNPObjectID, m_plugin.get());
bool returnValue = m_plugin->initialize(this, creationParameters.parameters);
@@ -246,6 +246,9 @@
NPObject* PluginControllerProxy::windowScriptNPObject()
{
+ if (!m_windowNPObject)
+ return 0;
+
retainNPObject(m_windowNPObject);
return m_windowNPObject;
}
Modified: trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp (120001 => 120002)
--- trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp 2012-06-11 20:16:27 UTC (rev 120001)
+++ trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp 2012-06-11 20:16:58 UTC (rev 120002)
@@ -1079,8 +1079,10 @@
if (!frame())
return 0;
- // FIXME: Handle _javascript_ being disabled.
- ASSERT(frame()->script()->canExecuteScripts(NotAboutToExecuteScript));
+ if (!frame()->script()->canExecuteScripts(NotAboutToExecuteScript)) {
+ // FIXME: Investigate if other browsers allow plug-ins to access _javascript_ objects even if _javascript_ is disabled.
+ return 0;
+ }
return m_npRuntimeObjectMap.getOrCreateNPObject(*pluginWorld()->globalData(), frame()->script()->windowShell(pluginWorld())->window());
}
@@ -1090,7 +1092,11 @@
if (!frame())
return 0;
- // FIXME: Handle _javascript_ being disabled.
+ if (!frame()->script()->canExecuteScripts(NotAboutToExecuteScript)) {
+ // FIXME: Investigate if other browsers allow plug-ins to access _javascript_ objects even if _javascript_ is disabled.
+ return 0;
+ }
+
JSObject* object = frame()->script()->jsObjectForPluginElement(m_pluginElement.get());
ASSERT(object);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
