Diff
Modified: trunk/LayoutTests/ChangeLog (126066 => 126067)
--- trunk/LayoutTests/ChangeLog 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/LayoutTests/ChangeLog 2012-08-20 21:12:55 UTC (rev 126067)
@@ -1,3 +1,26 @@
+2012-08-20 Christophe Dumez <[email protected]>
+
+ [JSC] SerializedScriptValue::create() should throw a DataCloneError if input is an unsupported object
+ https://bugs.webkit.org/show_bug.cgi?id=94493
+
+ Reviewed by Oliver Hunt.
+
+ Add checks for Function, Error and host objects arguments to
+ MessagePort.postMessage() in fast/events/message-port-multi.html.
+
+ According to the structured clone specification, we should throw
+ a DataCloneError for such input types.
+
+ * fast/dom/Window/anonymous-slot-with-changes-expected.txt:
+ * fast/dom/Window/anonymous-slot-with-changes.html: Update test to expect
+ an exception when passing a function to postMessage().
+ * fast/events/message-port-multi-expected.txt: Update expected result
+ accordingly.
+ * fast/events/resources/message-port-multi.js:
+ (testTransfers.try.f1):
+ * platform/chromium/fast/events/message-port-multi-expected.txt: Removed.
+ Now identical to global expectation.
+
2012-08-20 Ken Buchanan <[email protected]>
Line boxes not being dirtied correctly during inline removal
https://bugs.webkit.org/show_bug.cgi?id=93156
Modified: trunk/LayoutTests/fast/dom/Window/anonymous-slot-with-changes-expected.txt (126066 => 126067)
--- trunk/LayoutTests/fast/dom/Window/anonymous-slot-with-changes-expected.txt 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/LayoutTests/fast/dom/Window/anonymous-slot-with-changes-expected.txt 2012-08-20 21:12:55 UTC (rev 126067)
@@ -1,4 +1,5 @@
Tests that we clone object hierarchies
+PASS: 'postMessage((function(){}))' threw Error: DATA_CLONE_ERR: DOM Exception 25
PASS: eventData is null of type object
PASS: eventData is null of type object
PASS: eventData is null of type object
@@ -49,11 +50,6 @@
PASS: eventData is ,,1 of type object
PASS: eventData is ,,1 of type object
PASS: eventData is ,,1 of type object
-PASS: eventData is null of type object
-PASS: eventData is null of type object
-PASS: eventData is null of type object
-PASS: eventData is null of type object
-PASS: eventData is null of type object
PASS: eventData is 2009-02-13T23:31:30.000Z of type object
PASS: eventData is 2009-02-13T23:31:30.000Z of type object
PASS: eventData is 2009-02-13T23:31:30.000Z of type object
Modified: trunk/LayoutTests/fast/dom/Window/anonymous-slot-with-changes.html (126066 => 126067)
--- trunk/LayoutTests/fast/dom/Window/anonymous-slot-with-changes.html 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/LayoutTests/fast/dom/Window/anonymous-slot-with-changes.html 2012-08-20 21:12:55 UTC (rev 126067)
@@ -123,7 +123,7 @@
tryPostMessage('[]');
tryPostMessage('[1,2,3]');
tryPostMessage('[,,1]');
-tryPostMessage('(function(){})', false, 'null');
+tryPostMessage('(function(){})', true);
tryPostMessage('new Date(1234567890000)');
tryPostMessage('"done"');
</script>
Modified: trunk/LayoutTests/fast/events/message-port-multi-expected.txt (126066 => 126067)
--- trunk/LayoutTests/fast/events/message-port-multi-expected.txt 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/LayoutTests/fast/events/message-port-multi-expected.txt 2012-08-20 21:12:55 UTC (rev 126067)
@@ -14,7 +14,10 @@
PASS event.ports is non-null and zero length when empty array sent
PASS event.ports contains two ports when two ports sent
PASS event.ports contains two ports when two ports re-sent after error
-PASS Sending host object has thrown TypeError: Unable to deserialize data.
+PASS Sending host object has thrown Error: DATA_CLONE_ERR: DOM Exception 25
+PASS Sending host object has thrown Error: DATA_CLONE_ERR: DOM Exception 25
+PASS Sending Function object has thrown Error: DATA_CLONE_ERR: DOM Exception 25
+PASS Sending Error object has thrown Error: DATA_CLONE_ERR: DOM Exception 25
PASS send-port: transferred one port
PASS send-port-twice: transferred one port twice
PASS send-two-ports: transferred two ports
Modified: trunk/LayoutTests/fast/events/resources/message-port-multi.js (126066 => 126067)
--- trunk/LayoutTests/fast/events/resources/message-port-multi.js 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/LayoutTests/fast/events/resources/message-port-multi.js 2012-08-20 21:12:55 UTC (rev 126067)
@@ -47,8 +47,40 @@
channel0.port1.webkitPostMessage({id:"host-object", hostObject:c3, port:c4.port1}, [c4.port1]);
testFailed("Sending host object should throw");
} catch(e) {
- testPassed("Sending host object has thrown " + e);
+ if (e.code == DOMException.DATA_CLONE_ERR)
+ testPassed("Sending host object has thrown " + e);
+ else
+ testFailed("Sending host object should throw a DataCloneError, got: " + e);
}
+ try {
+ channel0.port1.webkitPostMessage({id:"host-object2", hostObject:navigator, port:c4.port1}, [c4.port1]);
+ testFailed("Sending host object should throw");
+ } catch(e) {
+ if (e.code == DOMException.DATA_CLONE_ERR)
+ testPassed("Sending host object has thrown " + e);
+ else
+ testFailed("Sending host object should throw a DataCloneError, got: " + e);
+ }
+ try {
+ var f1 = function() {}
+ channel0.port1.webkitPostMessage({id:"function-object", function:f1, port:c4.port1}, [c4.port1]);
+ testFailed("Sending Function object should throw");
+ } catch(e) {
+ if (e.code == DOMException.DATA_CLONE_ERR)
+ testPassed("Sending Function object has thrown " + e);
+ else
+ testFailed("Sending Function object should throw a DataCloneError, got: " + e);
+ }
+ try {
+ var err = new Error();
+ channel0.port1.webkitPostMessage({id:"error-object", error:err, port:c4.port1}, [c4.port1]);
+ testFailed("Sending Error object should throw");
+ } catch(e) {
+ if (e.code == DOMException.DATA_CLONE_ERR)
+ testPassed("Sending Error object has thrown " + e);
+ else
+ testPassed("Sending Error object should throw a DataCloneError, got: " + e);
+ }
c4.port1.postMessage("Should succeed");
channel0.port1.webkitPostMessage({id:"done"});
Deleted: trunk/LayoutTests/platform/chromium/fast/events/message-port-multi-expected.txt (126066 => 126067)
--- trunk/LayoutTests/platform/chromium/fast/events/message-port-multi-expected.txt 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/LayoutTests/platform/chromium/fast/events/message-port-multi-expected.txt 2012-08-20 21:12:55 UTC (rev 126067)
@@ -1,23 +0,0 @@
-This test checks the various use cases around sending multiple ports through MessagePort.postMessage
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS channel.port1.postMessage("same port", [channel.port1]) threw exception Error: DATA_CLONE_ERR: DOM Exception 25.
-PASS channel.port1.postMessage("entangled port", [channel.port2]) threw exception Error: DATA_CLONE_ERR: DOM Exception 25.
-PASS channel.port1.postMessage("null port", [channel3.port1, null, channel3.port2]) threw exception Error: DATA_CLONE_ERR: DOM Exception 25.
-PASS channel.port1.postMessage("notAPort", [channel3.port1, {}, channel3.port2]) threw exception TypeError: Type error.
-PASS channel.port1.postMessage("notAnArray", channel3.port1) threw exception TypeError: Type error.
-PASS channel.port1.postMessage("notASequence", [{length: 3}]) threw exception TypeError: Type error.
-PASS channel.port1.postMessage("largeSequence", largePortArray) threw exception Error: DATA_CLONE_ERR: DOM Exception 25.
-PASS event.ports is non-null and zero length when no port sent
-PASS event.ports is non-null and zero length when empty array sent
-PASS event.ports contains two ports when two ports sent
-PASS event.ports contains two ports when two ports re-sent after error
-PASS Sending host object has thrown Error: DATA_CLONE_ERR: DOM Exception 25
-PASS send-port: transferred one port
-PASS send-port-twice: transferred one port twice
-PASS send-two-ports: transferred two ports
-
-TEST COMPLETE
-
Modified: trunk/Source/WebCore/ChangeLog (126066 => 126067)
--- trunk/Source/WebCore/ChangeLog 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/Source/WebCore/ChangeLog 2012-08-20 21:12:55 UTC (rev 126067)
@@ -1,3 +1,27 @@
+2012-08-20 Christophe Dumez <[email protected]>
+
+ [JSC] SerializedScriptValue::create() should throw a DataCloneError if input is an unsupported object
+ https://bugs.webkit.org/show_bug.cgi?id=94493
+
+ Reviewed by Oliver Hunt.
+
+ Update JSC implementation for SerializedScriptValue::create() so that
+ a DataCloneError is thrown when the input value is an unsupported
+ object. The previous implementation was not throwing any error.
+
+ This change is according to the structured clone specification at:
+ http://www.w3.org/TR/html5/common-dom-interfaces.html#structured-clone
+
+ This also matches the corresponding V8 implementation.
+
+ Test: fast/events/message-port-multi.html.
+
+ * bindings/js/SerializedScriptValue.cpp:
+ (WebCore::CloneSerializer::dumpIfTerminal):
+ (WebCore::CloneSerializer::serialize):
+ (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
+ * bindings/js/SerializedScriptValue.h:
+
2012-08-20 Sheriff Bot <[email protected]>
Unreviewed, rolling out r125884.
Modified: trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp (126066 => 126067)
--- trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp 2012-08-20 21:12:55 UTC (rev 126067)
@@ -582,13 +582,6 @@
if (isArray(value))
return false;
-
- // Object cannot be serialized because the act of walking the object creates new objects
- if (value.isObject() && asObject(value)->inherits(&JSNavigator::s_info)) {
- fail();
- write(NullTag);
- return true;
- }
if (value.isObject()) {
JSObject* obj = asObject(value);
@@ -677,9 +670,7 @@
return success;
}
- CallData unusedData;
- if (getCallData(value, unusedData) == CallTypeNone)
- return false;
+ return false;
}
// Any other types are expected to serialize as null.
write(NullTag);
@@ -898,6 +889,12 @@
JSObject* inObject = asObject(inValue);
if (!startObject(inObject))
break;
+ // At this point, all supported objects other than Object
+ // objects have been handled. If we reach this point and
+ // the input is not an Object object then we should throw
+ // a DataCloneError.
+ if (inObject->classInfo() != &JSFinalObject::s_info)
+ return DataCloneError;
inputObjectStack.append(inObject);
indexStack.append(0);
propertyStack.append(PropertyNameArray(m_exec));
@@ -1920,6 +1917,9 @@
case ValidationError:
throwError(exec, createTypeError(exec, "Unable to deserialize data."));
break;
+ case DataCloneError:
+ setDOMException(exec, DATA_CLONE_ERR);
+ break;
case ExistingExceptionError:
break;
case UnspecifiedError:
Modified: trunk/Source/WebCore/bindings/js/SerializedScriptValue.h (126066 => 126067)
--- trunk/Source/WebCore/bindings/js/SerializedScriptValue.h 2012-08-20 21:11:07 UTC (rev 126066)
+++ trunk/Source/WebCore/bindings/js/SerializedScriptValue.h 2012-08-20 21:12:55 UTC (rev 126067)
@@ -51,6 +51,7 @@
InterruptedExecutionError,
ValidationError,
ExistingExceptionError,
+ DataCloneError,
UnspecifiedError
};
