[webkit-changes] [126168] trunk

Tue, 21 Aug 2012 10:02:41 -0700

Title: [126168] trunk
Revision
126168
Author
[email protected]
Date
2012-08-21 10:03:12 -0700 (Tue, 21 Aug 2012)

Log Message

Web Inspector: do not use window's eval in InjectedScript
https://bugs.webkit.org/show_bug.cgi?id=94610

Reviewed by Yury Semikhatsky.

Source/WebCore:

Otherwise, inspector does not work when eval is overriden.

Test: inspector/console/console-eval-fake.html

* bindings/js/JSInjectedScriptHostCustom.cpp:
(WebCore::JSInjectedScriptHost::evaluate):
(WebCore):
* bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
(WebCore::V8InjectedScriptHost::evaluateCallback):
(WebCore):
* inspector/InjectedScriptHost.idl:
* inspector/InjectedScriptSource.js:
(.):

LayoutTests:

* inspector/console/console-eval-fake-expected.txt: Added.
* inspector/console/console-eval-fake.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (126167 => 126168)


--- trunk/LayoutTests/ChangeLog	2012-08-21 17:02:59 UTC (rev 126167)
+++ trunk/LayoutTests/ChangeLog	2012-08-21 17:03:12 UTC (rev 126168)
@@ -1,3 +1,13 @@
+2012-08-21  Pavel Feldman  <[email protected]>
+
+        Web Inspector: do not use window's eval in InjectedScript
+        https://bugs.webkit.org/show_bug.cgi?id=94610
+
+        Reviewed by Yury Semikhatsky.
+
+        * inspector/console/console-eval-fake-expected.txt: Added.
+        * inspector/console/console-eval-fake.html: Added.
+
 2012-08-21  Adam Barth  <[email protected]>
 
         Implement JSDOMWindow*::allowsAccessFrom* in terms of BindingSecurity

Added: trunk/LayoutTests/inspector/console/console-eval-fake-expected.txt (0 => 126168)


--- trunk/LayoutTests/inspector/console/console-eval-fake-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/inspector/console/console-eval-fake-expected.txt	2012-08-21 17:03:12 UTC (rev 126168)
@@ -0,0 +1,5 @@
+Tests that overriding window.eval does not break inspector.
+
+foo
+"fooValue"
+
Property changes on: trunk/LayoutTests/inspector/console/console-eval-fake-expected.txt
___________________________________________________________________

Added: svn:eol-style

Added: trunk/LayoutTests/inspector/console/console-eval-fake.html (0 => 126168)


--- trunk/LayoutTests/inspector/console/console-eval-fake.html	                        (rev 0)
+++ trunk/LayoutTests/inspector/console/console-eval-fake.html	2012-08-21 17:03:12 UTC (rev 126168)
@@ -0,0 +1,29 @@
+<html>
+<head>
+<script src=""
+<script src=""
+<script>
+var foo = 'fooValue';
+
+window.eval = "Non-function";
+
+function test()
+{
+    InspectorTest.evaluateInConsole("foo", step1);
+
+    function step1()
+    {
+        InspectorTest.dumpConsoleMessages();
+        InspectorTest.completeTest();
+    }
+}
+</script>
+</head>
+
+<body _onload_="runTest()">
+<p>
+Tests that overriding window.eval does not break inspector.
+</p>
+
+</body>
+</html>
Property changes on: trunk/LayoutTests/inspector/console/console-eval-fake.html
___________________________________________________________________

Added: svn:eol-style

Modified: trunk/Source/WebCore/ChangeLog (126167 => 126168)


--- trunk/Source/WebCore/ChangeLog	2012-08-21 17:02:59 UTC (rev 126167)
+++ trunk/Source/WebCore/ChangeLog	2012-08-21 17:03:12 UTC (rev 126168)
@@ -1,3 +1,24 @@
+2012-08-21  Pavel Feldman  <[email protected]>
+
+        Web Inspector: do not use window's eval in InjectedScript
+        https://bugs.webkit.org/show_bug.cgi?id=94610
+
+        Reviewed by Yury Semikhatsky.
+
+        Otherwise, inspector does not work when eval is overriden.
+
+        Test: inspector/console/console-eval-fake.html
+
+        * bindings/js/JSInjectedScriptHostCustom.cpp:
+        (WebCore::JSInjectedScriptHost::evaluate):
+        (WebCore):
+        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
+        (WebCore::V8InjectedScriptHost::evaluateCallback):
+        (WebCore):
+        * inspector/InjectedScriptHost.idl:
+        * inspector/InjectedScriptSource.js:
+        (.):
+
 2012-08-21  Adam Barth  <[email protected]>
 
         Implement JSDOMWindow*::allowsAccessFrom* in terms of BindingSecurity

Modified: trunk/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp (126167 => 126168)


--- trunk/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp	2012-08-21 17:02:59 UTC (rev 126167)
+++ trunk/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp	2012-08-21 17:03:12 UTC (rev 126168)
@@ -275,6 +275,28 @@
     return jsUndefined();
 }
 
+JSValue JSInjectedScriptHost::evaluate(ExecState* exec)
+{
+    JSValue _expression_ = exec->argument(0);
+    if (!_expression_.isString())
+        return throwError(exec, createError(exec, "String argument expected."));
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+    JSFunction* evalFunction = globalObject->evalFunction();
+    CallData callData;
+    CallType callType = evalFunction->methodTable()->getCallData(evalFunction, callData);
+    if (callType == CallTypeNone)
+        return jsUndefined();
+    MarkedArgumentBuffer args;
+    args.append(_expression_);
+
+    bool wasEvalEnabled = globalObject->evalEnabled();
+    globalObject->setEvalEnabled(true);
+    JSValue result = JSC::call(exec, evalFunction, callType, callData, exec->globalThisValue(), args);
+    globalObject->setEvalEnabled(wasEvalEnabled);
+
+    return result;
+}
+
 } // namespace WebCore
 
 #endif // ENABLE(INSPECTOR)

Modified: trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp (126167 => 126168)


--- trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp	2012-08-21 17:02:59 UTC (rev 126167)
+++ trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp	2012-08-21 17:03:12 UTC (rev 126168)
@@ -299,6 +299,22 @@
     return v8::Undefined();
 }
 
+v8::Handle<v8::Value> V8InjectedScriptHost::evaluateCallback(const v8::Arguments& args)
+{
+    INC_STATS("InjectedScriptHost.evaluate()");
+    if (args.Length() < 1)
+        return v8::ThrowException(v8::Exception::Error(v8::String::New("One argument expected.")));
+
+    v8::Handle<v8::String> _expression_ = args[0]->ToString();
+    if (_expression_.IsEmpty())
+        return v8::ThrowException(v8::Exception::Error(v8::String::New("The argument must be a string.")));
+
+    v8::Handle<v8::Script> script = v8::Script::Compile(_expression_);
+    if (script.IsEmpty()) // Return immediately in case of exception to let the caller handle it.
+        return v8::Handle<v8::Value>();
+    return script->Run();
+}
+
 } // namespace WebCore
 
 #endif // ENABLE(INSPECTOR)

Modified: trunk/Source/WebCore/inspector/InjectedScriptHost.idl (126167 => 126168)


--- trunk/Source/WebCore/inspector/InjectedScriptHost.idl	2012-08-21 17:02:59 UTC (rev 126167)
+++ trunk/Source/WebCore/inspector/InjectedScriptHost.idl	2012-08-21 17:03:12 UTC (rev 126168)
@@ -47,6 +47,7 @@
 
         [Custom] DOMString databaseId(in DOMObject database);
         [Custom] DOMString storageId(in DOMObject storage);
+        [Custom] DOMObject evaluate(in DOMString text);
     };
 }

Modified: trunk/Source/WebCore/inspector/InjectedScriptSource.js (126167 => 126168)


--- trunk/Source/WebCore/inspector/InjectedScriptSource.js	2012-08-21 17:02:59 UTC (rev 126167)
+++ trunk/Source/WebCore/inspector/InjectedScriptSource.js	2012-08-21 17:03:12 UTC (rev 126168)
@@ -174,7 +174,7 @@
      */
     _parseObjectId: function(objectId)
     {
-        return eval("(" + objectId + ")");
+        return InjectedScriptHost.evaluate("(" + objectId + ")");
     },
 
     /**
@@ -197,7 +197,7 @@
      */
     dispatch: function(methodName, args)
     {
-        var argsArray = eval("(" + args + ")");
+        var argsArray = InjectedScriptHost.evaluate("(" + args + ")");
         var result = this[methodName].apply(this, argsArray);
         if (typeof result === "undefined") {
             inspectedWindow.console.error("Web Inspector error: InjectedScript.%s returns undefined", methodName);
@@ -342,7 +342,7 @@
      */
     evaluate: function(_expression_, objectGroup, injectCommandLineAPI, returnByValue)
     {
-        return this._evaluateAndWrap(inspectedWindow.eval, inspectedWindow, _expression_, objectGroup, false, injectCommandLineAPI, returnByValue);
+        return this._evaluateAndWrap(InjectedScriptHost.evaluate, InjectedScriptHost, _expression_, objectGroup, false, injectCommandLineAPI, returnByValue);
     },
 
     /**
@@ -360,7 +360,7 @@
 
         if (args) {
             var resolvedArgs = [];
-            args = eval(args);
+            args = InjectedScriptHost.evaluate(args);
             for (var i = 0; i < args.length; ++i) {
                 objectId = args[i].objectId;
                 if (objectId) {
@@ -382,7 +382,7 @@
 
         try {
             var objectGroup = this._idToObjectGroupName[parsedObjectId.id];
-            var func = eval("(" + _expression_ + ")");
+            var func = InjectedScriptHost.evaluate("(" + _expression_ + ")");
             if (typeof func !== "function")
                 return "Given _expression_ does not evaluate to a function";
 
@@ -515,7 +515,7 @@
      */
     _callFrameForId: function(topCallFrame, callFrameId)
     {
-        var parsedCallFrameId = eval("(" + callFrameId + ")");
+        var parsedCallFrameId = InjectedScriptHost.evaluate("(" + callFrameId + ")");
         var ordinal = parsedCallFrameId["ordinal"];
         var callFrame = topCallFrame;
         while (--ordinal >= 0 && callFrame)
@@ -562,7 +562,7 @@
     injectModule: function(name, source)
     {
         delete this._modules[name];
-        var module = eval("(" + source + ")");
+        var module = InjectedScriptHost.evaluate("(" + source + ")");
         this._modules[name] = module;
         return module;
     },

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to