Geoff, Gavin, Sam, Maciej (and any other JSC experts):
Adam and I are fixing:
https://bugs.webkit.org/show_bug.cgi?id=27088
Fix: toJS needs to use the correct global object. The correct global
object should come from whatever "this" is calling into the native
code which is using toJS.
(e.g. document.body. It doesn't matter how/when you access it, the
correct prototype comes from whichever global object which the
document was created from.)
BACKGROUND EXAMPLE:
<script>frames[0].document.createElement("foo")</script>
Should use "thisValue" as passed into:
JSValue JSC_HOST_CALL
jsDocumentPrototypeFunctionCreateElement(ExecState* exec, JSObject*,
JSValue thisValue, const ArgList& args)
We believe the easiest way to get the correct globalData is via:
*Heap::heap(thisValue)->globalData()
QUESTIONS:
We do not need to change the signature of all toJS implementations if
the ExecState can carry the thisValue for us.
ExecState::thisValue() already exists, but ExecState::codeBlock()
seems NULL in our case. (thisValue() seems used by the debugger).
1. Is it correct for the ExecState to carry the "thisValue"?
2. If ExecState is OK to carry "thisValue" how should we fix it to be
non-NULL in jsDocumentPrototypeFunctionCreateElement (and other
places)?
Thanks,
Eric & Adam
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
