Skip to content
Permalink
Browse files
constructJSHTMLElement() should protect document and `elementInterf…
…ace`

https://bugs.webkit.org/show_bug.cgi?id=241827
<rdar://94610860>

Reviewed by Mark Lam.

* Source/WebCore/bindings/js/JSHTMLElementCustom.cpp:
(WebCore::constructJSHTMLElement):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::runModal):

Canonical link: https://commits.webkit.org/251709@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@295704 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
shvaikalesh committed Jun 22, 2022
1 parent 206d7d6 commit 0b461042ff0c149c711be8bc4a8e4e53bb6cbb54
Showing 2 changed files with 3 additions and 1 deletion.
@@ -78,6 +78,9 @@ EncodedJSValue constructJSHTMLElement(JSGlobalObject* lexicalGlobalObject, CallF
return throwVMTypeError(lexicalGlobalObject, scope, "new.target does not define a custom element"_s);

if (!elementInterface->isUpgradingElement()) {
Ref<Document> protectedDocument(document);
Ref<JSCustomElementInterface> protectedElementInterface(*elementInterface);

Structure* baseStructure = getDOMStructure<JSHTMLElement>(vm, *newTargetGlobalObject);
auto* newElementStructure = InternalFunction::createSubclassStructure(lexicalGlobalObject, newTarget, baseStructure);
RETURN_IF_EXCEPTION(scope, { });
@@ -5861,7 +5861,6 @@ void WebPage::runModal()
Ref<WebPage> protector(*this);
#endif
RunLoop::run();
ASSERT(!m_isRunningModal);
}

bool WebPage::canHandleRequest(const WebCore::ResourceRequest& request)

0 comments on commit 0b46104

Please sign in to comment.