Skip to content
Permalink
Browse files
Protect the PluginView when evaluating javascript: URLs
Fixes <http://webkit.org/b/54884> <rdar://problem/9030864>
plugins/get-url-with-javascript-destroying-plugin.html crashing on Windows since it was
added

Reviewed by Sam Weinig.

* plugins/PluginView.cpp:
(WebCore::PluginView::performRequest): Protect the PluginView, not just its parent frame,
when evaluating javascript: URLs.

Canonical link: https://commits.webkit.org/69158@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@79231 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
aroben committed Feb 21, 2011
1 parent f0e8898 commit 791152aaf46b1592d7d3b5b43006c24c997446cf
Showing with 17 additions and 3 deletions.
  1. +14 −0 Source/WebCore/ChangeLog
  2. +3 −3 Source/WebCore/plugins/PluginView.cpp
@@ -1,3 +1,17 @@
2011-02-21 Adam Roben <aroben@apple.com>

Protect the PluginView when evaluating javascript: URLs

Fixes <http://webkit.org/b/54884> <rdar://problem/9030864>
plugins/get-url-with-javascript-destroying-plugin.html crashing on Windows since it was
added

Reviewed by Sam Weinig.

* plugins/PluginView.cpp:
(WebCore::PluginView::performRequest): Protect the PluginView, not just its parent frame,
when evaluating javascript: URLs.

2011-02-21 Martin Robinson <mrobinson@igalia.com>

Fix GTK+ build after r79223.
@@ -468,15 +468,15 @@ void PluginView::performRequest(PluginRequest* request)
// and this has been made sure in ::load.
ASSERT(targetFrameName.isEmpty() || m_parentFrame->tree()->find(targetFrameName) == m_parentFrame);

// Executing a script can cause the plugin view to be destroyed, so we keep a reference to the parent frame.
RefPtr<Frame> parentFrame = m_parentFrame;
// Executing a script can cause the plugin view to be destroyed, so we keep a reference to it.
RefPtr<PluginView> protector(this);
ScriptValue result = m_parentFrame->script()->executeScript(jsString, request->shouldAllowPopups());

if (targetFrameName.isNull()) {
String resultString;

#if USE(JSC)
ScriptState* scriptState = parentFrame->script()->globalObject(pluginWorld())->globalExec();
ScriptState* scriptState = m_parentFrame->script()->globalObject(pluginWorld())->globalExec();
#elif USE(V8)
ScriptState* scriptState = 0; // Not used with V8
#endif

0 comments on commit 791152a

Please sign in to comment.