145328 2015-05-22 16:44:51 -0700 Document::ensurePlugInsInjectedScript() should evaluate the injected script on its own frame 2015-05-26 11:12:07 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mark.lam mark.lam commit-queue dino esprehn+autocc jonlee kangil.han sam simon.fraser oldest_to_newest 1096998 0 mark.lam 2015-05-22 16:44:51 -0700 HTMLPlugInImageElement::didAddUserAgentShadowRoot() calls into the JSC VM to get the "createOverlay" function. If an exception occurs in this call, it should handle that exception. Currently, it does, and leaves a dangling exception in the VM. 1097018 1 mark.lam 2015-05-22 18:01:38 -0700 The exception was because we couldn't find a createOverlay property in the global object, and we tried to convert the returned undefined to an object. However, it turns out that createOverlay should never be undefined. So, the real bug is why is the property coming back as undefined. 1097030 2 mark.lam 2015-05-22 19:22:41 -0700 http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame. However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame. As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail. Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue. 1097031 3 mark.lam 2015-05-22 19:22:41 -0700 http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame. However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame. As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail. Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue. 1097032 4 253626 mark.lam 2015-05-22 19:28:31 -0700 Created attachment 253626 the patch. 1097034 5 253626 jonlee 2015-05-22 19:55:32 -0700 Comment on attachment 253626 the patch. Provisional r=me 1097042 6 253626 mark.lam 2015-05-22 20:53:18 -0700 Comment on attachment 253626 the patch. Bots are all green. Jon already r+'ed. Will land. 1097043 7 mark.lam 2015-05-22 20:55:48 -0700 Thanks for the review. Landed in r184816: <http://trac.webkit.org/r184816>. 1097345 8 253626 ggaren 2015-05-26 11:12:07 -0700 Comment on attachment 253626 the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=253626&action=review > Source/WebCore/ChangeLog:18 > + No new tests. Why not? 253626 2015-05-22 19:28:31 -0700 2015-05-22 20:53:18 -0700 the patch. bug-145328.patch text/plain 1926 mark.lam SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE4NDgxNSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI1IEBACisyMDE1LTA1LTIyICBNYXJrIExh bSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBEb2N1bWVudDo6ZW5zdXJlUGx1Z0lu c0luamVjdGVkU2NyaXB0KCkgc2hvdWxkIGV2YWx1YXRlIHRoZSBpbmplY3RlZCBzY3JpcHQgb24g aXRzIG93biBmcmFtZS4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTE0NTMyOAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisg ICAgICAgIHRyYWMud2Via2l0Lm9yZy9yMTg0MzI5IGZpeGVkIEhUTUxQbHVnSW5JbWFnZUVsZW1l bnQ6OmRpZEFkZFVzZXJBZ2VudFNoYWRvd1Jvb3QoKQorICAgICAgICB0byB1c2UgdGhlIGRvY3Vt ZW50J3MgZnJhbWUgaW5zdGVhZCBvZiB0aGUgcGFnZSdzIG1haW4gZnJhbWUuICBIb3dldmVyLAor ICAgICAgICBEb2N1bWVudDo6ZW5zdXJlUGx1Z0luc0luamVjdGVkU2NyaXB0KCkgaXMgc3RpbGwg ZXZhbHVhdGluZyB0aGUgaW5qZWN0ZWQgc2NyaXB0IG9uCisgICAgICAgIHRoZSBtYWluIGZyYW1l LgorCisgICAgICAgIEFzIGEgcmVzdWx0LCBIVE1MUGx1Z0luSW1hZ2VFbGVtZW50OjpkaWRBZGRV c2VyQWdlbnRTaGFkb3dSb290KCkncyBhdHRlbXB0IHRvIGdldAorICAgICAgICB0aGUgaW5qZWN0 ZWQgY3JlYXRlT3ZlcmxheSBmdW5jdGlvbiBmcm9tIHRoZSBkb2N1bWVudCBmcmFtZSdzIGdsb2Jh bCBvYmplY3Qgd2lsbAorICAgICAgICBmYWlsLiAgRml4aW5nIERvY3VtZW50OjplbnN1cmVQbHVn SW5zSW5qZWN0ZWRTY3JpcHQoKSB0byBldmFsdWF0aW5nIHRoZSBpbmplY3RlZAorICAgICAgICBz Y3JpcHQgb24gdGhlIGRvY3VtZW50J3MgZnJhbWUgZml4ZXMgdGhlIGlzc3VlLgorCisgICAgICAg IE5vIG5ldyB0ZXN0cy4KKworICAgICAgICAqIGRvbS9Eb2N1bWVudC5jcHA6CisgICAgICAgIChX ZWJDb3JlOjpEb2N1bWVudDo6ZW5zdXJlUGx1Z0luc0luamVjdGVkU2NyaXB0KToKKwogMjAxNS0w NS0yMiAgRXJpYyBDYXJsc29uICA8ZXJpYy5jYXJsc29uQGFwcGxlLmNvbT4KIAogICAgICAgICBN ZWRpYVBsYXllciBkb2Vzbid0IG5lZWQgaXNQbGF5aW5nVG9XaXJlbGVzc1BsYXliYWNrVGFyZ2V0 IGFuZCBpc0N1cnJlbnRQbGF5YmFja1RhcmdldFdpcmVsZXNzCkluZGV4OiBTb3VyY2UvV2ViQ29y ZS9kb20vRG9jdW1lbnQuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1 bWVudC5jcHAJKHJldmlzaW9uIDE4NDc5OCkKKysrIFNvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVu dC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTY0OTAsNyArNjQ5MCw3IEBAIHZvaWQgRG9jdW1lbnQ6 OmVuc3VyZVBsdWdJbnNJbmplY3RlZFNjcmkKICAgICBpZiAoIWpzU3RyaW5nKQogICAgICAgICBq c1N0cmluZyA9IFN0cmluZyhwbHVnSW5zSmF2YVNjcmlwdCwgc2l6ZW9mKHBsdWdJbnNKYXZhU2Ny aXB0KSk7CiAKLSAgICBtX2ZyYW1lLT5tYWluRnJhbWUoKS5zY3JpcHQoKS5ldmFsdWF0ZUluV29y bGQoU2NyaXB0U291cmNlQ29kZShqc1N0cmluZyksIHdvcmxkKTsKKyAgICBmcmFtZSgpLT5zY3Jp cHQoKS5ldmFsdWF0ZUluV29ybGQoU2NyaXB0U291cmNlQ29kZShqc1N0cmluZyksIHdvcmxkKTsK IAogICAgIG1faGFzSW5qZWN0ZWRQbHVnSW5zU2NyaXB0ID0gdHJ1ZTsKIH0K