Bug 145328

Summary: Document::ensurePlugInsInjectedScript() should evaluate the injected script on its own frame
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: WebCore Misc.Assignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, dino, esprehn+autocc, jonlee, kangil.han, sam, simon.fraser
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
the patch. none

Description Mark Lam 2015-05-22 16:44:51 PDT 
HTMLPlugInImageElement::didAddUserAgentShadowRoot() calls into the JSC VM to get the "createOverlay" function.  If an exception occurs in this call, it should handle that exception.  Currently, it does, and leaves a dangling exception in the VM.
Comment 1 Mark Lam 2015-05-22 18:01:38 PDT 
The exception was because we couldn't find a createOverlay property in the global object, and we tried to convert the returned undefined to an object.  However, it turns out that createOverlay should never be undefined.

So, the real bug is why is the property coming back as undefined.
Comment 2 Mark Lam 2015-05-22 19:22:41 PDT 
http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame.  However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame.

As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail.  Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue.
Comment 3 Mark Lam 2015-05-22 19:22:41 PDT 
http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame.  However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame.

As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail.  Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue.
Comment 4 Mark Lam 2015-05-22 19:28:31 PDT 
Created attachment 253626 [details]
the patch.
Comment 5 Jon Lee 2015-05-22 19:55:32 PDT 
Comment on attachment 253626 [details]
the patch.

Provisional r=me
Comment 6 Mark Lam 2015-05-22 20:53:18 PDT 
Comment on attachment 253626 [details]
the patch.

Bots are all green.  Jon already r+'ed.  Will land.
Comment 7 Mark Lam 2015-05-22 20:55:48 PDT 
Thanks for the review.  Landed in r184816: <http://trac.webkit.org/r184816>.
Comment 8 Geoffrey Garen 2015-05-26 11:12:07 PDT 
Comment on attachment 253626 [details]
the patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=253626&action=review

> Source/WebCore/ChangeLog:18
> +        No new tests.

Why not?