Bug 29605

Summary:

[Chromium] Fix the V8 bindings' handling of window.top

Product:

WebKit

Reporter:

Nate Chapin <japhet>

Component:

WebCore Misc.

Assignee:

Nate Chapin <japhet>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, commit-queue, dglazkov, levin

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
patch	none

Nate Chapin

Reported 2009-09-21 12:57:49 PDT

I introduced a regression in the V8 bindings in http://trac.webkit.org/changeset/47130/trunk/WebCore/bindings/scripts/CodeGeneratorV8.pm. We were special casing window.top, since we have disallowing shadowing on it, but it's also marked as replaceable. I believe the solution is: 1. Add back in the special case handling to ensure window.top is not v8::ReadOnly, as this causes a TypeError rather than silently failing. 2. Add in a FIXME to see if we can stop disallowing shadowing at some point in the future. 3. Remove V8ReadOnly from window.top, since in any case other than this that uses Replaceable, V8ReadOnly is redundant.

Attachments
patch (1.57 KB, patch) 2009-09-21 13:11 PDT, Nate Chapin	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Nate Chapin

Comment 1 2009-09-21 13:11:02 PDT

Created attachment 39865 [details] patch After rereading CodeGeneratorV8.pm, I found a usage of V8ReadOnly that I hadn't noticed before, so I won't be doing #3 as I had originally thought.

Dimitri Glazkov (Google)

Comment 2 2009-09-21 13:12:08 PDT

Adam is your man here.

Adam Barth

Comment 3 2009-09-21 13:46:35 PDT

Comment on attachment 39865 [details] patch We can't allow shadowing of window.top without confusing Flash and other plug-ins. The correct solution here is to convince the JSC port not to mark |top| are replaceable, but that's a longer conversation. In the meantime, we should fix the LayoutTest. If this regression is in stable, we should backport this fix. Thanks for the patch.

WebKit Commit Bot

Comment 4 2009-09-21 14:03:15 PDT

Comment on attachment 39865 [details] patch Clearing flags on attachment: 39865 Committed r48598: <http://trac.webkit.org/changeset/48598>

WebKit Commit Bot

Comment 5 2009-09-21 14:03:20 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.