Bug 145328 - Document::ensurePlugInsInjectedScript() should evaluate the injected script on its own frame
Summary: Document::ensurePlugInsInjectedScript() should evaluate the injected script o...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-22 16:44 PDT by Mark Lam
Modified: 2015-05-26 11:12 PDT (History)
7 users (show)

See Also:

Attachments
the patch. (1.88 KB, patch)
2015-05-22 19:28 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2015-05-22 16:44:51 PDT 
HTMLPlugInImageElement::didAddUserAgentShadowRoot() calls into the JSC VM to get the "createOverlay" function.  If an exception occurs in this call, it should handle that exception.  Currently, it does, and leaves a dangling exception in the VM.
Comment 1 Mark Lam 2015-05-22 18:01:38 PDT 
The exception was because we couldn't find a createOverlay property in the global object, and we tried to convert the returned undefined to an object.  However, it turns out that createOverlay should never be undefined.

So, the real bug is why is the property coming back as undefined.
Comment 2 Mark Lam 2015-05-22 19:22:41 PDT 
http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame.  However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame.

As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail.  Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue.
Comment 3 Mark Lam 2015-05-22 19:22:41 PDT 
http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame.  However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame.

As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail.  Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue.
Comment 4 Mark Lam 2015-05-22 19:28:31 PDT 
Created attachment 253626 [details]
the patch.
Comment 5 Jon Lee 2015-05-22 19:55:32 PDT 
Comment on attachment 253626 [details]
the patch.

Provisional r=me
Comment 6 Mark Lam 2015-05-22 20:53:18 PDT 
Comment on attachment 253626 [details]
the patch.

Bots are all green.  Jon already r+'ed.  Will land.
Comment 7 Mark Lam 2015-05-22 20:55:48 PDT 
Thanks for the review.  Landed in r184816: <http://trac.webkit.org/r184816>.
Comment 8 Geoffrey Garen 2015-05-26 11:12:07 PDT 
Comment on attachment 253626 [details]
the patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=253626&action=review

> Source/WebCore/ChangeLog:18
> +        No new tests.

Why not?