RESOLVED FIXED 145328
Document::ensurePlugInsInjectedScript() should evaluate the injected script on its own frame 
https://bugs.webkit.org/show_bug.cgi?id=145328
Summary Document::ensurePlugInsInjectedScript() should evaluate the injected script o...
Mark Lam
Reported 2015-05-22 16:44:51 PDT
HTMLPlugInImageElement::didAddUserAgentShadowRoot() calls into the JSC VM to get the "createOverlay" function. If an exception occurs in this call, it should handle that exception. Currently, it does, and leaves a dangling exception in the VM.
Attachments
the patch. (1.88 KB, patch)
2015-05-22 19:28 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2015-05-22 18:01:38 PDT
The exception was because we couldn't find a createOverlay property in the global object, and we tried to convert the returned undefined to an object. However, it turns out that createOverlay should never be undefined. So, the real bug is why is the property coming back as undefined.
Mark Lam
Comment 2 2015-05-22 19:22:41 PDT
http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame. However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame. As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail. Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue.
Mark Lam
Comment 3 2015-05-22 19:22:41 PDT
http://trac.webkit.org/changeset/184329 fixed HTMLPlugInImageElement::didAddUserAgentShadowRoot() to use the document's frame instead of the page's main frame. However, Document::ensurePlugInsInjectedScript() is still evaluating the injected script on the main frame. As a result, HTMLPlugInImageElement::didAddUserAgentShadowRoot()'s attempt to get the createOverlay function from the document frame's global object will fail. Fixing Document::ensurePlugInsInjectedScript() to evaluating the injected script on the document's frame fixes the issue.
Mark Lam
Comment 4 2015-05-22 19:28:31 PDT
Created attachment 253626 [details] the patch.
Jon Lee
Comment 5 2015-05-22 19:55:32 PDT
Comment on attachment 253626 [details] the patch. Provisional r=me
Mark Lam
Comment 6 2015-05-22 20:53:18 PDT
Comment on attachment 253626 [details] the patch. Bots are all green. Jon already r+'ed. Will land.
Mark Lam
Comment 7 2015-05-22 20:55:48 PDT
Thanks for the review. Landed in r184816: <http://trac.webkit.org/r184816>.
Geoffrey Garen
Comment 8 2015-05-26 11:12:07 PDT
Comment on attachment 253626 [details] the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=253626&action=review > Source/WebCore/ChangeLog:18 > + No new tests. Why not?
Note You need to log in before you can comment on or make changes to this bug.