Bug 31873 - [V8] Avoid using JavaScript objects as context data
Summary: [V8] Avoid using JavaScript objects as context data
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-25 07:35 PST by Søren Gjesse
Modified: 2009-12-07 09:52 PST (History)
6 users (show)

See Also:


Attachments
Use string instead if JavaScript object for context "data" (4.14 KB, patch)
2009-11-25 07:55 PST, Søren Gjesse
pfeldman: review-
Details | Formatted Diff | Diff
Updated patch (4.63 KB, patch)
2009-11-26 00:01 PST, Søren Gjesse
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Søren Gjesse 2009-11-25 07:35:58 PST
The V8 API provides the ability to associate a context with a "data" object. If a context dependent object is used this ha the side effect of keeping the context alive for some time after the page using the context has been closed.

To avoid this the context "data" object should be a string which is not context dependent. In the V8 API the type will be changed from Object to String in the near future.

See http://crbug.com/23058.
Comment 1 Søren Gjesse 2009-11-25 07:55:31 PST
Created attachment 43847 [details]
Use string instead if JavaScript object for context "data"
Comment 2 Søren Gjesse 2009-11-25 08:28:27 PST
This should not be committed before http://codereview.chromium.org/443002 has been committed in Chromium.
Comment 3 Pavel Feldman 2009-11-25 08:40:13 PST
Comment on attachment 43847 [details]
Use string instead if JavaScript object for context "data"

> -const char* V8Proxy::kContextDebugDataType = "type";
> -const char* V8Proxy::kContextDebugDataValue = "value";

Remove these from .h as well? Otherwise r+.
Comment 4 Yury Semikhatsky 2009-11-25 08:41:53 PST
Looks good to me.

(In reply to comment #1)
> Created an attachment (id=43847) [details]
> Use string instead if JavaScript object for context "data"
Comment 5 Søren Gjesse 2009-11-26 00:01:31 PST
Created attachment 43900 [details]
Updated patch

Removed unused members from V8Proxy.h
Comment 6 Søren Gjesse 2009-11-26 00:08:14 PST
(In reply to comment #3)
> (From update of attachment 43847 [details])
> > -const char* V8Proxy::kContextDebugDataType = "type";
> > -const char* V8Proxy::kContextDebugDataValue = "value";
> 
> Remove these from .h as well? Otherwise r+.

Done.
Comment 7 WebKit Commit Bot 2009-11-26 00:43:49 PST
Comment on attachment 43900 [details]
Updated patch

Clearing flags on attachment: 43900

Committed r51407: <http://trac.webkit.org/changeset/51407>
Comment 8 WebKit Commit Bot 2009-11-26 00:43:54 PST
All reviewed patches have been landed.  Closing bug.
Comment 9 Dimitri Glazkov (Google) 2009-12-07 09:52:55 PST
This change has a flaw in logic. It removes the ability to set debug context id for a newly created context. The early return:

if (debugId == -1)
   return false;

causes V8Proxy::setInjectedScriptContext to always return false for newly created worlds with id > 0.

I'll fix.