Possible JavaScript Allocation in the toJS call so we should take the JSLock beforehand: ScriptValue InjectedScriptHost::nodeAsScriptValue(ScriptState* state, Node* node) { return ScriptValue(state->globalData(), toJS(state, node)); } Path to follow.
Created attachment 89829 [details] [PATCH] Proposed Fix
Comment on attachment 89829 [details] [PATCH] Proposed Fix r=me
<http://trac.webkit.org/changeset/84022>