This is the seventh (and final) level of the unzipping process described in https://bugs.webkit.org/show_bug.cgi?id=66567.
Created attachment 107424 [details] Patch
Comment on attachment 107424 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=107424&action=review r=me > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188 > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object > // exec-globalData() is also likely wrong. > Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec); Can you remove this FIXME? > Source/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.h:46 > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object. > // exec->globalData() is also likely wrong. > JSC::Structure* structure = WebCore::deprecatedGetDOMStructure<ProxyRuntimeObject>(exec); Ditto.
> > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188 > > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object > > // exec-globalData() is also likely wrong. > > Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec); > > Can you remove this FIXME? I talked to Oliver, and I think it still needs to be fixed. We can probably just use the JSGlobalObject that's passed into the create method, but we should ASSERT that the JSGlobalObject is indeed a JSDOMGlobalObject. It's probably better to do as a separate patch.
(In reply to comment #3) > > > Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm:188 > > > // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object > > > // exec-globalData() is also likely wrong. > > > Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(exec); > > > > Can you remove this FIXME? > I talked to Oliver, and I think it still needs to be fixed. We can probably just use the JSGlobalObject that's passed into the create method, but we should ASSERT that the JSGlobalObject is indeed a JSDOMGlobalObject. It's probably better to do as a separate patch. No, you should be using the global object that comes from this, e.g.. this->globalObject() -- that ensure the method from a runtime object has the same origin global object (and hence prototypes, etc) as the actual object being accessed.
> No, you should be using the global object that comes from this, e.g.. this->globalObject() -- that ensure the method from a runtime object has the same origin global object (and hence prototypes, etc) as the actual object being accessed. Bottom line: this is still broken and will take at least an additional patch to fix, along with some info from Anders about how we currently store RootObjects for plugins.
Comment on attachment 107424 [details] Patch Clearing flags on attachment: 107424 Committed r95250: <http://trac.webkit.org/changeset/95250>
All reviewed patches have been landed. Closing bug.