We need to distinguish scripts generated with document.write from the ones generated by the parser of the original resource. Otherwise we bind them to the resource and hence lose them from the debugging UI. Consider the following example: 1: <html> 2: <script>function aa() {}</script> 3: <script>function bb() {}</script> 4: <script>document.write("<scrip" + "t>\n\n\n\n\nfunction cc() {}</sc" + "ript>");</script> 5: <script>function dd() {}</script> 6: </html> As a result, following scripts are reported to be parsed (all sharing the main resource url): line 2-2 line 3-3 line 4-10 line 5-5 As a result of this patch, scripts will be annotated: line 2-2 line 3-3 line 0-6 line 5-5 We will then render scripts starting at 0 as standalone entities.
Created attachment 112851 [details] Patch
Comment on attachment 112851 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=112851&action=review > LayoutTests/http/tests/inspector-enabled/document-write.html:5 > +<script>console.log("Line 5");</script> Please test also that JS handlers written in html attributes will have positions different from scripts created with document.write.
Created attachment 112852 [details] [Patch] With inline handler test case.
Comment on attachment 112852 [details] [Patch] With inline handler test case. View in context: https://bugs.webkit.org/attachment.cgi?id=112852&action=review > LayoutTests/http/tests/inspector-enabled/document-write.html:27 > +Tests that console reports zero line number for scripts generated with document.write. Please add a link to the bug in this description.
Committed r98724: <http://trac.webkit.org/changeset/98724>
Comment on attachment 112852 [details] [Patch] With inline handler test case. View in context: https://bugs.webkit.org/attachment.cgi?id=112852&action=review > Source/WebCore/dom/ScriptElement.cpp:201 > + Document* document = m_element->document(); In general it's dangerous to store references like this in a raw pointer. If anything in this script executes script between this program point and any use of this variable, you're going to have a security vulnerability. It's much better to continue to access the document via some protected point.
> In general it's dangerous to store references like this in a raw pointer. If anything in this script executes script between this program point and any use of this variable, you're going to have a security vulnerability. It's much better to continue to access the document via some protected point. I went through the code originally and have not noticed any uncontrolled lack of control flow / re-enterability. I can roll this refactoring back though in order to maintain the security pattern you suggest in case it is common to WebCore.
I checked them too and I didn't see any problem. It's just a trap waiting to catch someone. It's up to you whether you'd like to change it back.