Google Git
Sign in
chromium / chromium / src / a0b5c2a12199d02719e70d6206a42cc7973b0a94
commita0b5c2a12199d02719e70d6206a42cc7973b0a94[log] [tgz]
authorYuki Shiino <yukishiino@chromium.org>Thu May 16 01:45:04 2019
committerCommit Bot <commit-bot@chromium.org>Thu May 16 01:45:04 2019
tree6c52d99849f7068320a531581ecc8e12abfdca59
parent8535cd192b57aa398b967b601766fec3e37855e2 [diff]
v8binding: beforeunload: Run toString in the callback context

The return value of onbeforeunload event handler is processed
in a special way at js_event_handler.cc, outside a generated
callback function class such as V8EventHandlerNonNull.

If JS return value is
    {toString: function() { return ...; }}
then, the type conversion from v8::Value to WTF::String causes
an invocation of author function, and the author function must
run as part of the IDL callback function, i.e. with the correct
current realm and correct incumbent realm.

This patch adds a hack to run the string conversion with the
correct current and incumbent realms.

Change-Id: Ia56141aecb5b3b7912fdb72a8b4e5349ff0d4b4c
Bug: 963375
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1611699
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#660252}
5 files changed
tree: 6c52d99849f7068320a531581ecc8e12abfdca59
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. .clang-format
  52. .eslintrc.js
  53. .git-blame-ignore-revs
  54. .gitattributes
  55. .gitignore
  56. .gn
  57. .vpython
  58. AUTHORS
  59. BUILD.gn
  60. CODE_OF_CONDUCT.md
  61. codereview.settings
  62. DEPS
  63. ENG_REVIEW_OWNERS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. README.md
  71. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .