2009-03-26 Darin Adler <darin@apple.com>
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Mar 2009 23:50:00 +0000 (23:50 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Mar 2009 23:50:00 +0000 (23:50 +0000)
commit20d1868426b9b0fe253f232112ad9b6c3413185b
treec3a123d14d9090067940ba371554d0c8732df4cc
parentecc8b3842e3446417abdc31ee8f2c444fa7e8d9e
2009-03-26  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        Removed code that casts EventListener down to derived classes
        without type checking. A crash could happen if you added event
        listeners with Objective-C and then manipulated the class with
        JavaScript.

        * bindings/js/JSDOMApplicationCacheCustom.cpp:
        (WebCore::JSDOMApplicationCache::mark): Removed all the casts
        and used the markIfNotNull function and mark functions on
        EventListener instead.
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::JSMessagePort::mark): Ditto.
        * bindings/js/JSWorkerContextCustom.cpp:
        (WebCore::JSWorkerContext::mark): Ditto.
        * bindings/js/JSWorkerCustom.cpp:
        (WebCore::JSWorker::mark): Ditto.
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::mark): Ditto.
        * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
        (WebCore::JSXMLHttpRequestUpload::mark): Ditto.

        * bindings/js/JSEventListener.cpp:
        (WebCore::JSAbstractEventListener::handleEvent): Used function,
        the new name for what used to be called listenerObj.
        (WebCore::JSAbstractEventListener::virtualIsInline): Renamed since
        this doesn't need to be virtual for callers who have a pointer to
        this class, not the base class.
        (WebCore::JSEventListener::function): Renamed from listenerObj.
        (WebCore::JSProtectedEventListener::function): Ditto.

        * bindings/js/JSEventListener.h: Removed unneeded forward class
        declarations. Made all virtual functions private since there's no
        need to call any of them on a particular derived class, only on
        EventListener. Explicitly declare JSEventListener::mark as virtual
        since it's now overriding a function in the EventListener base class.
        Made JSProtectedEventListener::m_globalObject protected so the
        JSLazyEventListener derived class can use it directly instead of using
        a virtual function to get the pointer.

        * bindings/js/JSLazyEventListener.cpp:
        (WebCore::JSLazyEventListener::parseCode): Use m_globalObject instead
        of globalObject since the latter is a virtual function and there's no
        need to pay virtual function overhead.
        (WebCore::JSLazyEventListener::function): Renamed from listenerObj.

        * bindings/js/JSLazyEventListener.h: Moved forward declaration of the
        Node class here from JSEventListener.h.

        * bindings/scripts/CodeGeneratorJS.pm: Removed now-unneeded cast to
        JSEventListener when getting the script object from a listener.

        * dom/EventListener.h: Added virtual function and mark functions
        so we can extract the JavaScript function object or mark a JavaScript
        event listener in a type safe manner.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@42021 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
WebCore/ChangeLog
WebCore/bindings/js/JSDOMApplicationCacheCustom.cpp
WebCore/bindings/js/JSEventListener.cpp
WebCore/bindings/js/JSEventListener.h
WebCore/bindings/js/JSLazyEventListener.cpp
WebCore/bindings/js/JSLazyEventListener.h
WebCore/bindings/js/JSMessagePortCustom.cpp
WebCore/bindings/js/JSWorkerContextCustom.cpp
WebCore/bindings/js/JSWorkerCustom.cpp
WebCore/bindings/js/JSXMLHttpRequestCustom.cpp
WebCore/bindings/js/JSXMLHttpRequestUploadCustom.cpp
WebCore/bindings/scripts/CodeGeneratorJS.pm
WebCore/dom/EventListener.h