[v8] ScriptValue has dangerous copy semantics
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Mar 2013 16:24:42 +0000 (16:24 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Mar 2013 16:24:42 +0000 (16:24 +0000)
commite7983f4ca658ca466b4eb1962761e01dfde92b01
treedfcd0490c594710f6f3b4d32d745a86f9d2814e8
parent55473b230adfd56989afa02693429f319e29ed2d
[v8] ScriptValue has dangerous copy semantics
https://bugs.webkit.org/show_bug.cgi?id=110206

Patch by Dan Carney <dcarney@google.com> on 2013-03-01
Reviewed by Kentaro Hara.

Update ScriptValue to used a SharedPersistent,
making it impossible to return dead references.

No new tests. No change in functionality.

* bindings/v8/ScriptValue.cpp:
(WebCore::ScriptValue::serialize):
(WebCore::ScriptValue::getString):
(WebCore::ScriptValue::toString):
(WebCore::ScriptValue::toInspectorValue):
* bindings/v8/ScriptValue.h:
(WebCore::ScriptValue::ScriptValue):
(WebCore::ScriptValue::operator=):
(WebCore::ScriptValue::operator==):
(WebCore::ScriptValue::isEqual):
(WebCore::ScriptValue::isFunction):
(WebCore::ScriptValue::isNull):
(WebCore::ScriptValue::isUndefined):
(WebCore::ScriptValue::isObject):
(WebCore::ScriptValue::hasNoValue):
(WebCore::ScriptValue::clear):
(ScriptValue):
(WebCore::ScriptValue::v8Value):
(WebCore::ScriptValue::v8ValueRaw):
* bindings/v8/SharedPersistent.h:
* bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
(WebCore::InjectedScriptHost::scriptValueAsNode):
* bindings/v8/custom/V8MessageEventCustom.cpp:
(WebCore::V8MessageEvent::dataAttrGetterCustom):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@144458 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/bindings/v8/ScriptValue.cpp
Source/WebCore/bindings/v8/ScriptValue.h
Source/WebCore/bindings/v8/SharedPersistent.h
Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp
Source/WebCore/bindings/v8/custom/V8MessageEventCustom.cpp