HTMLPluginElement is not destroyed on reload or navigation if getNPObject is called
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Mar 2012 20:45:36 +0000 (20:45 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Mar 2012 20:45:36 +0000 (20:45 +0000)
commitfb885b07b68a0a1fea762b1e06add773716cb7ef
tree49eea9c2df09b164aa056d9a2a62feeebc883019
parent26cab64a39ab45c6834b52554d1916f0f26342da
HTMLPluginElement is not destroyed on reload or navigation if getNPObject is called
https://bugs.webkit.org/show_bug.cgi?id=80428

Patch by Dave Michael <dmichael@chromium.org> on 2012-03-22
Reviewed by Eric Seidel.

.:

Test: plugins/netscape-dom-access-and-reload.html

* Source/autotools/symbols.filter: Export a symbol for InspectorCounters::counterValue.

Source/WebCore:

Make HTMLPluginElement release its m_NPObject in detach() to break a
reference-counting cycle that happens on reload or navigation. With this
change, HTMLPlugInElement::removedFromDocument is unnecessary, so it
was removed. Note that Releasing m_NPObject does not result in a call to
the plugin; it simply releases a reference count on the wrapper object
for this HTMLPlugInElement. (The plugin's NPP_Deallocate is invoked
when the render tree is destroyed, when PluginView calls
PluginPackage::unload.) Thus, it is safe to release m_NPObject in
detach, because it can not result in layout or style changes.

Also added numberOfLiveNodes() and numberOfLiveDocuments() to
window.internals to enable testing.

Test: plugins/netscape-dom-access-and-reload.html

* WebCore.exp.in:
* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::detach):
* html/HTMLPlugInElement.h:
(HTMLPlugInElement):
* testing/Internals.cpp:
(WebCore::Internals::numberOfLiveDocuments):
(WebCore::Internals::numberOfLiveNodes):
(WebCore):
* testing/Internals.h:
(Internals):
* testing/Internals.idl:

Source/WebKit2:

Test: plugins/netscape-dom-access-and-reload.html

* win/WebKit2.def: Export a symbol for InspectorCounters::counterValue
* win/WebKit2CFLite.def: Export a symbol for InspectorCounters::counterValue

LayoutTests:

* plugins/netscape-dom-access-and-reload-expected.txt: Added.
* plugins/netscape-dom-access-and-reload.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@111754 268f45cc-cd09-0410-ab3c-d52691b4dbfc
15 files changed:
ChangeLog
LayoutTests/ChangeLog
LayoutTests/plugins/netscape-dom-access-and-reload-expected.txt [new file with mode: 0644]
LayoutTests/plugins/netscape-dom-access-and-reload.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/html/HTMLPlugInElement.cpp
Source/WebCore/html/HTMLPlugInElement.h
Source/WebCore/testing/Internals.cpp
Source/WebCore/testing/Internals.h
Source/WebCore/testing/Internals.idl
Source/WebKit2/ChangeLog
Source/WebKit2/win/WebKit2.def
Source/WebKit2/win/WebKit2CFLite.def
Source/autotools/symbols.filter