REGRESSION r110315: Event handler throws TypeError for an input element with name...
authorharaken@chromium.org <haraken@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 May 2012 07:50:51 +0000 (07:50 +0000)
committerharaken@chromium.org <haraken@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 May 2012 07:50:51 +0000 (07:50 +0000)
commitfef9c1c5ed3022b5030ef5f6105719a873bbf1e8
tree151ed2dca043c43e54fd1d9aaa8a4990ef195490
parent5c23079a70399c5e1c5588a09ddeacbbda48d419
REGRESSION r110315: Event handler throws TypeError for an input element with name="arguments"
https://bugs.webkit.org/show_bug.cgi?id=86991

Reviewed by Ojan Vafai.

Source/WebCore:

Original Chromium bug: http://code.google.com/p/chromium/issues/detail?id=128723

Consider the following html:

<html><body><form>
<input type="hidden" name="arguments"></input>
<div onclick="onclicked()" id="divInsideForm">Click here</div>
</form></body>
<script>
function onclicked() {
  alert("onclicked");
}
</script>
</html>

If we click "Click here", JavaScript throws "Uncaught TypeError: undefined has no properties".

This is a regression caused by r110315. V8LazyEventListener should not use
'arguments' to retrieve the execution contexts, since 'arguments' can be
shadowed by JavaScript.

This patch changes V8LazyEventListener so that it retrieves contexts
by this[2], this[1] and this[0].

Test: fast/forms/form-input-named-arguments.html

* bindings/v8/V8LazyEventListener.cpp:
(WebCore::V8LazyEventListener::prepareListenerObject):

LayoutTests:

The added test checks whether an event handler is successfully invoked
for an input element with name="arguments".

* fast/forms/form-input-named-arguments-expected.txt: Added.
* fast/forms/form-input-named-arguments.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@117928 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/forms/form-input-named-arguments-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/form-input-named-arguments.html [new file with mode: 0644]
LayoutTests/platform/chromium-win/inspector/debugger/debugger-scripts-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/bindings/v8/V8LazyEventListener.cpp