Release the reference to the HTMLPlugInElement's script object, when the element...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Sep 2011 03:20:59 +0000 (03:20 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Sep 2011 03:20:59 +0000 (03:20 +0000)
https://bugs.webkit.org/show_bug.cgi?id=66181

Patch by James Weatherall <wez@chromium.org> on 2011-09-08
Reviewed by Anders Carlsson.

No new tests - no functional change.

* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::removedFromDocument):
* html/HTMLPlugInElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@94831 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/html/HTMLPlugInElement.cpp
Source/WebCore/html/HTMLPlugInElement.h

index 2ede6b9..d3c558b 100644 (file)
@@ -1,3 +1,16 @@
+2011-09-08  James Weatherall  <wez@chromium.org>
+
+        Release the reference to the HTMLPlugInElement's script object, when the element is removed from the document.  This breaks a cyclical reference that would otherwise cause the element to be retained until the document is torn down.
+        https://bugs.webkit.org/show_bug.cgi?id=66181
+
+        Reviewed by Anders Carlsson.
+
+        No new tests - no functional change.
+
+        * html/HTMLPlugInElement.cpp:
+        (WebCore::HTMLPlugInElement::removedFromDocument):
+        * html/HTMLPlugInElement.h:
+
 2011-09-08  Daniel Bates  <dbates@webkit.org>
 
         XSS filter bypass via non-standard URL encoding
index ea90cfe..c905417 100644 (file)
@@ -81,6 +81,18 @@ void HTMLPlugInElement::detach()
     HTMLFrameOwnerElement::detach();
 }
 
+void HTMLPlugInElement::removedFromDocument()
+{
+#if ENABLE(NETSCAPE_PLUGIN_API)
+    if (m_NPObject) {
+        _NPN_ReleaseObject(m_NPObject);
+        m_NPObject = 0;
+    }
+#endif
+
+    HTMLFrameOwnerElement::removedFromDocument();
+}
+
 PassScriptInstance HTMLPlugInElement::getInstance()
 {
     Frame* frame = document()->frame();
index fd99caa..2e33c66 100644 (file)
@@ -57,7 +57,7 @@ protected:
     HTMLPlugInElement(const QualifiedName& tagName, Document*);
 
     virtual void detach();
-
+    virtual void removedFromDocument();
     virtual bool mapToEntry(const QualifiedName& attrName, MappedAttributeEntry& result) const;
     virtual void parseMappedAttribute(Attribute*);