2011-02-10 Mads Ager <ager@chromium.org>
authorager@chromium.org <ager@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Feb 2011 06:50:38 +0000 (06:50 +0000)
committerager@chromium.org <ager@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Feb 2011 06:50:38 +0000 (06:50 +0000)
        Reviewed by Nate Chapin.

        [V8] Don't crash on exception getting event handler function
        https://bugs.webkit.org/show_bug.cgi?id=54216

        Check for exceptions when attempting to get the handleEvent property
        of an event-handler object.

        Test: fast/dom/exception-getting-event-handler.html

        * bindings/v8/V8EventListener.cpp:
        (WebCore::V8EventListener::getListenerFunction):
2011-02-10  Mads Ager  <ager@chromium.org>

        Reviewed by Nate Chapin.

        [V8] Don't crash on exception getting event handler function
        https://bugs.webkit.org/show_bug.cgi?id=54216

        Add crash regression test with custom chromium expectations.

        * fast/dom/exception-getting-event-handler-expected.txt: Added.
        * fast/dom/exception-getting-event-handler.html: Added.
        * platform/chromium/fast/dom/exception-getting-event-handler-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@78316 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/exception-getting-event-handler-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/exception-getting-event-handler.html [new file with mode: 0644]
LayoutTests/platform/chromium/fast/dom/exception-getting-event-handler-expected.txt [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/v8/V8EventListener.cpp

index 166da3e..a412c2d 100644 (file)
@@ -1,3 +1,16 @@
+2011-02-10  Mads Ager  <ager@chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        [V8] Don't crash on exception getting event handler function
+        https://bugs.webkit.org/show_bug.cgi?id=54216
+
+        Add crash regression test with custom chromium expectations.
+
+        * fast/dom/exception-getting-event-handler-expected.txt: Added.
+        * fast/dom/exception-getting-event-handler.html: Added.
+        * platform/chromium/fast/dom/exception-getting-event-handler-expected.txt: Added.
+
 2011-02-10  Naoki Takano  <takano.naoki@gmail.com>
 
         Reviewed by James Robinson.
diff --git a/LayoutTests/fast/dom/exception-getting-event-handler-expected.txt b/LayoutTests/fast/dom/exception-getting-event-handler-expected.txt
new file mode 100644 (file)
index 0000000..eb7561f
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 0: 42
+This test checks that an exception thrown when getting the handleEvent property of an event listener does not crash.
+
+PASS: You didn't crash.
diff --git a/LayoutTests/fast/dom/exception-getting-event-handler.html b/LayoutTests/fast/dom/exception-getting-event-handler.html
new file mode 100644 (file)
index 0000000..5b205b9
--- /dev/null
@@ -0,0 +1,22 @@
+<html>
+<body onload="loaded()">
+<p>This test checks that an exception thrown when getting the
+handleEvent property of an event listener does not crash.</p>
+<hr>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function loaded() {
+    var o = {};
+    o.__defineGetter__("handleEvent", function() { throw 42; });
+    var div = document.getElementById("div");
+    div.onkeydown = o;
+    var event = document.createEvent("KeyboardEvent");
+    event.initKeyboardEvent("keydown", true, true, null, "Enter", "");
+    div.dispatchEvent(event);
+}
+</script>
+<div id="div">PASS: You didn't crash.</div>
+</body>
+</html>
diff --git a/LayoutTests/platform/chromium/fast/dom/exception-getting-event-handler-expected.txt b/LayoutTests/platform/chromium/fast/dom/exception-getting-event-handler-expected.txt
new file mode 100644 (file)
index 0000000..c593977
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 12: Uncaught 42
+This test checks that an exception thrown when getting the handleEvent property of an event listener does not crash.
+
+PASS: You didn't crash.
index a98bc2c..279555a 100644 (file)
@@ -1,3 +1,18 @@
+2011-02-10  Mads Ager  <ager@chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        [V8] Don't crash on exception getting event handler function
+        https://bugs.webkit.org/show_bug.cgi?id=54216
+
+        Check for exceptions when attempting to get the handleEvent property
+        of an event-handler object.
+
+        Test: fast/dom/exception-getting-event-handler.html
+
+        * bindings/v8/V8EventListener.cpp:
+        (WebCore::V8EventListener::getListenerFunction):
+
 2011-02-10  Naoki Takano  <takano.naoki@gmail.com>
 
         Reviewed by James Robinson.
index 808d342..319da42 100644 (file)
@@ -54,7 +54,9 @@ v8::Local<v8::Function> V8EventListener::getListenerFunction(ScriptExecutionCont
 
     if (listener->IsObject()) {
         v8::Local<v8::Value> property = listener->Get(v8::String::NewSymbol("handleEvent"));
-        if (property->IsFunction())
+        // Check that no exceptions were thrown when getting the
+        // handleEvent property and that the value is a function.
+        if (!property.IsEmpty() && property->IsFunction())
             return v8::Local<v8::Function>::Cast(property);
     }