Relanding(r111754): HTMLPluginElement is not destroyed on reload or navigation if...
[WebKit-https.git] / Source / WebCore / ChangeLog
index 27e7b5eccd0a53a0412bdc68cbf65c8b17cfe781..cb5327b98fd431af1f815351e1229ebe9be19785 100644 (file)
@@ -1,3 +1,38 @@
+2012-03-23  Dave Michael  <dmichael@chromium.org>
+
+        Relanding(r111754): HTMLPluginElement is not destroyed on reload or navigation if getNPObject is called
+        https://bugs.webkit.org/show_bug.cgi?id=80428
+
+        Reviewed by Eric Seidel and Ryosuke Niwa.
+
+        Make HTMLPluginElement release its m_NPObject in detach() to break a
+        reference-counting cycle that happens on reload or navigation. With this
+        change, HTMLPlugInElement::removedFromDocument is unnecessary, so it
+        was removed. Note that Releasing m_NPObject does not result in a call to
+        the plugin; it simply releases a reference count on the wrapper object
+        for this HTMLPlugInElement. (The plugin's NPP_Deallocate is invoked
+        when the render tree is destroyed, when PluginView calls
+        PluginPackage::unload.) Thus, it is safe to release m_NPObject in
+        detach, because it can not result in layout or style changes.
+
+        Also added numberOfLiveNodes() and numberOfLiveDocuments() to
+        window.internals to enable testing.
+
+        Test: plugins/netscape-dom-access-and-reload.html
+
+        * WebCore.exp.in:
+        * html/HTMLPlugInElement.cpp:
+        (WebCore::HTMLPlugInElement::detach):
+        * html/HTMLPlugInElement.h:
+        (HTMLPlugInElement):
+        * testing/Internals.cpp:
+        (WebCore):
+        (WebCore::Internals::numberOfLiveNodes):
+        (WebCore::Internals::numberOfLiveDocuments):
+        * testing/Internals.h:
+        (Internals):
+        * testing/Internals.idl:
+
 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
 
         CSSParser doesn't set border-*-width/style/color to initial by border shorthand property