Ignore:
Timestamp:
Nov 5, 2008, 7:26:30 PM (17 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

2008-11-05 Gavin Barraclough <[email protected]>

Reviewed by Maciej Stachowiak.

https://bugs.webkit.org/show_bug.cgi?id=22094

Fix for bug where the callee incorrectly recieves the caller's lexical
global object as this, rather than its own. Implementation closely
follows the spec, passing jsNull, checking in the callee and replacing
with the global object where necessary.

  • VM/CTI.cpp: (JSC::CTI::compileOpCall):
  • VM/Machine.cpp: (JSC::Machine::cti_op_call_NotJSFunction): (JSC::Machine::cti_op_call_eval):
  • runtime/JSCell.h: (JSC::JSValue::toThisObject):
  • runtime/JSImmediate.cpp: (JSC::JSImmediate::toThisObject):
  • runtime/JSImmediate.h:

LayoutTests:

2008-11-05 Gavin Barraclough <[email protected]>

Reviewed by Maciej Stachowiak.

Previosly the test 'cross-site-this' checked that the second level deep method called
across frames recieved the correct this pointer, when no base object is provided.


Test updated so that it check that the code in the child frame, and both the first
and second functions called in the parent frame recieve the correct this values.

  • fast/frames/cross-site-this.html:
  • fast/frames/resources/cross-site-this-helper.html:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/runtime/JSImmediate.h

    r37938 r38148  
    234234        static bool toBoolean(JSValue*);
    235235        static JSObject* toObject(JSValue*, ExecState*);
     236        static JSObject* toThisObject(JSValue*, ExecState*);
    236237        static UString toString(JSValue*);
    237238
Note: See TracChangeset for help on using the changeset viewer.