1 | /* |
2 | * Copyright (C) 2011 Google Inc. All rights reserved. |
3 | * |
4 | * Redistribution and use in source and binary forms, with or without |
5 | * modification, are permitted provided that the following conditions are |
6 | * met: |
7 | * |
8 | * * Redistributions of source code must retain the above copyright |
9 | * notice, this list of conditions and the following disclaimer. |
10 | * * Redistributions in binary form must reproduce the above |
11 | * copyright notice, this list of conditions and the following disclaimer |
12 | * in the documentation and/or other materials provided with the |
13 | * distribution. |
14 | * * Neither the name of Google Inc. nor the names of its |
15 | * contributors may be used to endorse or promote products derived from |
16 | * this software without specific prior written permission. |
17 | * |
18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 | */ |
30 | |
31 | #include "config.h" |
32 | #include "JSPopStateEvent.h" |
33 | |
34 | #include "DOMWrapperWorld.h" |
35 | #include "JSHistory.h" |
36 | #include <JavaScriptCore/HeapInlines.h> |
37 | #include <JavaScriptCore/JSCJSValueInlines.h> |
38 | |
39 | namespace WebCore { |
40 | using namespace JSC; |
41 | |
42 | JSValue JSPopStateEvent::state(ExecState& state) const |
43 | { |
44 | if (m_state) { |
45 | // We cannot use a cached object if we are in a different world than the one it was created in. |
46 | if (isWorldCompatible(state, m_state.get())) |
47 | return m_state.get(); |
48 | ASSERT_NOT_REACHED(); |
49 | } |
50 | |
51 | // Save the state value to the m_state member of a JSPopStateEvent, and return it, for convenience. |
52 | auto cacheState = [&state, this] (JSC::JSValue eventState) { |
53 | m_state.set(state.vm(), this, eventState); |
54 | return eventState; |
55 | }; |
56 | |
57 | PopStateEvent& event = wrapped(); |
58 | |
59 | if (JSC::JSValue eventState = event.state()) { |
60 | // We need to make sure a PopStateEvent does not leak objects in its state property across isolated DOM worlds. |
61 | // Ideally, we would check that the worlds have different privileges but that's not possible yet. |
62 | if (!isWorldCompatible(state, eventState)) { |
63 | if (auto serializedValue = event.trySerializeState(state)) |
64 | eventState = serializedValue->deserialize(state, globalObject()); |
65 | else |
66 | eventState = jsNull(); |
67 | } |
68 | return cacheState(eventState); |
69 | } |
70 | |
71 | History* history = event.history(); |
72 | if (!history || !event.serializedState()) |
73 | return cacheState(jsNull()); |
74 | |
75 | // There's no cached value from a previous invocation, nor a state value was provided by the |
76 | // event, but there is a history object, so first we need to see if the state object has been |
77 | // deserialized through the history object already. |
78 | // The current history state object might've changed in the meantime, so we need to take care |
79 | // of using the correct one, and always share the same deserialization with history.state. |
80 | |
81 | bool isSameState = history->isSameAsCurrentState(event.serializedState()); |
82 | JSValue result; |
83 | |
84 | if (isSameState) { |
85 | JSHistory* jsHistory = jsCast<JSHistory*>(toJS(&state, globalObject(), *history).asCell()); |
86 | result = jsHistory->state(state); |
87 | } else |
88 | result = event.serializedState()->deserialize(state, globalObject()); |
89 | |
90 | return cacheState(result); |
91 | } |
92 | |
93 | void JSPopStateEvent::visitAdditionalChildren(JSC::SlotVisitor& visitor) |
94 | { |
95 | wrapped().state().visit(visitor); |
96 | } |
97 | |
98 | } // namespace WebCore |
99 | |