OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008, 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
72 | 72 |
73 virtual bool operator==(const EventListener& other) { return this == &ot
her; } | 73 virtual bool operator==(const EventListener& other) { return this == &ot
her; } |
74 | 74 |
75 virtual void handleEvent(ScriptExecutionContext*, Event*); | 75 virtual void handleEvent(ScriptExecutionContext*, Event*); |
76 | 76 |
77 virtual bool isLazy() const { return false; } | 77 virtual bool isLazy() const { return false; } |
78 | 78 |
79 // Returns the listener object, either a function or an object. | 79 // Returns the listener object, either a function or an object. |
80 v8::Local<v8::Object> getListenerObject(ScriptExecutionContext* context) | 80 v8::Local<v8::Object> getListenerObject(ScriptExecutionContext* context) |
81 { | 81 { |
| 82 // prepareListenerObject can potentially deref this event listener |
| 83 // as it may attempt to compile a function (lazy event listener), ge
t an error |
| 84 // and invoke onerror callback which can execute arbitrary JS code. |
| 85 // Protect this event listener to keep it alive. |
| 86 RefPtr<V8AbstractEventListener> guard(this); |
82 prepareListenerObject(context); | 87 prepareListenerObject(context); |
83 return v8::Local<v8::Object>::New(m_listener); | 88 return v8::Local<v8::Object>::New(m_listener); |
84 } | 89 } |
85 | 90 |
86 v8::Local<v8::Object> getExistingListenerObject() | 91 v8::Local<v8::Object> getExistingListenerObject() |
87 { | 92 { |
88 return v8::Local<v8::Object>::New(m_listener); | 93 return v8::Local<v8::Object>::New(m_listener); |
89 } | 94 } |
90 | 95 |
91 // Provides access to the underlying handle for GC. Returned | 96 // Provides access to the underlying handle for GC. Returned |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 | 134 |
130 // Indicates if this is an HTML type listener. | 135 // Indicates if this is an HTML type listener. |
131 bool m_isAttribute; | 136 bool m_isAttribute; |
132 | 137 |
133 WorldContextHandle m_worldContext; | 138 WorldContextHandle m_worldContext; |
134 }; | 139 }; |
135 | 140 |
136 } // namespace WebCore | 141 } // namespace WebCore |
137 | 142 |
138 #endif // V8AbstractEventListener_h | 143 #endif // V8AbstractEventListener_h |
OLD | NEW |