Bug 580128. Call JS_ClearScope on the holder object for XrayWrappers around windows when navigating. r=mrbkap
authorPeter Van der Beken <peterv@propagandism.org>
Sun, 10 Oct 2010 15:38:10 -0700
changeset 55637 054d4492ad30ddd285fbef51f99d8c4670d27cad
parent 55636 3a5c8bcc4782c7d6fba791c2b1ad621fb9cd3154
child 55638 da920820ad253835562ae47a3c9c8c2edfb690a5
push id16269
push userjst@mozilla.com
push dateThu, 14 Oct 2010 01:40:35 +0000
treeherdermozilla-central@29c228a4d7eb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs580128
milestone2.0b8pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 580128. Call JS_ClearScope on the holder object for XrayWrappers around windows when navigating. r=mrbkap
dom/base/Makefile.in
dom/base/nsJSEnvironment.cpp
--- a/dom/base/Makefile.in
+++ b/dom/base/Makefile.in
@@ -120,12 +120,16 @@ endif
 
 ifdef MOZ_IPC
 include $(topsrcdir)/config/config.mk
 include $(topsrcdir)/ipc/chromium/chromium-config.mk
 endif
 
 include $(topsrcdir)/config/rules.mk
 
+LOCAL_INCLUDES += \
+		-I$(srcdir)/../../js/src/xpconnect/wrappers \
+		$(NULL)
+
 ifdef MOZ_X11
 CXXFLAGS += $(TK_CFLAGS)
 LDFLAGS += $(TK_LIBS)
 endif
--- a/dom/base/nsJSEnvironment.cpp
+++ b/dom/base/nsJSEnvironment.cpp
@@ -97,16 +97,17 @@
 #include "jsdbgapi.h"           // for JS_ClearWatchPointsForObject
 #include "jsxdrapi.h"
 #include "nsIArray.h"
 #include "nsIObjectInputStream.h"
 #include "nsIObjectOutputStream.h"
 #include "nsITimelineService.h"
 #include "nsDOMScriptObjectHolder.h"
 #include "prmem.h"
+#include "WrapperFactory.h"
 #include "nsGlobalWindow.h"
 
 #ifdef MOZ_JSDEBUGGER
 #include "jsdIDebuggerService.h"
 #endif
 #ifdef MOZ_LOGGING
 // Force PR_LOGGING so we can get JS strict warnings even in release builds
 #define FORCE_PR_LOG 1
@@ -3381,16 +3382,19 @@ nsJSContext::ClearScope(void *aGlobalObj
   if (aGlobalObj) {
     JSObject *obj = (JSObject *)aGlobalObj;
     JSAutoRequest ar(mContext);
 
     JSAutoEnterCompartment ac;
     ac.enterAndIgnoreErrors(mContext, obj);
 
     JS_ClearScope(mContext, obj);
+    if (xpc::WrapperFactory::IsXrayWrapper(obj)) {
+      JS_ClearScope(mContext, &obj->getProxyExtra().toObject());
+    }
     if (!obj->getParent()) {
       JS_ClearRegExpStatics(mContext, obj);
     }
 
     // Always clear watchpoints, to deal with two cases:
     // 1.  The first document for this window is loading, and a miscreant has
     //     preset watchpoints on the window object in order to attack the new
     //     document's privileged information.