diff options
| author | Torne (Richard Coles) <torne@google.com> | 2015-02-03 10:52:55 +0000 |
|---|---|---|
| committer | Torne (Richard Coles) <torne@google.com> | 2015-02-03 10:52:55 +0000 |
| commit | 55f653529432df63e7ee547545d92551c283ac0f (patch) | |
| tree | 86332307c9c32dc004df98823af1cb320b60bb58 | |
| parent | 2d50636ba2727b3fb1fb2357fad512d293e307c5 (diff) | |
| download | WebKit-55f653529432df63e7ee547545d92551c283ac0f.tar.gz | |
Merge from Chromium at DEPS revision 40.0.2214.107
This commit was generated by merge_to_master.py.
Change-Id: Idd7d090dcb688d44348bcfb27228f15ca9f6614e
| -rw-r--r-- | Source/bindings/core/v8/V8ThrowException.cpp | 11 | ||||
| -rw-r--r-- | Source/core/rendering/InlineTextBox.cpp | 1 |
2 files changed, 11 insertions, 1 deletions
diff --git a/Source/bindings/core/v8/V8ThrowException.cpp b/Source/bindings/core/v8/V8ThrowException.cpp index 060ab6b78..9a0d4365c 100644 --- a/Source/bindings/core/v8/V8ThrowException.cpp +++ b/Source/bindings/core/v8/V8ThrowException.cpp @@ -25,6 +25,7 @@ #include "config.h" #include "bindings/core/v8/V8ThrowException.h" +#include "bindings/core/v8/BindingSecurity.h" #include "bindings/core/v8/V8Binding.h" #include "bindings/core/v8/V8DOMException.h" #include "core/dom/DOMException.h" @@ -62,8 +63,16 @@ v8::Handle<v8::Value> V8ThrowException::createDOMException(v8::Isolate* isolate, if (ec == V8ReferenceError) return V8ThrowException::createReferenceError(isolate, sanitizedMessage); + v8::Handle<v8::Object> sanitizedCreationContext = creationContext; + + // FIXME: Is the current context always the right choice? + Frame* frame = toFrameIfNotDetached(creationContext->CreationContext()); + if (!frame || !BindingSecurity::shouldAllowAccessToFrame(isolate, frame, DoNotReportSecurityError)) + sanitizedCreationContext = isolate->GetCurrentContext()->Global(); + + RefPtrWillBeRawPtr<DOMException> domException = DOMException::create(ec, sanitizedMessage, unsanitizedMessage); - v8::Handle<v8::Value> exception = toV8(domException, creationContext, isolate); + v8::Handle<v8::Value> exception = toV8(domException, sanitizedCreationContext, isolate); if (exception.IsEmpty()) return v8Undefined(); diff --git a/Source/core/rendering/InlineTextBox.cpp b/Source/core/rendering/InlineTextBox.cpp index e3c5bc7a8..47c4c0cbe 100644 --- a/Source/core/rendering/InlineTextBox.cpp +++ b/Source/core/rendering/InlineTextBox.cpp @@ -526,6 +526,7 @@ TextRun InlineTextBox::constructTextRun(RenderStyle* style, const Font& font, St TextRun run(string, textPos(), expansion(), expansionBehavior(), direction(), dirOverride() || style->rtlOrdering() == VisualOrder, !renderer().canUseSimpleFontCodePath()); run.setTabSize(!style->collapseWhiteSpace(), style->tabSize()); run.setCharacterScanForCodePath(!renderer().canUseSimpleFontCodePath()); + run.setUseComplexCodePath(!renderer().canUseSimpleFontCodePath()); // Propagate the maximum length of the characters buffer to the TextRun, even when we're only processing a substring. run.setCharactersLength(maximumLength); |