diff options
author | Vincent Sanders <vince@kyllikki.org> | 2015-03-09 13:47:12 +0000 |
---|---|---|
committer | Vincent Sanders <vince@kyllikki.org> | 2015-03-09 13:47:12 +0000 |
commit | 84c29f1d8628fd77de72269b0f424d402fa59a47 (patch) | |
tree | 9ff54f5e665ad026fe6ab5dc562ad145d8e62e3e /render/html.c | |
parent | c4e551cd0cecf4ec9aba2d033cba3ca97e669463 (diff) | |
download | netsurf-84c29f1d8628fd77de72269b0f424d402fa59a47.tar.gz netsurf-84c29f1d8628fd77de72269b0f424d402fa59a47.tar.bz2 |
Add invalidate API to html content script handling and use it.
The html content script handling needs to invalidate its JavaScript
context when the browsing context (browser_window) containing it is
either closed or the content fetch is aborted (stopped)
Previously the invalidation was only done on browser_window close
which resulted in use after free crashes because of the now invalid
JavaScript context.
Diffstat (limited to 'render/html.c')
-rw-r--r-- | render/html.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/render/html.c b/render/html.c index d1a61a4f3..5fb2feabd 100644 --- a/render/html.c +++ b/render/html.c @@ -1106,7 +1106,7 @@ html_begin_conversion(html_content *htmlc) } /* complete script execution */ - html_scripts_exec(htmlc); + html_script_exec(htmlc); /* fire a simple event that bubbles named DOMContentLoaded at * the Document. @@ -1213,12 +1213,21 @@ html_begin_conversion(html_content *htmlc) /** * Stop loading a CONTENT_HTML. + * + * called when the content is aborted. This must clean up any state + * created during the fetch. */ static void html_stop(struct content *c) { html_content *htmlc = (html_content *) c; + /* invalidate the html content reference to the javascript context + * as it is about to become invalid and must not be used any + * more. + */ + html_script_invalidate_ctx(htmlc); + switch (c->status) { case CONTENT_STATUS_LOADING: /* Still loading; simply flag that we've been aborted @@ -1466,7 +1475,7 @@ static void html_destroy(struct content *c) html_css_free_stylesheets(html); /* Free scripts */ - html_free_scripts(html); + html_script_free(html); /* Free objects */ html_object_free_objects(html); @@ -1531,24 +1540,25 @@ html_open(struct content *c, static void html_close(struct content *c) { - html_content *html = (html_content *) c; + html_content *htmlc = (html_content *) c; - selection_clear(&html->sel, false); + selection_clear(&htmlc->sel, false); - if (html->search != NULL) - search_destroy_context(html->search); + if (htmlc->search != NULL) { + search_destroy_context(htmlc->search); + } /* clear the html content reference to the browser window */ - html->bw = NULL; + htmlc->bw = NULL; - /* clear the html content reference to the javascript context + /* invalidate the html content reference to the javascript context * as it is about to become invalid and must not be used any * more. */ - html->jscontext = NULL; + html_script_invalidate_ctx(htmlc); - /* remove all object references from teh html content */ - html_object_close_objects(html); + /* remove all object references from the html content */ + html_object_close_objects(htmlc); } |