[rfc][icedtea-web] Fix for PR1198, JSObject passed incorrectly to Javascript

Adam Domurad adomurad at redhat.com
Thu Jan 3 11:06:06 PST 2013


On 12/03/2012 02:03 PM, Adam Domurad wrote:
> On 11/30/2012 04:08 PM, Adam Domurad wrote:
>> Hi all. Attached is a fix for PR1198.
>>
>> I still plan to write unit tests for at least the new method 
>> PluginAppletViewer.toObjectIDString, but I wanted to get this out 
>> before leaving for the weekend.
>>
>> One tricky thing with this patch was that it had to consolidate _a 
>> lot_ of duplicated functionality (actually I found some subtle 
>> differences in handling, this should be more consistent). Once that 
>> was done the actual patch was fairly straight forward.
>>
>> The basic issue was that JSObject was being passed as if it were a 
>> normal Java object, when the liveconnect spec specifies that it 
>> should be returned as the underlying javascript object.
>>
>> A method was added to JSObject to get the underlying reference. This 
>> was kept package-private to not pollute its public interface. As 
>> well, a new permission was added for accessing this method. To access 
>> this outside of the package, a utility was created in JSUtil.
>>
>> This patch adds a special case to Java->JS communication when sending 
>> objects, to indicate that a Javascript object is being passed.
>>
>> With patch applied, JSObjectFromEval should pass in all browsers.
>>
>> 2012-11-30  Adam Domurad  <adomurad at redhat.com>
>>
>>     Fix PR1198: JSObject passed incorrectly to Javascript
>>     * plugin/icedteanp/IcedTeaJavaRequestProcessor.cc: Pass extra 
>> data for
>>     'jsobject' object result messages.
>>     * plugin/icedteanp/IcedTeaPluginRequestProcessor.cc: Same.
>>     * plugin/icedteanp/IcedTeaPluginUtils.cc: Add special casing of
>>     javascript references passed from java.
>>     * 
>> plugin/icedteanp/java/netscape/javascript/JSObjectUnboxPermission.java:
>>     New permission for unboxing a JSObject's internal reference.
>>     * plugin/icedteanp/java/netscape/javascript/JSObject.java
>>     (getInternalReference): New, package-private, retrieves internal
>>     reference (Must have proper permission).
>>     * plugin/icedteanp/java/netscape/javascript/JSUtil.java
>>     (getJSObjectInternalReference) New, utility for accessing
>>     JSObject#getInternalReference from outside the package.
>>     * plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java:
>>     (toObjectIDString): New, creates a string that precisely 
>> identifies a
>>     Java object.
>>     (handleMessage): Replace a lot of duplicated functionality with
>>     'toObjectIDString'.
>>     * plugin/icedteanp/java/sun/applet/PluginAppletViewer.java: Replace
>>     duplicated functionality with 'toObjectIDString'.
>>     * 
>> tests/reproducers/simple/JSObjectFromEval/srcs/JSObjectFromEval.java:
>>     Don't print out type passed (differs from browser to browser).
>>     * 
>> tests/reproducers/simple/JSObjectFromEval/testcases/JSObjectFromEvalTest.java:
>>     Don't check type passed (differs from browser to browser). Remove
>>     known-to-fail. Reformat.
>
> As promised attached is the unit-test for the newly introduced 
> Java->JS function (which encapsulates logic that was duplicated in 
> many areas)
>
> Note that this patch contains a Makefile patch for unit testing 
> sun.applet package, however this will be committed with another 
> now-approved patch so I have left it out of the ChangeLog.
>
> ChangeLog:
> 2012-12-XX  Adam Domurad  <adomurad at redhat.com>
>
>     Unit test for PluginAppletSecurityContext#toObjectIDString. Make
>     PluginAppletSecurityContext more unit-testable.
>     * plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java:
>     Don't initialize security manager in constructor. Fix a few Java->JS
>     corner cases.
>     * plugin/icedteanp/java/sun/applet/PluginMain.java: Initialize
>     SecurityManager before creating PluginAppletSecurityContext.
>     * tests/netx/unit/sun/applet/PluginAppletSecurityContextTest.java:
>     Unit test for all the corner cases of converting a Java object to a
>     string that can be precisely identified.
>
> Happy hacking,
> -Adam

Ping?
-Adam



More information about the distro-pkg-dev mailing list