https://bugs.webkit.org/show_bug.cgi?id=223758
Reviewed by Sam Weinig.
LayoutTests/imported/w3c:
* web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value.any-expected.txt: Added.
* web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value.any.html: Added.
* web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value.any.js: Added.
* web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value.any.worker-expected.txt: Added.
* web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value.any.worker.html: Added.
* web-platform-tests/webaudio/the-audio-api/the-audioworklet-interface/audioworklet-registerprocessor-called-on-globalthis.https-expected.txt: Added.
* web-platform-tests/webaudio/the-audio-api/the-audioworklet-interface/audioworklet-registerprocessor-called-on-globalthis.https.html: Added.
* web-platform-tests/webaudio/the-audio-api/the-audioworklet-interface/processors/dummy-processor-globalthis.js: Added.
Source/WebCore:
This change introduces castThisValue<JSClass>, taking a step towards unification of |this|
value casting between IDLAttribute and IDLOperation. The helper uses compile-time inheritance
check to provide implicit |this| value for DOM global objects [1], replacing [ImplicitThis]
extended attribute, which was removed from the spec [2] a while ago.
IDLAttribute can't perform toThis() with ECMAMode::strict(), like IDLOperation now does,
because CustomValue getters are called with |this| value of JSGlobalObject type, which gets
tainted by JSScope::toThis(). #225397 will remove the need for toThis(), finally making |this|
value casting consistent between attributes and operations.
Also, this patch fixes `Object.create(window).location` to throw as per spec [1] by removing
prototype chain traversal from toJSDOMWindow(), which aligns WebKit with Blink and Gecko.
As DOM global objects are wrapped in proxies and require special casting, toJSDOMWindow() and
friends are merged into toJSDOMGlobalObject<JSClass>, which is aware of inheritance / JSProxy.
It replaces [CustomProxyToJSObject] extended attribute, which could be missed when adding new
DOM global objects, fixing worklets' global functions not to throw when called on `globalThis`.
This change reduces WebCore --release binary size by 0.2% (147 KB).
[1] https://heycam.github.io/webidl/#dfn-attribute-getter (step 1.1.2.3)
[2] https://github.com/heycam/webidl/pull/155
Tests: imported/w3c/web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value.any.js
imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audioworklet-interface/audioworklet-registerprocessor-called-on-globalthis.https.html
fast/css-custom-paint/registerPaintBindings.html
http/tests/security/listener/*.html
* Headers.cmake:
* Modules/webaudio/AudioWorkletGlobalScope.idl:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMAttribute.h:
(WebCore::IDLAttribute::set):
(WebCore::IDLAttribute::setPassingPropertyName):
(WebCore::IDLAttribute::get):
(WebCore::IDLAttribute::getPassingPropertyName):
* bindings/js/JSDOMCastThisValue.h: Added.
(WebCore::castThisValue):
* bindings/js/JSDOMCastedThisErrorBehavior.h: Removed.
* bindings/js/JSDOMGlobalObject.h:
(WebCore::toJSDOMGlobalObject):
* bindings/js/JSDOMOperation.h:
(WebCore::IDLOperation::cast):
* bindings/js/JSDOMWindowBase.cpp:
* bindings/js/JSDOMWindowBase.h:
(WebCore::toJSDOMWindow):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSC_DEFINE_CUSTOM_GETTER):
(WebCore::IDLOperation<JSDOMWindow>::cast): Deleted.
* bindings/js/JSDocumentCustom.cpp:
(WebCore::cachedDocumentWrapper):
* bindings/js/JSEventTargetCustom.cpp:
(WebCore::jsEventTargetCast):
* bindings/js/JSEventTargetCustom.h:
(WebCore::IDLOperation<JSEventTarget>::call):
* bindings/js/JSRemoteDOMWindowBase.cpp:
(WebCore::toJSRemoteDOMWindow): Deleted.
* bindings/js/JSRemoteDOMWindowBase.h:
* bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::toJSDedicatedWorkerGlobalScope): Deleted.
(WebCore::toJSWorkerGlobalScope): Deleted.
(WebCore::toJSServiceWorkerGlobalScope): Deleted.
* bindings/js/JSWorkerGlobalScopeBase.h:
* bindings/js/JSWorkletGlobalScopeBase.cpp:
(WebCore::toJSWorkletGlobalScope): Deleted.
* bindings/js/JSWorkletGlobalScopeBase.h:
* bindings/scripts/CodeGeneratorJS.pm:
(ShouldGenerateToJSDeclaration):
(IsAcceleratedDOMAttribute):
(GenerateImplementation):
* bindings/scripts/IDLAttributes.json:
* bindings/scripts/test/JS/*: Updated.
* inspector/InspectorController.cpp:
(WebCore::InspectorController::canAccessInspectedScriptState const):
* page/DOMWindow.idl:
* page/RemoteDOMWindow.idl:
* workers/DedicatedWorkerGlobalScope.idl:
* workers/WorkerGlobalScope.idl:
* workers/service/ServiceWorkerGlobalScope.idl:
* worklets/PaintWorkletGlobalScope.idl:
* worklets/WorkletGlobalScope.idl:
Source/WebKit:
Use inherits<T> instead of toJSDOMWindow() if the value is never a JSProxy.
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::reportException):
Source/WebKitLegacy/mac:
Use inherits<T> instead of toJSDOMWindow() if the value is never a JSProxy.
* WebView/WebView.mm:
(+[WebView _reportException:inContext:]):
Source/WebKitLegacy/win:
Use inherits<T> instead of toJSDOMWindow() if the value is never a JSProxy.
* WebView.cpp:
(WebView::reportException):
LayoutTests:
* fast/css-custom-paint/registerPaintBindings.html:
* http/tests/security/listener/*:
This is a progression: Blink and Gecko don't call event listeners belonging to destroyed frames.
* js/property-of-window-as-prototype-expected.txt: Removed.
* js/property-of-window-as-prototype.html: Removed.
Canonical link: https://commits.webkit.org/237976@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@277830 268f45cc-cd09-0410-ab3c-d52691b4dbfc
6bb75cf119