From 28e17477a71a8684f0f660ba80a80c33698036a0 Mon Sep 17 00:00:00 2001 From: "chenghuai.dtc" Date: Thu, 18 Mar 2021 22:55:08 +0800 Subject: [PATCH] fix: fix insertBefore crash when passing none node object. --- bridge/bindings/jsc/DOM/node.cc | 10 +++++----- bridge/include/kraken_bridge_jsc.h | 3 --- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/bridge/bindings/jsc/DOM/node.cc b/bridge/bindings/jsc/DOM/node.cc index 77288ed1f0..7a1170e01b 100644 --- a/bridge/bindings/jsc/DOM/node.cc +++ b/bridge/bindings/jsc/DOM/node.cc @@ -240,7 +240,7 @@ JSValueRef JSNode::appendChild(JSContextRef ctx, JSObjectRef function, JSObjectR JSObjectRef nodeObjectRef = JSValueToObject(ctx, nodeValueRef, exception); auto nodeInstance = static_cast(JSObjectGetPrivate(nodeObjectRef)); - if (nodeInstance == nullptr || nodeInstance->_identify != NODE_IDENTIFY) { + if (nodeInstance == nullptr || nodeInstance->document != selfInstance->document) { throwJSError(ctx, "Failed to execute 'appendChild' on 'Node': first arguments should be an Node type.", exception); return nullptr; } @@ -288,7 +288,7 @@ JSValueRef JSNode::insertBefore(JSContextRef ctx, JSObjectRef function, JSObject auto selfInstance = static_cast(JSObjectGetPrivate(thisObject)); auto nodeInstance = static_cast(JSObjectGetPrivate(nodeObjectRef)); - if (nodeInstance == nullptr || nodeInstance->_identify != NODE_IDENTIFY) { + if (nodeInstance == nullptr || nodeInstance->document != selfInstance->document) { throwJSError(ctx, "Failed to execute 'insertBefore' on 'Node': parameter 1 is not of type 'Node'", exception); return nullptr; } @@ -331,14 +331,14 @@ JSValueRef JSNode::replaceChild(JSContextRef ctx, JSObjectRef function, JSObject auto oldChildInstance = static_cast(JSObjectGetPrivate(oldChildObjectRef)); if (oldChildInstance == nullptr || oldChildInstance->parentNode != selfInstance || - oldChildInstance->_identify != NODE_IDENTIFY) { + oldChildInstance->document != selfInstance->document) { throwJSError(ctx, "Failed to execute 'replaceChild' on 'Node': The node to be replaced is not a child of this node.", exception); return nullptr; } - if (newChildInstance == nullptr || newChildInstance->_identify != NODE_IDENTIFY) { + if (newChildInstance == nullptr || newChildInstance->document != selfInstance->document) { throwJSError(ctx, "Failed to execute 'replaceChild' on 'Node': The new node is not a type of node.", exception); return nullptr; } @@ -424,7 +424,7 @@ JSValueRef JSNode::removeChild(JSContextRef ctx, JSObjectRef function, JSObjectR auto selfInstance = static_cast(JSObjectGetPrivate(thisObject)); auto nodeInstance = static_cast(JSObjectGetPrivate(nodeObjectRef)); - if (nodeInstance == nullptr || nodeInstance->_identify != NODE_IDENTIFY) { + if (nodeInstance == nullptr || nodeInstance->document != selfInstance->document) { throwJSError(ctx, "Failed to execute 'removeChild' on 'Node': 1st arguments is not a Node object.", exception); return nullptr; } diff --git a/bridge/include/kraken_bridge_jsc.h b/bridge/include/kraken_bridge_jsc.h index 3e03c6daa6..c244c2d8de 100644 --- a/bridge/include/kraken_bridge_jsc.h +++ b/bridge/include/kraken_bridge_jsc.h @@ -487,8 +487,6 @@ enum NodeType { DOCUMENT_FRAGMENT_NODE = 11 }; -#define NODE_IDENTIFY 1 - class JSNode : public JSEventTarget { public: static std::unordered_map instanceMap; @@ -575,7 +573,6 @@ class NodeInstance : public EventTargetInstance { void unrefer(); int32_t _referenceCount{0}; - int32_t _identify{NODE_IDENTIFY}; DocumentInstance *document{nullptr}; virtual void _notifyNodeRemoved(NodeInstance *node);