constructJSHTMLElement() should protect `document` and `elementInterface`
https://bugs.webkit.org/show_bug.cgi?id=241827
<rdar://94610860>
Reviewed by Mark Lam.
* Source/WebCore/bindings/js/JSHTMLElementCustom.cpp:
(WebCore::constructJSHTMLElement):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::runModal):
Canonical link: https://commits.webkit.org/251709@main
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@295704 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp b/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp
index f4841ff..8ef9cf5 100644
--- a/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp
+++ b/Source/WebCore/bindings/js/JSHTMLElementCustom.cpp
@@ -78,6 +78,9 @@
return throwVMTypeError(lexicalGlobalObject, scope, "new.target does not define a custom element"_s);
if (!elementInterface->isUpgradingElement()) {
+ Ref<Document> protectedDocument(document);
+ Ref<JSCustomElementInterface> protectedElementInterface(*elementInterface);
+
Structure* baseStructure = getDOMStructure<JSHTMLElement>(vm, *newTargetGlobalObject);
auto* newElementStructure = InternalFunction::createSubclassStructure(lexicalGlobalObject, newTarget, baseStructure);
RETURN_IF_EXCEPTION(scope, { });
diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
index 9c2fc8f..c97a724 100644
--- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp
+++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
@@ -5861,7 +5861,6 @@
Ref<WebPage> protector(*this);
#endif
RunLoop::run();
- ASSERT(!m_isRunningModal);
}
bool WebPage::canHandleRequest(const WebCore::ResourceRequest& request)