[inspector] warmup dom bindings before calling anything on them

We try to prevent side effects by forbidding running any JavaScript when we get property from node object. In case of object node it is possible that by calling property we force internal object initialization which may force creation of new context, this initialization can not be made with forbided JavaScript and at the same time is side effect free. As workaround we can warmup dom objects first and then generate description. [email protected] Bug: chromium:827585 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ifd2c6317ffd5cb3822d2a2eedf3d0b0f36a201f1 Reviewed-on: https://chromium-review.googlesource.com/1041078 Reviewed-by: Dmitry Gozman <[email protected]> Commit-Queue: Aleksey Kozyatinskiy <[email protected]> Cr-Commit-Position: refs/heads/master@{#54505}
zhaoleipeng · Jul 17, 2018 · a796715 · a796715
1 parent b7e108d
commit a796715
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/inspector/injected-script-source.js b/src/inspector/injected-script-source.js
@@ -594,6 +594,9 @@ InjectedScript.prototype = {
             return toString(obj);
 
         if (subtype === "node") {
+            // We should warmup blink dom binding before calling anything,
+            // see (crbug.com/827585) for details.
+            InjectedScriptHost.getOwnPropertyDescriptor(/** @type {!Object} */(obj), "nodeName");
             var description = "";
             var nodeName = InjectedScriptHost.getProperty(obj, "nodeName");
             if (nodeName) {