Add two comments about CFXJSE_Engine::m_mapObjectToValue.
Change-Id: I70148445cbf760cc1d7780c9bee67e7d5f281ca0
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/71250
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/fxjs/xfa/cfxjse_engine.cpp b/fxjs/xfa/cfxjse_engine.cpp
index e3f6278..a471733 100644
--- a/fxjs/xfa/cfxjse_engine.cpp
+++ b/fxjs/xfa/cfxjse_engine.cpp
@@ -125,6 +125,8 @@
for (const auto& pair : m_mapVariableToContext)
delete ToThisProxy(pair.second->GetGlobalObject().get());
+ // This is what ensures that the v8 object bound to a CXFA_Node
+ // no longer retains that binding since it will outlive that node.
for (const auto& pair : m_mapObjectToValue)
pair.second->ClearHostObject();
}
diff --git a/fxjs/xfa/cfxjse_engine.h b/fxjs/xfa/cfxjse_engine.h
index 39abe96..0eec31f 100644
--- a/fxjs/xfa/cfxjse_engine.h
+++ b/fxjs/xfa/cfxjse_engine.h
@@ -127,6 +127,8 @@
std::unique_ptr<CFXJSE_Context> m_JsContext;
UnownedPtr<CFXJSE_Class> m_pJsClass;
CXFA_Script::Type m_eScriptType = CXFA_Script::Type::Unknown;
+ // |m_mapObjectToValue| is what ensures the v8 object bound to a
+ // CXFA_Node remains valid for the lifetime of the engine.
std::map<CXFA_Object*, std::unique_ptr<CFXJSE_Value>> m_mapObjectToValue;
std::map<CXFA_Object*, std::unique_ptr<CFXJSE_Context>>
m_mapVariableToContext;
