// Check if the current execution context can access a target frame.
// First it checks same domain policy using the lexical context
//
// This is equivalent to KJS::Window::allowsAccessFrom(ExecState*, String&).
bool V8Proxy::canAccessPrivate(DOMWindow* targetWindow)
{
ASSERT(targetWindow);
String message;
DOMWindow* originWindow = retrieveWindow(currentContext());
if (originWindow == targetWindow)
return true;
if (!originWindow)
return false;
const SecurityOrigin* activeSecurityOrigin = originWindow->securityOrigin();
const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
// We have seen crashes were the security origin of the target has not been
// initialized. Defend against that.
if (!targetSecurityOrigin)
return false;
if (activeSecurityOrigin->canAccess(targetSecurityOrigin))
return true;
// Allow access to a "about:blank" page if the dynamic context is a
// detached context of the same frame as the blank page.
if (targetSecurityOrigin->isEmpty() && originWindow->frame() == targetWindow->frame())
return true;
return false;
}
static void messageHandlerInMainThread(v8::Handle<v8::Message> message, v8::Handle<v8::Value> data)
{
DOMWindow* firstWindow = firstDOMWindow();
if (!firstWindow->isCurrentlyDisplayedInFrame())
return;
String errorMessage = toWebCoreString(message->Get());
v8::Handle<v8::StackTrace> stackTrace = message->GetStackTrace();
RefPtr<ScriptCallStack> callStack;
// Currently stack trace is only collected when inspector is open.
if (!stackTrace.IsEmpty() && stackTrace->GetFrameCount() > 0)
callStack = createScriptCallStack(stackTrace, ScriptCallStack::maxCallStackSizeToCapture);
v8::Handle<v8::Value> resourceName = message->GetScriptResourceName();
bool shouldUseDocumentURL = resourceName.IsEmpty() || !resourceName->IsString();
String resource = shouldUseDocumentURL ? firstWindow->document()->url() : toWebCoreString(resourceName);
RefPtr<ErrorEvent> event = ErrorEvent::create(errorMessage, resource, message->GetLineNumber(), message->GetStartColumn());
// messageHandlerInMainThread can be called while we're creating a new context.
// Since we cannot create a wrapper in the intermediate timing, we need to skip
// creating a wrapper for |event|.
DOMWrapperWorld* world = DOMWrapperWorld::current();
Frame* frame = firstWindow->document()->frame();
if (world && frame && frame->script()->existingWindowShell(world)) {
v8::Local<v8::Value> wrappedEvent = toV8(event.get(), v8::Handle<v8::Object>(), v8::Isolate::GetCurrent());
if (!wrappedEvent.IsEmpty()) {
ASSERT(wrappedEvent->IsObject());
v8::Local<v8::Object>::Cast(wrappedEvent)->SetHiddenValue(V8HiddenPropertyName::error(), data);
}
}
AccessControlStatus corsStatus = message->IsSharedCrossOrigin() ? SharableCrossOrigin : NotSharableCrossOrigin;
firstWindow->document()->reportException(event.release(), callStack, corsStatus);
}
JSValue JSDOMWindow::postMessage(ExecState* exec)
{
DOMWindow* window = impl();
DOMWindow* source = asJSDOMWindow(exec->lexicalGlobalObject())->impl();
PassRefPtr<SerializedScriptValue> message = SerializedScriptValue::create(exec, exec->argument(0));
if (exec->hadException())
return jsUndefined();
MessagePortArray messagePorts;
if (exec->argumentCount() > 2)
fillMessagePortArray(exec, exec->argument(1), messagePorts);
if (exec->hadException())
return jsUndefined();
String targetOrigin = valueToStringWithUndefinedOrNullCheck(exec, exec->argument((exec->argumentCount() == 2) ? 1 : 2));
if (exec->hadException())
return jsUndefined();
ExceptionCode ec = 0;
window->postMessage(message, &messagePorts, targetOrigin, source, ec);
setDOMException(exec, ec);
return jsUndefined();
}
void DOMWindowExtension::willDetachPage()
{
// willDetachPage might be called multiple times but we only want to react once.
if (m_wasDetached)
return;
// Calling out to the client might result in this DOMWindowExtension being destroyed
// while there is still work to do.
RefPtr<DOMWindowExtension> protector = this;
Frame* frame = m_disconnectedFrame.get();
if (!frame)
frame = this->frame();
ASSERT(frame);
// DOMWindowExtension lifetime isn't tied directly to the DOMWindow itself so it is important that it unregister
// itself from any DOMWindow it is associated with when detached.
// This might be the disconnected DOMWindow if the DOMWindow is in a CachedPage that is pruned.
DOMWindow* associatedDOMWindow = m_disconnectedDOMWindow ? m_disconnectedDOMWindow : frame->domWindow();
associatedDOMWindow->unregisterProperty(this);
m_disconnectedDOMWindow = 0;
frame->loader()->client()->dispatchWillDestroyGlobalObjectForDOMWindowExtension(this);
m_disconnectedFrame = 0;
DOMWindowProperty::willDetachPage();
m_wasDetached = true;
}
bool V8DOMWindow::namedSecurityCheck(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8::AccessType type, v8::Local<v8::Value>)
{
v8::Handle<v8::Object> window = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), host);
if (window.IsEmpty())
return false; // the frame is gone.
DOMWindow* targetWindow = V8DOMWindow::toNative(window);
ASSERT(targetWindow);
Frame* target = targetWindow->frame();
if (!target)
return false;
if (key->IsString()) {
DEFINE_STATIC_LOCAL(AtomicString, nameOfProtoProperty, ("__proto__"));
String name = toWebCoreString(key);
// Notice that we can't call HasRealNamedProperty for ACCESS_HAS
// because that would generate infinite recursion.
if (type == v8::ACCESS_HAS && target->tree()->child(name))
return true;
// We need to explicitly compare against nameOfProtoProperty because
// V8's JSObject::LocalLookup finds __proto__ before
// interceptors and even when __proto__ isn't a "real named property".
if (type == v8::ACCESS_GET && target->tree()->child(name) && !host->HasRealNamedProperty(key->ToString()) && name != nameOfProtoProperty)
return true;
}
return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, false);
}
static CString frameOrigin(Frame* frame)
{
DOMWindow* window = frame->domWindow();
SecurityOrigin* origin = window->securityOrigin();
CString latinOrigin = origin->toString().latin1();
return latinOrigin;
}
EncodedJSValue JSC_HOST_CALL JSSharedWorkerConstructor::constructJSSharedWorker(ExecState* exec)
{
JSSharedWorkerConstructor* jsConstructor = jsCast<JSSharedWorkerConstructor*>(exec->callee());
if (exec->argumentCount() < 1)
return throwVMError(exec, createNotEnoughArgumentsError(exec));
UString scriptURL = exec->argument(0).toString(exec)->value(exec);
UString name;
if (exec->argumentCount() > 1)
name = exec->argument(1).toString(exec)->value(exec);
if (exec->hadException())
return JSValue::encode(JSValue());
// FIXME: We need to use both the dynamic scope and the lexical scope (dynamic scope for resolving the worker URL)
DOMWindow* window = asJSDOMWindow(exec->lexicalGlobalObject())->impl();
ExceptionCode ec = 0;
RefPtr<SharedWorker> worker = SharedWorker::create(window->document(), ustringToString(scriptURL), ustringToString(name), ec);
if (ec) {
setDOMException(exec, ec);
return JSValue::encode(JSValue());
}
return JSValue::encode(asObject(toJS(exec, jsConstructor->globalObject(), worker.release())));
}
v8::Handle<v8::Value> V8DOMWindow::removeEventListenerCallback(const v8::Arguments& args)
{
INC_STATS("DOM.DOMWindow.removeEventListener()");
String eventType = toWebCoreString(args[0]);
bool useCapture = args[2]->BooleanValue();
DOMWindow* imp = V8DOMWindow::toNative(args.Holder());
if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
return v8::Undefined();
Document* doc = imp->document();
if (!doc)
return v8::Undefined();
V8Proxy* proxy = V8Proxy::retrieve(imp->frame());
if (!proxy)
return v8::Undefined();
RefPtr<EventListener> listener = V8DOMWrapper::getEventListener(args[1], false, ListenerFindOnly);
if (listener) {
imp->removeEventListener(eventType, listener.get(), useCapture);
removeHiddenDependency(args.Holder(), args[1], eventListenerCacheIndex);
}
return v8::Undefined();
}
void V8Window::openerAttributeSetterCustom(
v8::Local<v8::Value> value,
const v8::PropertyCallbackInfo<void>& info) {
v8::Isolate* isolate = info.GetIsolate();
DOMWindow* impl = V8Window::toImpl(info.Holder());
ExceptionState exceptionState(ExceptionState::SetterContext, "opener",
"Window", info.Holder(), isolate);
if (!BindingSecurity::shouldAllowAccessTo(currentDOMWindow(info.GetIsolate()),
impl, exceptionState)) {
return;
}
// Opener can be shadowed if it is in the same domain.
// Have a special handling of null value to behave
// like Firefox. See bug http://b/1224887 & http://b/791706.
if (value->IsNull()) {
// impl->frame() has to be a non-null LocalFrame. Otherwise, the
// same-origin check would have failed.
ASSERT(impl->frame());
toLocalFrame(impl->frame())->loader().setOpener(0);
}
// Delete the accessor from the inner object.
info.Holder()->Delete(isolate->GetCurrentContext(),
v8AtomicString(isolate, "opener"));
// Put property on the inner object.
if (info.Holder()->IsObject()) {
v8::Maybe<bool> unused =
v8::Local<v8::Object>::Cast(info.Holder())
->Set(isolate->GetCurrentContext(),
v8AtomicString(isolate, "opener"), value);
ALLOW_UNUSED_LOCAL(unused);
}
}
void V8Window::openMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& info)
{
DOMWindow* impl = V8Window::toImpl(info.Holder());
ExceptionState exceptionState(ExceptionState::ExecutionContext, "open", "Window", info.Holder(), info.GetIsolate());
if (!BindingSecurity::shouldAllowAccessToFrame(info.GetIsolate(), impl->frame(), exceptionState)) {
exceptionState.throwIfNeeded();
return;
}
TOSTRING_VOID(V8StringResource<TreatNullAndUndefinedAsNullString>, urlString, info[0]);
AtomicString frameName;
if (info[1]->IsUndefined() || info[1]->IsNull()) {
frameName = "_blank";
} else {
TOSTRING_VOID(V8StringResource<>, frameNameResource, info[1]);
frameName = frameNameResource;
}
TOSTRING_VOID(V8StringResource<TreatNullAndUndefinedAsNullString>, windowFeaturesString, info[2]);
// |impl| has to be a LocalDOMWindow, since RemoteDOMWindows wouldn't have
// passed the BindingSecurity check above.
RefPtrWillBeRawPtr<DOMWindow> openedWindow = toLocalDOMWindow(impl)->open(urlString, frameName, windowFeaturesString, callingDOMWindow(info.GetIsolate()), enteredDOMWindow(info.GetIsolate()));
if (!openedWindow)
return;
v8SetReturnValueFast(info, openedWindow.release(), impl);
}
void V8Window::openMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& info)
{
DOMWindow* impl = V8Window::toNative(info.Holder());
ExceptionState exceptionState(ExceptionState::ExecutionContext, "open", "Window", info.Holder(), info.GetIsolate());
if (!BindingSecurity::shouldAllowAccessToFrame(info.GetIsolate(), impl->frame(), exceptionState)) {
exceptionState.throwIfNeeded();
return;
}
TOSTRING_VOID(V8StringResource<WithUndefinedOrNullCheck>, urlString, info[0]);
AtomicString frameName;
if (info[1]->IsUndefined() || info[1]->IsNull()) {
frameName = "_blank";
} else {
TOSTRING_VOID(V8StringResource<>, frameNameResource, info[1]);
frameName = frameNameResource;
}
TOSTRING_VOID(V8StringResource<WithUndefinedOrNullCheck>, windowFeaturesString, info[2]);
RefPtrWillBeRawPtr<DOMWindow> openedWindow = impl->open(urlString, frameName, windowFeaturesString, callingDOMWindow(info.GetIsolate()), enteredDOMWindow(info.GetIsolate()));
if (!openedWindow)
return;
v8SetReturnValueFast(info, openedWindow.release(), impl);
}
void V8Window::openerAttributeSetterCustom(v8::Local<v8::Value> value, const v8::PropertyCallbackInfo<void>& info)
{
DOMWindow* impl = V8Window::toNative(info.Holder());
ExceptionState exceptionState(ExceptionState::SetterContext, "opener", "Window", info.Holder(), info.GetIsolate());
if (!BindingSecurity::shouldAllowAccessToFrame(info.GetIsolate(), impl->frame(), exceptionState)) {
exceptionState.throwIfNeeded();
return;
}
// Opener can be shadowed if it is in the same domain.
// Have a special handling of null value to behave
// like Firefox. See bug http://b/1224887 & http://b/791706.
if (value->IsNull()) {
// impl->frame() cannot be null,
// otherwise, SameOrigin check would have failed.
ASSERT(impl->frame());
impl->frame()->loader().setOpener(0);
}
// Delete the accessor from this object.
info.Holder()->Delete(v8AtomicString(info.GetIsolate(), "opener"));
// Put property on the front (this) object.
info.This()->Set(v8AtomicString(info.GetIsolate(), "opener"), value);
}
RefPtr<JSLazyEventListener> JSLazyEventListener::create(DOMWindow& window, const QualifiedName& attributeName, const AtomicString& attributeValue)
{
ASSERT(window.document());
auto& document = *window.document();
ASSERT(document.frame());
return create({ attributeName, attributeValue, document, nullptr, toJSDOMWindow(document.frame(), mainThreadNormalWorld()), document.isSVGDocument() });
}
static v8::Handle<v8::Value> handlePostMessageCallback(const v8::Arguments& args)
{
DOMWindow* window = V8DOMWindow::toNative(args.Holder());
DOMWindow* source = V8Proxy::retrieveFrameForCallingContext()->domWindow();
ASSERT(source->frame());
bool didThrow = false;
RefPtr<SerializedScriptValue> message = SerializedScriptValue::create(args[0], didThrow);
if (didThrow)
return v8::Undefined();
MessagePortArray portArray;
String targetOrigin;
// This function has variable arguments and can either be:
// postMessage(message, port, targetOrigin);
// or
// postMessage(message, targetOrigin);
v8::TryCatch tryCatch;
if (args.Length() > 2) {
if (!getMessagePortArray(args[1], portArray))
return v8::Undefined();
targetOrigin = toWebCoreStringWithNullOrUndefinedCheck(args[2]);
} else {
targetOrigin = toWebCoreStringWithNullOrUndefinedCheck(args[1]);
}
if (tryCatch.HasCaught())
return v8::Undefined();
ExceptionCode ec = 0;
window->postMessage(message.release(), &portArray, targetOrigin, source, ec);
return throwError(ec);
}
bool WindowProxy::setupWindowPrototypeChain() {
// Associate the window wrapper object and its prototype chain with the
// corresponding native DOMWindow object.
// The full structure of the global object's prototype chain is as follows:
//
// global proxy object [1]
// -- has prototype --> global object (window wrapper object) [2]
// -- has prototype --> Window.prototype
// -- has prototype --> WindowProperties [3]
// -- has prototype --> EventTarget.prototype
// -- has prototype --> Object.prototype
// -- has prototype --> null
//
// [1] Global proxy object is as known as "outer global object". It's an
// empty object and remains after navigation. When navigated, points to
// a different global object as the prototype object.
// [2] Global object is as known as "inner global object" or "window wrapper
// object". The prototype chain between global proxy object and global
// object is NOT observable from user JavaScript code. All other
// prototype chains are observable. Global proxy object and global object
// together appear to be the same single JavaScript object. See also:
// https://wiki.mozilla.org/Gecko:SplitWindow
// global object (= window wrapper object) provides most of Window's DOM
// attributes and operations. Also global variables defined by user
// JavaScript are placed on this object. When navigated, a new global
// object is created together with a new v8::Context, but the global proxy
// object doesn't change.
// [3] WindowProperties is a named properties object of Window interface.
DOMWindow* window = m_frame->domWindow();
const WrapperTypeInfo* wrapperTypeInfo = window->wrapperTypeInfo();
v8::Local<v8::Context> context = m_scriptState->context();
// The global proxy object. Note this is not the global object.
v8::Local<v8::Object> globalProxy = context->Global();
// The global object, aka window wrapper object.
v8::Local<v8::Object> windowWrapper =
globalProxy->GetPrototype().As<v8::Object>();
windowWrapper = V8DOMWrapper::associateObjectWithWrapper(
m_isolate, window, wrapperTypeInfo, windowWrapper);
// The prototype object of Window interface.
v8::Local<v8::Object> windowPrototype =
windowWrapper->GetPrototype().As<v8::Object>();
RELEASE_ASSERT(!windowPrototype.IsEmpty());
V8DOMWrapper::setNativeInfo(m_isolate, windowPrototype, wrapperTypeInfo,
window);
// The named properties object of Window interface.
v8::Local<v8::Object> windowProperties =
windowPrototype->GetPrototype().As<v8::Object>();
RELEASE_ASSERT(!windowProperties.IsEmpty());
V8DOMWrapper::setNativeInfo(m_isolate, windowProperties, wrapperTypeInfo,
window);
// TODO(keishi): Remove installPagePopupController and implement
// PagePopupController in another way.
V8PagePopupControllerBinding::installPagePopupController(context,
windowWrapper);
return true;
}
static v8::Local<v8::Context> toV8Context(NPP npp, NPObject* npObject)
{
V8NPObject* object = reinterpret_cast<V8NPObject*>(npObject);
DOMWindow* window = object->rootObject;
if (!window || !window->isCurrentlyDisplayedInFrame())
return v8::Local<v8::Context>();
return ScriptController::mainWorldContext(object->rootObject->frame());
}
static void reportUnsafeJavaScriptAccess(v8::Local<v8::Object> host, v8::AccessType type, v8::Local<v8::Value> data)
{
Frame* target = findFrame(host, data);
if (!target)
return;
DOMWindow* targetWindow = target->document()->domWindow();
targetWindow->printErrorMessage(targetWindow->crossDomainAccessErrorMessage(activeDOMWindow(BindingState::instance())));
}
void V8Window::postMessageMethodCustom(
const v8::FunctionCallbackInfo<v8::Value>& info) {
ExceptionState exceptionState(ExceptionState::ExecutionContext, "postMessage",
"Window", info.Holder(), info.GetIsolate());
if (UNLIKELY(info.Length() < 2)) {
exceptionState.throwTypeError(
ExceptionMessages::notEnoughArguments(2, info.Length()));
return;
}
// None of these need to be RefPtr because info and context are guaranteed
// to hold on to them.
DOMWindow* window = V8Window::toImpl(info.Holder());
// TODO(yukishiino): The HTML spec specifies that we should use the
// Incumbent Realm instead of the Current Realm, but currently we don't have
// a way to retrieve the Incumbent Realm. See also:
// https://html.spec.whatwg.org/multipage/comms.html#dom-window-postmessage
LocalDOMWindow* source = currentDOMWindow(info.GetIsolate());
ASSERT(window);
UseCounter::countIfNotPrivateScript(info.GetIsolate(), window->frame(),
UseCounter::WindowPostMessage);
// If called directly by WebCore we don't have a calling context.
if (!source) {
exceptionState.throwTypeError("No active calling context exists.");
return;
}
// This function has variable arguments and can be:
// postMessage(message, targetOrigin)
// postMessage(message, targetOrigin, {sequence of transferrables})
// TODO(foolip): Type checking of the arguments should happen in order, so
// that e.g. postMessage({}, { toString: () => { throw Error(); } }, 0)
// throws the Error from toString, not the TypeError for argument 3.
Transferables transferables;
const int targetOriginArgIndex = 1;
if (info.Length() > 2) {
const int transferablesArgIndex = 2;
if (!SerializedScriptValue::extractTransferables(
info.GetIsolate(), info[transferablesArgIndex],
transferablesArgIndex, transferables, exceptionState)) {
return;
}
}
// TODO(foolip): targetOrigin should be a USVString in IDL and treated as
// such here, without TreatNullAndUndefinedAsNullString.
TOSTRING_VOID(V8StringResource<TreatNullAndUndefinedAsNullString>,
targetOrigin, info[targetOriginArgIndex]);
RefPtr<SerializedScriptValue> message = SerializedScriptValue::serialize(
info.GetIsolate(), info[0], &transferables, nullptr, exceptionState);
if (exceptionState.hadException())
return;
window->postMessage(message.release(), transferables.messagePorts,
targetOrigin, source, exceptionState);
}
QString QWebElement::styleProperty(const QString &name, StyleResolveStrategy strategy) const
{
if (!m_element || !m_element->isStyledElement())
return QString();
int propID = cssPropertyID(name);
if (!propID)
return QString();
CSSStyleDeclaration* style = static_cast<StyledElement*>(m_element)->style();
if (strategy == InlineStyle)
return style->getPropertyValue(propID);
if (strategy == CascadedStyle) {
if (style->getPropertyPriority(propID))
return style->getPropertyValue(propID);
// We are going to resolve the style property by walking through the
// list of non-inline matched CSS rules for the element, looking for
// the highest priority definition.
// Get an array of matched CSS rules for the given element sorted
// by importance and inheritance order. This include external CSS
// declarations, as well as embedded and inline style declarations.
DOMWindow* domWindow = m_element->document()->frame()->domWindow();
if (RefPtr<CSSRuleList> rules = domWindow->getMatchedCSSRules(m_element, "")) {
for (int i = rules->length(); i > 0; --i) {
CSSStyleRule* rule = static_cast<CSSStyleRule*>(rules->item(i - 1));
if (rule->style()->getPropertyPriority(propID))
return rule->style()->getPropertyValue(propID);
if (style->getPropertyValue(propID).isEmpty())
style = rule->style();
}
}
return style->getPropertyValue(propID);
}
if (strategy == ComputedStyle) {
if (!m_element || !m_element->isStyledElement())
return QString();
int propID = cssPropertyID(name);
RefPtr<CSSComputedStyleDeclaration> style = computedStyle(m_element);
if (!propID || !style)
return QString();
return style->getPropertyValue(propID);
}
return QString();
}
static void failedAccessCheckCallbackInMainThread(v8::Local<v8::Object> host, v8::AccessType type, v8::Local<v8::Value> data)
{
Frame* target = findFrame(host, data, v8::Isolate::GetCurrent());
if (!target)
return;
DOMWindow* targetWindow = target->domWindow();
setDOMException(SecurityError, targetWindow->crossDomainAccessErrorMessage(activeDOMWindow()), v8::Isolate::GetCurrent());
}
v8::Handle<v8::Value> V8Document::locationAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
{
Document* document = V8Document::toNative(info.Holder());
if (!document->frame())
return v8::Null(info.GetIsolate());
DOMWindow* window = document->domWindow();
return toV8(window->location(), info.Holder(), info.GetIsolate());
}
static v8::Local<v8::Context> mainWorldContext(v8::Isolate* isolate, NPP npp, NPObject* npObject)
{
ASSERT(npObject->_class == &V8NPObjectClass);
V8NPObject* object = reinterpret_cast<V8NPObject*>(npObject);
DOMWindow* window = object->rootObject;
if (!window || !window->isCurrentlyDisplayedInFrame())
return v8::Local<v8::Context>();
return toV8Context(isolate, object->rootObject->frame(), DOMWrapperWorld::mainWorld());
}
Frame* toFrameIfNotDetached(v8::Handle<v8::Context> context)
{
DOMWindow* window = toDOMWindow(context);
if (window->isCurrentlyDisplayedInFrame())
return window->frame();
// We return 0 here because |context| is detached from the Frame. If we
// did return |frame| we could get in trouble because the frame could be
// navigated to another security origin.
return 0;
}
void V8WrapperInstantiationScope::convertException()
{
v8::Isolate* isolate = m_context->GetIsolate();
// TODO(jochen): Currently, Location is the only object for which we can reach this code path. Should be generalized.
ExceptionState exceptionState(ExceptionState::ConstructionContext, "Location", isolate->GetCurrentContext()->Global(), isolate);
LocalDOMWindow* callingWindow = callingDOMWindow(isolate);
DOMWindow* targetWindow = toDOMWindow(m_context);
exceptionState.throwSecurityError(targetWindow->sanitizedCrossDomainAccessErrorMessage(callingWindow), targetWindow->crossDomainAccessErrorMessage(callingWindow));
exceptionState.throwIfNeeded();
}
static float pageZoomFactor(const UIEvent* event)
{
DOMWindow* window = event->view();
if (!window)
return 1;
Frame* frame = window->frame();
if (!frame)
return 1;
return frame->pageZoomFactor();
}
void V8Custom::ClearTimeoutImpl(const v8::Arguments& args)
{
v8::Handle<v8::Value> holder = args.Holder();
DOMWindow* imp = V8Proxy::ToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, holder);
if (!V8Proxy::CanAccessFrame(imp->frame(), true))
return;
ScriptExecutionContext* context = static_cast<ScriptExecutionContext*>(imp->frame()->document());
int handle = toInt32(args[0]);
DOMTimer::removeById(context, handle);
}
void V8Document::locationAttrGetterCustom(v8::Local<v8::String> name, const v8::PropertyCallbackInfo<v8::Value>& info)
{
Document* document = V8Document::toNative(info.Holder());
if (!document->frame()) {
v8SetReturnValueNull(info);
return;
}
DOMWindow* window = document->domWindow();
v8SetReturnValue(info, toV8Fast(window->location(), info, document));
}
Frame* V8Proxy::retrieveFrame(v8::Handle<v8::Context> context)
{
DOMWindow* window = retrieveWindow(context);
Frame* frame = window->frame();
if (frame && frame->domWindow() == window)
return frame;
// We return 0 here because |context| is detached from the Frame. If we
// did return |frame| we could get in trouble because the frame could be
// navigated to another security origin.
return 0;
}
ScriptObject InspectorCanvasAgent::notifyRenderingContextWasWrapped(const ScriptObject& wrappedContext)
{
ASSERT(m_frontend);
ScriptState* scriptState = wrappedContext.scriptState();
DOMWindow* domWindow = scriptState ? domWindowFromScriptState(scriptState) : 0;
Frame* frame = domWindow ? domWindow->frame() : 0;
String frameId = m_pageAgent->frameId(frame);
if (!frameId.isEmpty())
m_frontend->contextCreated(frameId);
return wrappedContext;
}
String InspectorDOMStorageAgent::storageId(Storage* storage)
{
ASSERT(storage);
Document* document = storage->frame()->document();
ASSERT(document);
DOMWindow* window = document->domWindow();
ASSERT(window);
RefPtr<SecurityOrigin> securityOrigin = document->securityOrigin();
bool isLocalStorage = window->optionalLocalStorage() == storage;
return storageId(securityOrigin.get(), isLocalStorage)->toJSONString();
}