WrapperWorldType worldType(v8::Isolate* isolate) { V8PerIsolateData* data = V8PerIsolateData::from(isolate); if (!data->workerDOMDataStore()) return worldTypeInMainThread(isolate); return WorkerWorld; }
bool Dictionary::get(const String& key, RefPtr<EventTarget>& value) const { v8::Local<v8::Value> v8Value; if (!getKey(key, v8Value)) return false; value = 0; // We need to handle a DOMWindow specially, because a DOMWindow wrapper // exists on a prototype chain of v8Value. if (v8Value->IsObject()) { v8::Handle<v8::Object> wrapper = v8::Handle<v8::Object>::Cast(v8Value); v8::Handle<v8::Object> window = wrapper->FindInstanceInPrototypeChain(V8Window::domTemplate(m_isolate, worldTypeInMainThread(m_isolate))); if (!window.IsEmpty()) { value = toWrapperTypeInfo(window)->toEventTarget(window); return true; } } if (V8DOMWrapper::isDOMWrapper(v8Value)) { v8::Handle<v8::Object> wrapper = v8::Handle<v8::Object>::Cast(v8Value); value = toWrapperTypeInfo(wrapper)->toEventTarget(wrapper); } return true; }
bool Dictionary::get(const String& key, RefPtr<DOMWindow>& value) const { v8::Local<v8::Value> v8Value; if (!getKey(key, v8Value)) return false; // We need to handle a DOMWindow specially, because a DOMWindow wrapper // exists on a prototype chain of v8Value. value = 0; if (v8Value->IsObject()) { v8::Handle<v8::Object> wrapper = v8::Handle<v8::Object>::Cast(v8Value); v8::Handle<v8::Object> window = wrapper->FindInstanceInPrototypeChain(V8DOMWindow::GetTemplate(m_isolate, worldTypeInMainThread(m_isolate))); if (!window.IsEmpty()) value = V8DOMWindow::toNative(window); } return true; }
v8::Local<v8::Object> V8DOMWrapper::createWrapper(v8::Handle<v8::Object> creationContext, WrapperTypeInfo* type, void* impl, v8::Isolate* isolate) { V8WrapperInstantiationScope scope(creationContext); V8PerContextData* perContextData = V8PerContextData::from(scope.context()); v8::Local<v8::Object> wrapper = perContextData ? perContextData->createWrapperFromCache(type) : V8ObjectConstructor::newInstance(type->getTemplate(isolate, worldTypeInMainThread(isolate))->GetFunction()); if (type == &V8HTMLDocument::info && !wrapper.IsEmpty()) wrapper = wrapInShadowTemplate(wrapper, static_cast<Node*>(impl), isolate); return wrapper; }
bool V8Window::indexedSecurityCheckCustom(v8::Local<v8::Object> host, uint32_t index, v8::AccessType type, v8::Local<v8::Value>) { v8::Isolate* isolate = v8::Isolate::GetCurrent(); v8::Handle<v8::Object> window = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate))); if (window.IsEmpty()) return false; DOMWindow* targetWindow = V8Window::toNative(window); ASSERT(targetWindow); Frame* target = targetWindow->frame(); if (!target) return false; // Notify the loader's client if the initial document has been accessed. if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument()) target->loader()->didAccessInitialDocument(); Frame* childFrame = target->tree()->scopedChild(index); // Notice that we can't call HasRealNamedProperty for ACCESS_HAS // because that would generate infinite recursion. if (type == v8::ACCESS_HAS && childFrame) return true; if (type == v8::ACCESS_GET && childFrame && !host->HasRealIndexedProperty(index) && !window->HasRealIndexedProperty(index)) return true; return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurityError); }
v8::Handle<v8::Value> toV8(DOMWindow* window, v8::Handle<v8::Object> creationContext, v8::Isolate* isolate) { // Notice that we explicitly ignore creationContext because the DOMWindow is its own creationContext. if (!window) return v8NullWithCheck(isolate); // Initializes environment of a frame, and return the global object // of the frame. Frame* frame = window->frame(); if (!frame) return v8Undefined(); // Special case: Because of executeScriptInIsolatedWorld() one DOMWindow can have // multiple contexts and multiple global objects associated with it. When // code running in one of those contexts accesses the window object, we // want to return the global object associated with that context, not // necessarily the first global object associated with that DOMWindow. v8::Handle<v8::Context> currentContext = v8::Context::GetCurrent(); v8::Handle<v8::Object> currentGlobal = currentContext->Global(); v8::Handle<v8::Object> windowWrapper = currentGlobal->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate))); if (!windowWrapper.IsEmpty()) { if (V8Window::toNative(windowWrapper) == window) return currentGlobal; } // Otherwise, return the global object associated with this frame. v8::Handle<v8::Context> context = frame->script()->currentWorldContext(); if (context.IsEmpty()) return v8Undefined(); v8::Handle<v8::Object> global = context->Global(); ASSERT(!global.IsEmpty()); return global; }
// FIXME(fqian): returning string is cheating, and we should // fix this by calling toString function on the receiver. // However, V8 implements toString in JavaScript, which requires // switching context of receiver. I consider it is dangerous. void V8Window::toStringMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& args) { v8::Handle<v8::Object> domWrapper = args.This()->FindInstanceInPrototypeChain(V8Window::GetTemplate(args.GetIsolate(), worldTypeInMainThread(args.GetIsolate()))); if (domWrapper.IsEmpty()) { v8SetReturnValue(args, args.This()->ObjectProtoToString()); return; } v8SetReturnValue(args, domWrapper->ObjectProtoToString()); }
bool V8Window::namedSecurityCheckCustom(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8::AccessType type, v8::Local<v8::Value>) { v8::Isolate* isolate = v8::Isolate::GetCurrent(); v8::Handle<v8::Object> window = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate))); if (window.IsEmpty()) return false; // the frame is gone. DOMWindow* targetWindow = V8Window::toNative(window); ASSERT(targetWindow); Frame* target = targetWindow->frame(); if (!target) return false; // Notify the loader's client if the initial document has been accessed. if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument()) target->loader()->didAccessInitialDocument(); if (key->IsString()) { DEFINE_STATIC_LOCAL(AtomicString, nameOfProtoProperty, ("__proto__", AtomicString::ConstructFromLiteral)); String name = toWebCoreString(key); Frame* childFrame = target->tree()->scopedChild(name); // Notice that we can't call HasRealNamedProperty for ACCESS_HAS // because that would generate infinite recursion. if (type == v8::ACCESS_HAS && childFrame) return true; // We need to explicitly compare against nameOfProtoProperty because // V8's JSObject::LocalLookup finds __proto__ before // interceptors and even when __proto__ isn't a "real named property". v8::Handle<v8::String> keyString = key->ToString(); if (type == v8::ACCESS_GET && childFrame && !host->HasRealNamedProperty(keyString) && !window->HasRealNamedProperty(keyString) && name != nameOfProtoProperty) return true; } return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurityError); }
void V8Window::eventAttrSetterCustom(v8::Local<v8::String> name, v8::Local<v8::Value> value, const v8::PropertyCallbackInfo<void>& info) { v8::Handle<v8::Object> holder = info.This()->FindInstanceInPrototypeChain(V8Window::GetTemplate(info.GetIsolate(), worldTypeInMainThread(info.GetIsolate()))); if (holder.IsEmpty()) return; Frame* frame = V8Window::toNative(holder)->frame(); if (!BindingSecurity::shouldAllowAccessToFrame(frame)) return; ASSERT(frame); v8::Local<v8::Context> context = frame->script()->currentWorldContext(); if (context.IsEmpty()) return; v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(); context->Global()->SetHiddenValue(eventSymbol, value); }
void V8WindowShell::clearForNavigation() { if (!m_contextHolder) return; v8::HandleScope handleScope(m_isolate); m_document.clear(); v8::Handle<v8::Context> context = m_contextHolder->context(); v8::Context::Scope contextScope(context); // Clear the document wrapper cache before turning on access checks on // the old DOMWindow wrapper. This way, access to the document wrapper // will be protected by the security checks on the DOMWindow wrapper. clearDocumentProperty(); v8::Handle<v8::Object> windowWrapper = m_global.newLocal(m_isolate)->FindInstanceInPrototypeChain(V8Window::domTemplate(m_isolate, worldTypeInMainThread(m_isolate))); ASSERT(!windowWrapper.IsEmpty()); windowWrapper->TurnOnAccessCheck(); disposeContext(DetachGlobal); }
void V8DOMWindowShell::clearForNavigation() { if (m_context.isEmpty()) return; v8::HandleScope handleScope; m_document.clear(); // FIXME: Should we create a new Local handle here? v8::Context::Scope contextScope(m_context.get()); // Clear the document wrapper cache before turning on access checks on // the old DOMWindow wrapper. This way, access to the document wrapper // will be protected by the security checks on the DOMWindow wrapper. clearDocumentProperty(); v8::Handle<v8::Object> windowWrapper = m_global->FindInstanceInPrototypeChain(V8DOMWindow::GetTemplate(m_isolate, worldTypeInMainThread(m_isolate))); ASSERT(!windowWrapper.IsEmpty()); windowWrapper->TurnOnAccessCheck(); m_context->DetachGlobal(); disposeContext(); }
static Frame* findFrame(v8::Local<v8::Object> host, v8::Local<v8::Value> data, v8::Isolate* isolate) { WrapperTypeInfo* type = WrapperTypeInfo::unwrap(data); if (V8Window::info.equals(type)) { v8::Handle<v8::Object> windowWrapper = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate))); if (windowWrapper.IsEmpty()) return 0; return V8Window::toNative(windowWrapper)->frame(); } if (V8History::info.equals(type)) return V8History::toNative(host)->frame(); if (V8Location::info.equals(type)) return V8Location::toNative(host)->frame(); // This function can handle only those types listed above. ASSERT_NOT_REACHED(); return 0; }
void V8Window::eventAttributeGetterCustom(const v8::PropertyCallbackInfo<v8::Value>& info) { v8::Handle<v8::Object> holder = info.This()->FindInstanceInPrototypeChain(V8Window::domTemplate(info.GetIsolate(), worldTypeInMainThread(info.GetIsolate()))); if (holder.IsEmpty()) return; Frame* frame = V8Window::toNative(holder)->frame(); ExceptionState exceptionState(ExceptionState::GetterContext, "event", "Window", info.Holder(), info.GetIsolate()); if (!BindingSecurity::shouldAllowAccessToFrame(frame, exceptionState)) { exceptionState.throwIfNeeded(); return; } ASSERT(frame); v8::Local<v8::Context> context = frame->script().currentWorldContext(); if (context.IsEmpty()) return; v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(info.GetIsolate()); v8::Handle<v8::Value> jsEvent = context->Global()->GetHiddenValue(eventSymbol); if (jsEvent.IsEmpty()) return; v8SetReturnValue(info, jsEvent); }