WrapperWorldType worldType(v8::Isolate* isolate)
{
V8PerIsolateData* data = V8PerIsolateData::from(isolate);
if (!data->workerDOMDataStore())
return worldTypeInMainThread(isolate);
return WorkerWorld;
}
bool Dictionary::get(const String& key, RefPtr<EventTarget>& value) const
{
v8::Local<v8::Value> v8Value;
if (!getKey(key, v8Value))
return false;
value = 0;
// We need to handle a DOMWindow specially, because a DOMWindow wrapper
// exists on a prototype chain of v8Value.
if (v8Value->IsObject()) {
v8::Handle<v8::Object> wrapper = v8::Handle<v8::Object>::Cast(v8Value);
v8::Handle<v8::Object> window = wrapper->FindInstanceInPrototypeChain(V8Window::domTemplate(m_isolate, worldTypeInMainThread(m_isolate)));
if (!window.IsEmpty()) {
value = toWrapperTypeInfo(window)->toEventTarget(window);
return true;
}
}
if (V8DOMWrapper::isDOMWrapper(v8Value)) {
v8::Handle<v8::Object> wrapper = v8::Handle<v8::Object>::Cast(v8Value);
value = toWrapperTypeInfo(wrapper)->toEventTarget(wrapper);
}
return true;
}
bool Dictionary::get(const String& key, RefPtr<DOMWindow>& value) const
{
v8::Local<v8::Value> v8Value;
if (!getKey(key, v8Value))
return false;
// We need to handle a DOMWindow specially, because a DOMWindow wrapper
// exists on a prototype chain of v8Value.
value = 0;
if (v8Value->IsObject()) {
v8::Handle<v8::Object> wrapper = v8::Handle<v8::Object>::Cast(v8Value);
v8::Handle<v8::Object> window = wrapper->FindInstanceInPrototypeChain(V8DOMWindow::GetTemplate(m_isolate, worldTypeInMainThread(m_isolate)));
if (!window.IsEmpty())
value = V8DOMWindow::toNative(window);
}
return true;
}
v8::Local<v8::Object> V8DOMWrapper::createWrapper(v8::Handle<v8::Object> creationContext, WrapperTypeInfo* type, void* impl, v8::Isolate* isolate)
{
V8WrapperInstantiationScope scope(creationContext);
V8PerContextData* perContextData = V8PerContextData::from(scope.context());
v8::Local<v8::Object> wrapper = perContextData ? perContextData->createWrapperFromCache(type) : V8ObjectConstructor::newInstance(type->getTemplate(isolate, worldTypeInMainThread(isolate))->GetFunction());
if (type == &V8HTMLDocument::info && !wrapper.IsEmpty())
wrapper = wrapInShadowTemplate(wrapper, static_cast<Node*>(impl), isolate);
return wrapper;
}
bool V8Window::indexedSecurityCheckCustom(v8::Local<v8::Object> host, uint32_t index, v8::AccessType type, v8::Local<v8::Value>)
{
v8::Isolate* isolate = v8::Isolate::GetCurrent();
v8::Handle<v8::Object> window = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate)));
if (window.IsEmpty())
return false;
DOMWindow* targetWindow = V8Window::toNative(window);
ASSERT(targetWindow);
Frame* target = targetWindow->frame();
if (!target)
return false;
// Notify the loader's client if the initial document has been accessed.
if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument())
target->loader()->didAccessInitialDocument();
Frame* childFrame = target->tree()->scopedChild(index);
// Notice that we can't call HasRealNamedProperty for ACCESS_HAS
// because that would generate infinite recursion.
if (type == v8::ACCESS_HAS && childFrame)
return true;
if (type == v8::ACCESS_GET
&& childFrame
&& !host->HasRealIndexedProperty(index)
&& !window->HasRealIndexedProperty(index))
return true;
return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurityError);
}
v8::Handle<v8::Value> toV8(DOMWindow* window, v8::Handle<v8::Object> creationContext, v8::Isolate* isolate)
{
// Notice that we explicitly ignore creationContext because the DOMWindow is its own creationContext.
if (!window)
return v8NullWithCheck(isolate);
// Initializes environment of a frame, and return the global object
// of the frame.
Frame* frame = window->frame();
if (!frame)
return v8Undefined();
// Special case: Because of executeScriptInIsolatedWorld() one DOMWindow can have
// multiple contexts and multiple global objects associated with it. When
// code running in one of those contexts accesses the window object, we
// want to return the global object associated with that context, not
// necessarily the first global object associated with that DOMWindow.
v8::Handle<v8::Context> currentContext = v8::Context::GetCurrent();
v8::Handle<v8::Object> currentGlobal = currentContext->Global();
v8::Handle<v8::Object> windowWrapper = currentGlobal->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate)));
if (!windowWrapper.IsEmpty()) {
if (V8Window::toNative(windowWrapper) == window)
return currentGlobal;
}
// Otherwise, return the global object associated with this frame.
v8::Handle<v8::Context> context = frame->script()->currentWorldContext();
if (context.IsEmpty())
return v8Undefined();
v8::Handle<v8::Object> global = context->Global();
ASSERT(!global.IsEmpty());
return global;
}
// FIXME(fqian): returning string is cheating, and we should
// fix this by calling toString function on the receiver.
// However, V8 implements toString in JavaScript, which requires
// switching context of receiver. I consider it is dangerous.
void V8Window::toStringMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& args)
{
v8::Handle<v8::Object> domWrapper = args.This()->FindInstanceInPrototypeChain(V8Window::GetTemplate(args.GetIsolate(), worldTypeInMainThread(args.GetIsolate())));
if (domWrapper.IsEmpty()) {
v8SetReturnValue(args, args.This()->ObjectProtoToString());
return;
}
v8SetReturnValue(args, domWrapper->ObjectProtoToString());
}
bool V8Window::namedSecurityCheckCustom(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8::AccessType type, v8::Local<v8::Value>)
{
v8::Isolate* isolate = v8::Isolate::GetCurrent();
v8::Handle<v8::Object> window = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate)));
if (window.IsEmpty())
return false; // the frame is gone.
DOMWindow* targetWindow = V8Window::toNative(window);
ASSERT(targetWindow);
Frame* target = targetWindow->frame();
if (!target)
return false;
// Notify the loader's client if the initial document has been accessed.
if (target->loader()->stateMachine()->isDisplayingInitialEmptyDocument())
target->loader()->didAccessInitialDocument();
if (key->IsString()) {
DEFINE_STATIC_LOCAL(AtomicString, nameOfProtoProperty, ("__proto__", AtomicString::ConstructFromLiteral));
String name = toWebCoreString(key);
Frame* childFrame = target->tree()->scopedChild(name);
// Notice that we can't call HasRealNamedProperty for ACCESS_HAS
// because that would generate infinite recursion.
if (type == v8::ACCESS_HAS && childFrame)
return true;
// We need to explicitly compare against nameOfProtoProperty because
// V8's JSObject::LocalLookup finds __proto__ before
// interceptors and even when __proto__ isn't a "real named property".
v8::Handle<v8::String> keyString = key->ToString();
if (type == v8::ACCESS_GET
&& childFrame
&& !host->HasRealNamedProperty(keyString)
&& !window->HasRealNamedProperty(keyString)
&& name != nameOfProtoProperty)
return true;
}
return BindingSecurity::shouldAllowAccessToFrame(target, DoNotReportSecurityError);
}
void V8Window::eventAttrSetterCustom(v8::Local<v8::String> name, v8::Local<v8::Value> value, const v8::PropertyCallbackInfo<void>& info)
{
v8::Handle<v8::Object> holder = info.This()->FindInstanceInPrototypeChain(V8Window::GetTemplate(info.GetIsolate(), worldTypeInMainThread(info.GetIsolate())));
if (holder.IsEmpty())
return;
Frame* frame = V8Window::toNative(holder)->frame();
if (!BindingSecurity::shouldAllowAccessToFrame(frame))
return;
ASSERT(frame);
v8::Local<v8::Context> context = frame->script()->currentWorldContext();
if (context.IsEmpty())
return;
v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event();
context->Global()->SetHiddenValue(eventSymbol, value);
}
void V8WindowShell::clearForNavigation()
{
if (!m_contextHolder)
return;
v8::HandleScope handleScope(m_isolate);
m_document.clear();
v8::Handle<v8::Context> context = m_contextHolder->context();
v8::Context::Scope contextScope(context);
// Clear the document wrapper cache before turning on access checks on
// the old DOMWindow wrapper. This way, access to the document wrapper
// will be protected by the security checks on the DOMWindow wrapper.
clearDocumentProperty();
v8::Handle<v8::Object> windowWrapper = m_global.newLocal(m_isolate)->FindInstanceInPrototypeChain(V8Window::domTemplate(m_isolate, worldTypeInMainThread(m_isolate)));
ASSERT(!windowWrapper.IsEmpty());
windowWrapper->TurnOnAccessCheck();
disposeContext(DetachGlobal);
}
void V8DOMWindowShell::clearForNavigation()
{
if (m_context.isEmpty())
return;
v8::HandleScope handleScope;
m_document.clear();
// FIXME: Should we create a new Local handle here?
v8::Context::Scope contextScope(m_context.get());
// Clear the document wrapper cache before turning on access checks on
// the old DOMWindow wrapper. This way, access to the document wrapper
// will be protected by the security checks on the DOMWindow wrapper.
clearDocumentProperty();
v8::Handle<v8::Object> windowWrapper = m_global->FindInstanceInPrototypeChain(V8DOMWindow::GetTemplate(m_isolate, worldTypeInMainThread(m_isolate)));
ASSERT(!windowWrapper.IsEmpty());
windowWrapper->TurnOnAccessCheck();
m_context->DetachGlobal();
disposeContext();
}
static Frame* findFrame(v8::Local<v8::Object> host, v8::Local<v8::Value> data, v8::Isolate* isolate)
{
WrapperTypeInfo* type = WrapperTypeInfo::unwrap(data);
if (V8Window::info.equals(type)) {
v8::Handle<v8::Object> windowWrapper = host->FindInstanceInPrototypeChain(V8Window::GetTemplate(isolate, worldTypeInMainThread(isolate)));
if (windowWrapper.IsEmpty())
return 0;
return V8Window::toNative(windowWrapper)->frame();
}
if (V8History::info.equals(type))
return V8History::toNative(host)->frame();
if (V8Location::info.equals(type))
return V8Location::toNative(host)->frame();
// This function can handle only those types listed above.
ASSERT_NOT_REACHED();
return 0;
}
void V8Window::eventAttributeGetterCustom(const v8::PropertyCallbackInfo<v8::Value>& info)
{
v8::Handle<v8::Object> holder = info.This()->FindInstanceInPrototypeChain(V8Window::domTemplate(info.GetIsolate(), worldTypeInMainThread(info.GetIsolate())));
if (holder.IsEmpty())
return;
Frame* frame = V8Window::toNative(holder)->frame();
ExceptionState exceptionState(ExceptionState::GetterContext, "event", "Window", info.Holder(), info.GetIsolate());
if (!BindingSecurity::shouldAllowAccessToFrame(frame, exceptionState)) {
exceptionState.throwIfNeeded();
return;
}
ASSERT(frame);
v8::Local<v8::Context> context = frame->script().currentWorldContext();
if (context.IsEmpty())
return;
v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(info.GetIsolate());
v8::Handle<v8::Value> jsEvent = context->Global()->GetHiddenValue(eventSymbol);
if (jsEvent.IsEmpty())
return;
v8SetReturnValue(info, jsEvent);
}
