bool WindowProxy::initialize() {
TRACE_EVENT0("v8", "WindowProxy::initialize");
SCOPED_BLINK_UMA_HISTOGRAM_TIMER("Blink.Binding.InitializeWindowProxy");
ScriptForbiddenScope::AllowUserAgentScript allowScript;
v8::HandleScope handleScope(m_isolate);
createContext();
if (!isContextInitialized())
return false;
ScriptState::Scope scope(m_scriptState.get());
v8::Local<v8::Context> context = m_scriptState->context();
if (m_global.isEmpty()) {
m_global.set(m_isolate, context->Global());
if (m_global.isEmpty()) {
disposeContext(DoNotDetachGlobal);
return false;
}
}
if (!setupWindowPrototypeChain()) {
disposeContext(DoNotDetachGlobal);
return false;
}
SecurityOrigin* origin = 0;
if (m_world->isMainWorld()) {
// ActivityLogger for main world is updated within updateDocument().
updateDocument();
origin = m_frame->securityContext()->getSecurityOrigin();
// FIXME: Can this be removed when CSP moves to browser?
ContentSecurityPolicy* csp =
m_frame->securityContext()->contentSecurityPolicy();
context->AllowCodeGenerationFromStrings(
csp->allowEval(0, ContentSecurityPolicy::SuppressReport));
context->SetErrorMessageForCodeGenerationFromStrings(
v8String(m_isolate, csp->evalDisabledErrorMessage()));
} else {
updateActivityLogger();
origin = m_world->isolatedWorldSecurityOrigin();
setSecurityToken(origin);
}
// All interfaces must be registered to V8PerContextData.
// So we explicitly call constructorForType for the global object.
V8PerContextData::from(context)->constructorForType(
&V8Window::wrapperTypeInfo);
if (m_frame->isLocalFrame()) {
LocalFrame* frame = toLocalFrame(m_frame);
MainThreadDebugger::instance()->contextCreated(m_scriptState.get(), frame,
origin);
frame->loader().client()->didCreateScriptContext(
context, m_world->extensionGroup(), m_world->worldId());
}
return true;
}
void WindowProxy::updateSecurityOrigin(SecurityOrigin* origin)
{
ASSERT(m_world->isMainWorld());
if (!isContextInitialized())
return;
setSecurityToken(origin);
}
bool WindowProxy::initialize()
{
TRACE_EVENT0("v8", "WindowProxy::initialize");
TRACE_EVENT_SCOPED_SAMPLING_STATE("blink", "InitializeWindow");
SCOPED_BLINK_UMA_HISTOGRAM_TIMER("Blink.Binding.InitializeWindowProxy");
ScriptForbiddenScope::AllowUserAgentScript allowScript;
v8::HandleScope handleScope(m_isolate);
createContext();
if (!isContextInitialized())
return false;
ScriptState::Scope scope(m_scriptState.get());
v8::Local<v8::Context> context = m_scriptState->context();
if (m_global.isEmpty()) {
m_global.set(m_isolate, context->Global());
if (m_global.isEmpty()) {
disposeContext(DoNotDetachGlobal);
return false;
}
}
if (!setupWindowPrototypeChain()) {
disposeContext(DoNotDetachGlobal);
return false;
}
SecurityOrigin* origin = 0;
if (m_world->isMainWorld()) {
// ActivityLogger for main world is updated within updateDocument().
updateDocument();
origin = m_frame->securityContext()->getSecurityOrigin();
// FIXME: Can this be removed when CSP moves to browser?
ContentSecurityPolicy* csp = m_frame->securityContext()->contentSecurityPolicy();
context->AllowCodeGenerationFromStrings(csp->allowEval(0, ContentSecurityPolicy::SuppressReport));
context->SetErrorMessageForCodeGenerationFromStrings(v8String(m_isolate, csp->evalDisabledErrorMessage()));
} else {
updateActivityLogger();
origin = m_world->isolatedWorldSecurityOrigin();
setSecurityToken(origin);
}
if (m_frame->isLocalFrame()) {
LocalFrame* frame = toLocalFrame(m_frame);
MainThreadDebugger::instance()->contextCreated(m_scriptState.get(), frame, origin);
frame->loader().client()->didCreateScriptContext(context, m_world->extensionGroup(), m_world->worldId());
}
// If Origin Trials have been registered before the V8 context was ready,
// then inject them into the context now
ExecutionContext* executionContext = m_scriptState->getExecutionContext();
if (executionContext) {
OriginTrialContext* originTrialContext = OriginTrialContext::from(executionContext);
if (originTrialContext)
originTrialContext->initializePendingFeatures();
}
return true;
}
void V8DOMWindowShell::updateSecurityOrigin()
{
ASSERT(m_world->isMainWorld());
if (m_context.isEmpty())
return;
v8::HandleScope handleScope;
setSecurityToken();
}
void V8WindowShell::updateSecurityOrigin()
{
ASSERT(m_world->isMainWorld());
if (!m_contextHolder)
return;
v8::HandleScope handleScope(m_isolate);
setSecurityToken();
}
bool WindowProxy::initialize()
{
TRACE_EVENT0("v8", "WindowProxy::initialize");
TRACE_EVENT_SCOPED_SAMPLING_STATE("blink", "InitializeWindow");
ScriptForbiddenScope::AllowUserAgentScript allowScript;
v8::HandleScope handleScope(m_isolate);
createContext();
if (!isContextInitialized())
return false;
ScriptState::Scope scope(m_scriptState.get());
v8::Local<v8::Context> context = m_scriptState->context();
if (m_global.isEmpty()) {
m_global.set(m_isolate, context->Global());
if (m_global.isEmpty()) {
disposeContext(DoNotDetachGlobal);
return false;
}
}
if (!installDOMWindow()) {
disposeContext(DoNotDetachGlobal);
return false;
}
SecurityOrigin* origin = 0;
if (m_world->isMainWorld()) {
// ActivityLogger for main world is updated within updateDocument().
updateDocument();
origin = m_frame->securityContext()->securityOrigin();
// FIXME: Can this be removed when CSP moves to browser?
ContentSecurityPolicy* csp = m_frame->securityContext()->contentSecurityPolicy();
context->AllowCodeGenerationFromStrings(csp->allowEval(0, ContentSecurityPolicy::SuppressReport));
context->SetErrorMessageForCodeGenerationFromStrings(v8String(m_isolate, csp->evalDisabledErrorMessage()));
} else {
updateActivityLogger();
origin = m_world->isolatedWorldSecurityOrigin();
setSecurityToken(origin);
}
if (m_frame->isLocalFrame()) {
LocalFrame* frame = toLocalFrame(m_frame);
MainThreadDebugger::initializeContext(context, m_world->worldId());
InspectorInstrumentation::didCreateScriptContext(frame, m_scriptState.get(), origin, m_world->worldId());
frame->loader().client()->didCreateScriptContext(context, m_world->extensionGroup(), m_world->worldId());
}
return true;
}
void WindowProxy::updateSecurityOrigin(SecurityOrigin* origin)
{
if (!isContextInitialized())
return;
setSecurityToken(origin);
}
// Create a new environment and setup the global object.
//
// The global object corresponds to a DOMWindow instance. However, to
// allow properties of the JS DOMWindow instance to be shadowed, we
// use a shadow object as the global object and use the JS DOMWindow
// instance as the prototype for that shadow object. The JS DOMWindow
// instance is undetectable from JavaScript code because the __proto__
// accessors skip that object.
//
// The shadow object and the DOMWindow instance are seen as one object
// from JavaScript. The JavaScript object that corresponds to a
// DOMWindow instance is the shadow object. When mapping a DOMWindow
// instance to a V8 object, we return the shadow object.
//
// To implement split-window, see
// 1) https://bugs.webkit.org/show_bug.cgi?id=17249
// 2) https://wiki.mozilla.org/Gecko:SplitWindow
// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639
// we need to split the shadow object further into two objects:
// an outer window and an inner window. The inner window is the hidden
// prototype of the outer window. The inner window is the default
// global object of the context. A variable declared in the global
// scope is a property of the inner window.
//
// The outer window sticks to a Frame, it is exposed to JavaScript
// via window.window, window.self, window.parent, etc. The outer window
// has a security token which is the domain. The outer window cannot
// have its own properties. window.foo = 'x' is delegated to the
// inner window.
//
// When a frame navigates to a new page, the inner window is cut off
// the outer window, and the outer window identify is preserved for
// the frame. However, a new inner window is created for the new page.
// If there are JS code holds a closure to the old inner window,
// it won't be able to reach the outer window via its global object.
bool V8DOMWindowShell::initializeIfNeeded()
{
if (!m_context.isEmpty())
return true;
v8::HandleScope handleScope;
initializeV8IfNeeded();
createContext();
if (m_context.isEmpty())
return false;
bool isMainWorld = m_world->isMainWorld();
v8::Local<v8::Context> context = v8::Local<v8::Context>::New(m_context.get());
v8::Context::Scope contextScope(context);
if (m_global.isEmpty()) {
m_global.set(context->Global());
if (m_global.isEmpty()) {
disposeContext();
return false;
}
}
// Flag context as isolated.
if (!isMainWorld) {
V8DOMWindowShell* mainWindow = m_frame->script()->windowShell();
mainWindow->initializeIfNeeded();
if (!mainWindow->context().IsEmpty())
setInjectedScriptContextDebugId(m_context.get(), m_frame->script()->contextDebugId(mainWindow->context()));
setIsolatedWorldField(this, context);
}
m_perContextData = V8PerContextData::create(m_context.get());
if (!m_perContextData->init()) {
disposeContext();
return false;
}
if (!installDOMWindow()) {
disposeContext();
return false;
}
if (isMainWorld) {
updateDocument();
setSecurityToken();
if (m_frame->document())
context->AllowCodeGenerationFromStrings(m_frame->document()->contentSecurityPolicy()->allowEval(0, ContentSecurityPolicy::SuppressReport));
} else {
// Using the default security token means that the canAccess is always
// called, which is slow.
// FIXME: Use tokens where possible. This will mean keeping track of all
// created contexts so that they can all be updated when the
// document domain
// changes.
m_context->UseDefaultSecurityToken();
}
m_frame->loader()->client()->didCreateScriptContext(m_context.get(), m_world->extensionGroup(), m_world->worldId());
if (isMainWorld) {
// FIXME: This call is probably in the wrong spot, but causes a test timeout for http/tests/misc/window-open-then-write.html when removed.
// Additionally, ScriptController::existingWindowShell cannot be correctly implemented until this call is gone.
m_frame->loader()->dispatchDidClearWindowObjectInWorld(0);
}
return true;
}
// Create a new environment and setup the global object.
//
// The global object corresponds to a DOMWindow instance. However, to
// allow properties of the JS DOMWindow instance to be shadowed, we
// use a shadow object as the global object and use the JS DOMWindow
// instance as the prototype for that shadow object. The JS DOMWindow
// instance is undetectable from JavaScript code because the __proto__
// accessors skip that object.
//
// The shadow object and the DOMWindow instance are seen as one object
// from JavaScript. The JavaScript object that corresponds to a
// DOMWindow instance is the shadow object. When mapping a DOMWindow
// instance to a V8 object, we return the shadow object.
//
// To implement split-window, see
// 1) https://bugs.webkit.org/show_bug.cgi?id=17249
// 2) https://wiki.mozilla.org/Gecko:SplitWindow
// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639
// we need to split the shadow object further into two objects:
// an outer window and an inner window. The inner window is the hidden
// prototype of the outer window. The inner window is the default
// global object of the context. A variable declared in the global
// scope is a property of the inner window.
//
// The outer window sticks to a Frame, it is exposed to JavaScript
// via window.window, window.self, window.parent, etc. The outer window
// has a security token which is the domain. The outer window cannot
// have its own properties. window.foo = 'x' is delegated to the
// inner window.
//
// When a frame navigates to a new page, the inner window is cut off
// the outer window, and the outer window identify is preserved for
// the frame. However, a new inner window is created for the new page.
// If there are JS code holds a closure to the old inner window,
// it won't be able to reach the outer window via its global object.
bool V8WindowShell::initializeIfNeeded()
{
if (m_contextHolder)
return true;
TRACE_EVENT0("v8", "V8WindowShell::initializeIfNeeded");
v8::HandleScope handleScope(m_isolate);
createContext();
if (!m_contextHolder)
return false;
v8::Handle<v8::Context> context = m_contextHolder->context();
V8PerContextDataHolder::install(context);
m_world->setIsolatedWorldField(context);
bool isMainWorld = m_world->isMainWorld();
v8::Context::Scope contextScope(context);
if (m_global.isEmpty()) {
m_global.set(m_isolate, context->Global());
if (m_global.isEmpty()) {
disposeContext(DoNotDetachGlobal);
return false;
}
}
if (!isMainWorld) {
V8WindowShell* mainWindow = m_frame->script().existingWindowShell(mainThreadNormalWorld());
if (mainWindow && !mainWindow->context().IsEmpty())
setInjectedScriptContextDebugId(context, m_frame->script().contextDebugId(mainWindow->context()));
}
m_perContextData = V8PerContextData::create(context);
if (!m_perContextData->init()) {
disposeContext(DoNotDetachGlobal);
return false;
}
m_perContextData->setActivityLogger(DOMWrapperWorld::activityLogger(m_world->worldId()));
if (!installDOMWindow()) {
disposeContext(DoNotDetachGlobal);
return false;
}
if (isMainWorld) {
updateDocument();
setSecurityToken();
if (m_frame->document()) {
ContentSecurityPolicy* csp = m_frame->document()->contentSecurityPolicy();
context->AllowCodeGenerationFromStrings(csp->allowEval(0, ContentSecurityPolicy::SuppressReport));
context->SetErrorMessageForCodeGenerationFromStrings(v8String(m_isolate, csp->evalDisabledErrorMessage()));
}
} else {
// Using the default security token means that the canAccess is always
// called, which is slow.
// FIXME: Use tokens where possible. This will mean keeping track of all
// created contexts so that they can all be updated when the
// document domain
// changes.
context->UseDefaultSecurityToken();
SecurityOrigin* origin = m_world->isolatedWorldSecurityOrigin();
if (origin && InspectorInstrumentation::hasFrontends()) {
ScriptState* scriptState = ScriptState::forContext(v8::Local<v8::Context>::New(m_isolate, context));
InspectorInstrumentation::didCreateIsolatedContext(m_frame, scriptState, origin);
}
}
m_frame->loader().client()->didCreateScriptContext(context, m_world->extensionGroup(), m_world->worldId());
return true;
}
void V8Proxy::updateSecurityOrigin()
{
v8::HandleScope scope;
setSecurityToken();
}
// Create a new environment and setup the global object.
//
// The global object corresponds to a DOMWindow instance. However, to
// allow properties of the JS DOMWindow instance to be shadowed, we
// use a shadow object as the global object and use the JS DOMWindow
// instance as the prototype for that shadow object. The JS DOMWindow
// instance is undetectable from javascript code because the __proto__
// accessors skip that object.
//
// The shadow object and the DOMWindow instance are seen as one object
// from javascript. The javascript object that corresponds to a
// DOMWindow instance is the shadow object. When mapping a DOMWindow
// instance to a V8 object, we return the shadow object.
//
// To implement split-window, see
// 1) https://bugs.webkit.org/show_bug.cgi?id=17249
// 2) https://wiki.mozilla.org/Gecko:SplitWindow
// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639
// we need to split the shadow object further into two objects:
// an outer window and an inner window. The inner window is the hidden
// prototype of the outer window. The inner window is the default
// global object of the context. A variable declared in the global
// scope is a property of the inner window.
//
// The outer window sticks to a Frame, it is exposed to JavaScript
// via window.window, window.self, window.parent, etc. The outer window
// has a security token which is the domain. The outer window cannot
// have its own properties. window.foo = 'x' is delegated to the
// inner window.
//
// When a frame navigates to a new page, the inner window is cut off
// the outer window, and the outer window identify is preserved for
// the frame. However, a new inner window is created for the new page.
// If there are JS code holds a closure to the old inner window,
// it won't be able to reach the outer window via its global object.
void V8Proxy::initContextIfNeeded()
{
// Bail out if the context has already been initialized.
if (!context().IsEmpty())
return;
// Create a handle scope for all local handles.
v8::HandleScope handleScope;
// Setup the security handlers and message listener. This only has
// to be done once.
static bool isV8Initialized = false;
if (!isV8Initialized) {
// Tells V8 not to call the default OOM handler, binding code
// will handle it.
v8::V8::IgnoreOutOfMemoryException();
v8::V8::SetFatalErrorHandler(reportFatalErrorInV8);
v8::V8::SetGlobalGCPrologueCallback(&V8GCController::gcPrologue);
v8::V8::SetGlobalGCEpilogueCallback(&V8GCController::gcEpilogue);
v8::V8::AddMessageListener(&V8ConsoleMessage::handler);
v8::V8::SetFailedAccessCheckCallbackFunction(reportUnsafeJavaScriptAccess);
isV8Initialized = true;
}
v8::Persistent<v8::Context> context = createNewContext(m_global, 0);
if (context.IsEmpty())
return;
m_context->set(context);
v8::Context::Scope contextScope(context);
// Store the first global object created so we can reuse it.
if (m_global.IsEmpty()) {
m_global = v8::Persistent<v8::Object>::New(context->Global());
// Bail out if allocation of the first global objects fails.
if (m_global.IsEmpty()) {
disposeContextHandles();
return;
}
#ifndef NDEBUG
V8GCController::registerGlobalHandle(PROXY, this, m_global);
#endif
}
installHiddenObjectPrototype(context);
m_wrapperBoilerplates = v8::Persistent<v8::Array>::New(v8::Array::New(V8ClassIndex::WRAPPER_TYPE_COUNT));
// Bail out if allocation failed.
if (m_wrapperBoilerplates.IsEmpty()) {
disposeContextHandles();
return;
}
#ifndef NDEBUG
V8GCController::registerGlobalHandle(PROXY, this, m_wrapperBoilerplates);
#endif
if (!installDOMWindow(context, m_frame->domWindow()))
disposeContextHandles();
updateDocument();
setSecurityToken();
m_frame->loader()->client()->didCreateScriptContextForFrame();
m_frame->loader()->dispatchWindowObjectAvailable();
}
void V8DOMWindowShell::updateSecurityOrigin()
{
v8::HandleScope scope;
setSecurityToken();
}
// Create a new environment and setup the global object.
//
// The global object corresponds to a DOMWindow instance. However, to
// allow properties of the JS DOMWindow instance to be shadowed, we
// use a shadow object as the global object and use the JS DOMWindow
// instance as the prototype for that shadow object. The JS DOMWindow
// instance is undetectable from javascript code because the __proto__
// accessors skip that object.
//
// The shadow object and the DOMWindow instance are seen as one object
// from javascript. The javascript object that corresponds to a
// DOMWindow instance is the shadow object. When mapping a DOMWindow
// instance to a V8 object, we return the shadow object.
//
// To implement split-window, see
// 1) https://bugs.webkit.org/show_bug.cgi?id=17249
// 2) https://wiki.mozilla.org/Gecko:SplitWindow
// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639
// we need to split the shadow object further into two objects:
// an outer window and an inner window. The inner window is the hidden
// prototype of the outer window. The inner window is the default
// global object of the context. A variable declared in the global
// scope is a property of the inner window.
//
// The outer window sticks to a Frame, it is exposed to JavaScript
// via window.window, window.self, window.parent, etc. The outer window
// has a security token which is the domain. The outer window cannot
// have its own properties. window.foo = 'x' is delegated to the
// inner window.
//
// When a frame navigates to a new page, the inner window is cut off
// the outer window, and the outer window identify is preserved for
// the frame. However, a new inner window is created for the new page.
// If there are JS code holds a closure to the old inner window,
// it won't be able to reach the outer window via its global object.
bool V8DOMWindowShell::initContextIfNeeded()
{
// Bail out if the context has already been initialized.
if (!m_context.IsEmpty())
return false;
// Create a handle scope for all local handles.
v8::HandleScope handleScope;
// Setup the security handlers and message listener. This only has
// to be done once.
static bool isV8Initialized = false;
if (!isV8Initialized) {
// Tells V8 not to call the default OOM handler, binding code
// will handle it.
v8::V8::IgnoreOutOfMemoryException();
v8::V8::SetFatalErrorHandler(reportFatalErrorInV8);
v8::V8::SetGlobalGCPrologueCallback(&V8GCController::gcPrologue);
v8::V8::SetGlobalGCEpilogueCallback(&V8GCController::gcEpilogue);
v8::V8::AddMessageListener(&V8ConsoleMessage::handler);
v8::V8::SetFailedAccessCheckCallbackFunction(reportUnsafeJavaScriptAccess);
isV8Initialized = true;
}
m_context = createNewContext(m_global, 0);
if (m_context.IsEmpty())
return false;
v8::Local<v8::Context> v8Context = v8::Local<v8::Context>::New(m_context);
v8::Context::Scope contextScope(v8Context);
// Store the first global object created so we can reuse it.
if (m_global.IsEmpty()) {
m_global = v8::Persistent<v8::Object>::New(v8Context->Global());
// Bail out if allocation of the first global objects fails.
if (m_global.IsEmpty()) {
disposeContextHandles();
return false;
}
#ifndef NDEBUG
V8GCController::registerGlobalHandle(PROXY, this, m_global);
#endif
}
if (!installHiddenObjectPrototype(v8Context)) {
disposeContextHandles();
return false;
}
if (!installDOMWindow(v8Context, m_frame->domWindow())) {
disposeContextHandles();
return false;
}
updateDocument();
setSecurityToken();
m_frame->loader()->client()->didCreateScriptContextForFrame();
// FIXME: This is wrong. We should actually do this for the proper world once
// we do isolated worlds the WebCore way.
m_frame->loader()->dispatchDidClearWindowObjectInWorld(0);
return true;
}