void V8Proxy::clearForNavigation()
{
disconnectEventListeners();
if (!context().IsEmpty()) {
v8::HandleScope handle;
clearDocumentWrapper();
v8::Context::Scope contextScope(context());
// Clear the document wrapper cache before turning on access checks on
// the old DOMWindow wrapper. This way, access to the document wrapper
// will be protected by the security checks on the DOMWindow wrapper.
clearDocumentWrapperCache();
// Turn on access check on the old DOMWindow wrapper.
v8::Handle<v8::Object> wrapper = V8DOMWrapper::lookupDOMWrapper(V8ClassIndex::DOMWINDOW, m_global);
ASSERT(!wrapper.IsEmpty());
wrapper->TurnOnAccessCheck();
// Separate the context from its global object.
context()->DetachGlobal();
disposeContextHandles();
}
}
void V8Proxy::clearForClose()
{
if (!context().IsEmpty()) {
v8::HandleScope handleScope;
clearDocumentWrapper();
disposeContextHandles();
}
}
void V8DOMWindowShell::clearForClose()
{
if (!m_context.IsEmpty()) {
v8::HandleScope handleScope;
clearDocumentWrapper();
disposeContextHandles();
}
}
void V8DOMWindowShell::clearForNavigation()
{
if (!m_context.IsEmpty()) {
v8::HandleScope handle;
clearDocumentWrapper();
v8::Context::Scope contextScope(m_context);
// Clear the document wrapper cache before turning on access checks on
// the old DOMWindow wrapper. This way, access to the document wrapper
// will be protected by the security checks on the DOMWindow wrapper.
clearDocumentWrapperCache();
// Turn on access check on the old DOMWindow wrapper.
v8::Handle<v8::Object> wrapper = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), m_global);
ASSERT(!wrapper.IsEmpty());
wrapper->TurnOnAccessCheck();
// Separate the context from its global object.
m_context->DetachGlobal();
disposeContextHandles();
}
}
// Create a new environment and setup the global object.
//
// The global object corresponds to a DOMWindow instance. However, to
// allow properties of the JS DOMWindow instance to be shadowed, we
// use a shadow object as the global object and use the JS DOMWindow
// instance as the prototype for that shadow object. The JS DOMWindow
// instance is undetectable from javascript code because the __proto__
// accessors skip that object.
//
// The shadow object and the DOMWindow instance are seen as one object
// from javascript. The javascript object that corresponds to a
// DOMWindow instance is the shadow object. When mapping a DOMWindow
// instance to a V8 object, we return the shadow object.
//
// To implement split-window, see
// 1) https://bugs.webkit.org/show_bug.cgi?id=17249
// 2) https://wiki.mozilla.org/Gecko:SplitWindow
// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639
// we need to split the shadow object further into two objects:
// an outer window and an inner window. The inner window is the hidden
// prototype of the outer window. The inner window is the default
// global object of the context. A variable declared in the global
// scope is a property of the inner window.
//
// The outer window sticks to a Frame, it is exposed to JavaScript
// via window.window, window.self, window.parent, etc. The outer window
// has a security token which is the domain. The outer window cannot
// have its own properties. window.foo = 'x' is delegated to the
// inner window.
//
// When a frame navigates to a new page, the inner window is cut off
// the outer window, and the outer window identify is preserved for
// the frame. However, a new inner window is created for the new page.
// If there are JS code holds a closure to the old inner window,
// it won't be able to reach the outer window via its global object.
void V8Proxy::initContextIfNeeded()
{
// Bail out if the context has already been initialized.
if (!context().IsEmpty())
return;
// Create a handle scope for all local handles.
v8::HandleScope handleScope;
// Setup the security handlers and message listener. This only has
// to be done once.
static bool isV8Initialized = false;
if (!isV8Initialized) {
// Tells V8 not to call the default OOM handler, binding code
// will handle it.
v8::V8::IgnoreOutOfMemoryException();
v8::V8::SetFatalErrorHandler(reportFatalErrorInV8);
v8::V8::SetGlobalGCPrologueCallback(&V8GCController::gcPrologue);
v8::V8::SetGlobalGCEpilogueCallback(&V8GCController::gcEpilogue);
v8::V8::AddMessageListener(&V8ConsoleMessage::handler);
v8::V8::SetFailedAccessCheckCallbackFunction(reportUnsafeJavaScriptAccess);
isV8Initialized = true;
}
v8::Persistent<v8::Context> context = createNewContext(m_global, 0);
if (context.IsEmpty())
return;
m_context->set(context);
v8::Context::Scope contextScope(context);
// Store the first global object created so we can reuse it.
if (m_global.IsEmpty()) {
m_global = v8::Persistent<v8::Object>::New(context->Global());
// Bail out if allocation of the first global objects fails.
if (m_global.IsEmpty()) {
disposeContextHandles();
return;
}
#ifndef NDEBUG
V8GCController::registerGlobalHandle(PROXY, this, m_global);
#endif
}
installHiddenObjectPrototype(context);
m_wrapperBoilerplates = v8::Persistent<v8::Array>::New(v8::Array::New(V8ClassIndex::WRAPPER_TYPE_COUNT));
// Bail out if allocation failed.
if (m_wrapperBoilerplates.IsEmpty()) {
disposeContextHandles();
return;
}
#ifndef NDEBUG
V8GCController::registerGlobalHandle(PROXY, this, m_wrapperBoilerplates);
#endif
if (!installDOMWindow(context, m_frame->domWindow()))
disposeContextHandles();
updateDocument();
setSecurityToken();
m_frame->loader()->client()->didCreateScriptContextForFrame();
m_frame->loader()->dispatchWindowObjectAvailable();
}
// Create a new environment and setup the global object.
//
// The global object corresponds to a DOMWindow instance. However, to
// allow properties of the JS DOMWindow instance to be shadowed, we
// use a shadow object as the global object and use the JS DOMWindow
// instance as the prototype for that shadow object. The JS DOMWindow
// instance is undetectable from javascript code because the __proto__
// accessors skip that object.
//
// The shadow object and the DOMWindow instance are seen as one object
// from javascript. The javascript object that corresponds to a
// DOMWindow instance is the shadow object. When mapping a DOMWindow
// instance to a V8 object, we return the shadow object.
//
// To implement split-window, see
// 1) https://bugs.webkit.org/show_bug.cgi?id=17249
// 2) https://wiki.mozilla.org/Gecko:SplitWindow
// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639
// we need to split the shadow object further into two objects:
// an outer window and an inner window. The inner window is the hidden
// prototype of the outer window. The inner window is the default
// global object of the context. A variable declared in the global
// scope is a property of the inner window.
//
// The outer window sticks to a Frame, it is exposed to JavaScript
// via window.window, window.self, window.parent, etc. The outer window
// has a security token which is the domain. The outer window cannot
// have its own properties. window.foo = 'x' is delegated to the
// inner window.
//
// When a frame navigates to a new page, the inner window is cut off
// the outer window, and the outer window identify is preserved for
// the frame. However, a new inner window is created for the new page.
// If there are JS code holds a closure to the old inner window,
// it won't be able to reach the outer window via its global object.
bool V8DOMWindowShell::initContextIfNeeded()
{
// Bail out if the context has already been initialized.
if (!m_context.IsEmpty())
return false;
// Create a handle scope for all local handles.
v8::HandleScope handleScope;
// Setup the security handlers and message listener. This only has
// to be done once.
static bool isV8Initialized = false;
if (!isV8Initialized) {
// Tells V8 not to call the default OOM handler, binding code
// will handle it.
v8::V8::IgnoreOutOfMemoryException();
v8::V8::SetFatalErrorHandler(reportFatalErrorInV8);
v8::V8::SetGlobalGCPrologueCallback(&V8GCController::gcPrologue);
v8::V8::SetGlobalGCEpilogueCallback(&V8GCController::gcEpilogue);
v8::V8::AddMessageListener(&V8ConsoleMessage::handler);
v8::V8::SetFailedAccessCheckCallbackFunction(reportUnsafeJavaScriptAccess);
isV8Initialized = true;
}
m_context = createNewContext(m_global, 0);
if (m_context.IsEmpty())
return false;
v8::Local<v8::Context> v8Context = v8::Local<v8::Context>::New(m_context);
v8::Context::Scope contextScope(v8Context);
// Store the first global object created so we can reuse it.
if (m_global.IsEmpty()) {
m_global = v8::Persistent<v8::Object>::New(v8Context->Global());
// Bail out if allocation of the first global objects fails.
if (m_global.IsEmpty()) {
disposeContextHandles();
return false;
}
#ifndef NDEBUG
V8GCController::registerGlobalHandle(PROXY, this, m_global);
#endif
}
if (!installHiddenObjectPrototype(v8Context)) {
disposeContextHandles();
return false;
}
if (!installDOMWindow(v8Context, m_frame->domWindow())) {
disposeContextHandles();
return false;
}
updateDocument();
setSecurityToken();
m_frame->loader()->client()->didCreateScriptContextForFrame();
// FIXME: This is wrong. We should actually do this for the proper world once
// we do isolated worlds the WebCore way.
m_frame->loader()->dispatchDidClearWindowObjectInWorld(0);
return true;
}
