Google Git
Sign in
android / platform / external / webkit / 14be0af3dbf46bfc174c0081053eccccef89edc7 / . / V8Binding / binding / v8_proxy.cpp
blob: 37e3dbb7faded21038b3f668c33fbcee6af7cba5 [file] [log] [blame]
// Copyright (c) 2008, Google Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following disclaimer
// in the documentation and/or other materials provided with the
// distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "config.h"
#include <algorithm>
#include <utility>
#include <v8.h>
#ifdef ENABLE_DEBUGGER_SUPPORT
#include <v8-debug.h>
#endif
#include "v8_proxy.h"
#include "v8_index.h"
#include "v8_binding.h"
#include "V8CustomBinding.h"
#include "V8Collection.h"
#include "V8DOMWindow.h"
#if PLATFORM(CHROMIUM)
#include "ChromiumBridge.h"
#endif
#include "CSSMutableStyleDeclaration.h"
#include "DOMObjectsInclude.h"
#include "DocumentLoader.h"
#include "ScriptController.h"
#include "V8DOMMap.h"
#include "CString.h"
#ifdef ANDROID_INSTRUMENT
#include "TimeCounter.h"
#endif
namespace WebCore {
// Static utility context.
v8::Persistent<v8::Context> V8Proxy::m_utilityContext;
// Static list of registered extensions
V8ExtensionList V8Proxy::m_extensions;
#ifndef NDEBUG
// Keeps track of global handles created (not JS wrappers
// of DOM objects). Often these global handles are source
// of leaks.
//
// If you want to let a C++ object hold a persistent handle
// to a JS object, you should register the handle here to
// keep track of leaks.
//
// When creating a persistent handle, call:
//
// #ifndef NDEBUG
// V8Proxy::RegisterGlobalHandle(type, host, handle);
// #endif
//
// When releasing the handle, call:
//
// #ifndef NDEBUG
// V8Proxy::UnregisterGlobalHandle(type, host, handle);
// #endif
//
typedef HashMap<v8::Value*, GlobalHandleInfo*> GlobalHandleMap;
static GlobalHandleMap& global_handle_map()
{
static GlobalHandleMap static_global_handle_map;
return static_global_handle_map;
}
// The USE_VAR(x) template is used to silence C++ compiler warnings
// issued for unused variables (typically parameters or values that
// we want to watch in the debugger).
template <typename T>
static inline void USE_VAR(T) { }
// The function is the place to set the break point to inspect
// live global handles. Leaks are often come from leaked global handles.
static void EnumerateGlobalHandles()
{
for (GlobalHandleMap::iterator it = global_handle_map().begin(),
end = global_handle_map().end(); it != end; ++it) {
GlobalHandleInfo* info = it->second;
USE_VAR(info);
v8::Value* handle = it->first;
USE_VAR(handle);
}
}
void V8Proxy::RegisterGlobalHandle(GlobalHandleType type, void* host,
v8::Persistent<v8::Value> handle)
{
ASSERT(!global_handle_map().contains(*handle));
global_handle_map().set(*handle, new GlobalHandleInfo(host, type));
}
void V8Proxy::UnregisterGlobalHandle(void* host, v8::Persistent<v8::Value> handle)
{
ASSERT(global_handle_map().contains(*handle));
GlobalHandleInfo* info = global_handle_map().take(*handle);
ASSERT(info->host_ == host);
delete info;
}
#endif // ifndef NDEBUG
void BatchConfigureAttributes(v8::Handle<v8::ObjectTemplate> inst,
v8::Handle<v8::ObjectTemplate> proto,
const BatchedAttribute* attrs,
size_t num_attrs)
{
for (size_t i = 0; i < num_attrs; ++i) {
const BatchedAttribute* a = &attrs[i];
(a->on_proto ? proto : inst)->SetAccessor(
v8::String::New(a->name),
a->getter,
a->setter,
a->data == V8ClassIndex::INVALID_CLASS_INDEX
? v8::Handle<v8::Value>()
: v8::Integer::New(V8ClassIndex::ToInt(a->data)),
a->settings,
a->attribute);
}
}
void BatchConfigureConstants(v8::Handle<v8::FunctionTemplate> desc,
v8::Handle<v8::ObjectTemplate> proto,
const BatchedConstant* consts,
size_t num_consts)
{
for (size_t i = 0; i < num_consts; ++i) {
const BatchedConstant* c = &consts[i];
desc->Set(v8::String::New(c->name),
v8::Integer::New(c->value),
v8::ReadOnly);
proto->Set(v8::String::New(c->name),
v8::Integer::New(c->value),
v8::ReadOnly);
}
}
typedef HashMap<Node*, v8::Object*> DOMNodeMap;
typedef HashMap<void*, v8::Object*> DOMObjectMap;
#ifndef NDEBUG
static void EnumerateDOMObjectMap(DOMObjectMap& wrapper_map)
{
for (DOMObjectMap::iterator it = wrapper_map.begin(), end = wrapper_map.end();
it != end; ++it) {
v8::Persistent<v8::Object> wrapper(it->second);
V8ClassIndex::V8WrapperType type = V8Proxy::GetDOMWrapperType(wrapper);
void* obj = it->first;
USE_VAR(type);
USE_VAR(obj);
}
}
static void EnumerateDOMNodeMap(DOMNodeMap& node_map)
{
for (DOMNodeMap::iterator it = node_map.begin(), end = node_map.end();
it != end; ++it) {
Node* node = it->first;
USE_VAR(node);
ASSERT(v8::Persistent<v8::Object>(it->second).IsWeak());
}
}
#endif // NDEBUG
#if ENABLE(SVG)
v8::Handle<v8::Value> V8Proxy::SVGElementInstanceToV8Object(
SVGElementInstance* instance)
{
if (!instance)
return v8::Null();
v8::Handle<v8::Object> existing_instance = getDOMSVGElementInstanceMap().get(instance);
if (!existing_instance.IsEmpty())
return existing_instance;
instance->ref();
// Instantiate the V8 object and remember it
v8::Handle<v8::Object> result =
InstantiateV8Object(V8ClassIndex::SVGELEMENTINSTANCE,
V8ClassIndex::SVGELEMENTINSTANCE,
instance);
if (!result.IsEmpty()) {
// Only update the DOM SVG element map if the result is non-empty.
getDOMSVGElementInstanceMap().set(instance,
v8::Persistent<v8::Object>::New(result));
}
return result;
}
// Map of SVG objects with contexts to their contexts
static HashMap<void*, SVGElement*>& svg_object_to_context_map()
{
static HashMap<void*, SVGElement*> static_svg_object_to_context_map;
return static_svg_object_to_context_map;
}
v8::Handle<v8::Value> V8Proxy::SVGObjectWithContextToV8Object(
V8ClassIndex::V8WrapperType type, void* object)
{
if (!object)
return v8::Null();
v8::Persistent<v8::Object> result =
getDOMSVGObjectWithContextMap().get(object);
if (!result.IsEmpty()) return result;
// Special case: SVGPathSegs need to be downcast to their real type
if (type == V8ClassIndex::SVGPATHSEG)
type = V8Custom::DowncastSVGPathSeg(object);
v8::Local<v8::Object> v8obj = InstantiateV8Object(type, type, object);
if (!v8obj.IsEmpty()) {
result = v8::Persistent<v8::Object>::New(v8obj);
switch (type) {
#define MAKE_CASE(TYPE, NAME) \
case V8ClassIndex::TYPE: static_cast<NAME*>(object)->ref(); break;
SVG_OBJECT_TYPES(MAKE_CASE)
#undef MAKE_CASE
#define MAKE_CASE(TYPE, NAME) \
case V8ClassIndex::TYPE: \
static_cast<V8SVGPODTypeWrapper<NAME>*>(object)->ref(); break;
SVG_POD_NATIVE_TYPES(MAKE_CASE)
#undef MAKE_CASE
default:
ASSERT(false);
}
getDOMSVGObjectWithContextMap().set(object, result);
}
return result;
}
void V8Proxy::SetSVGContext(void* obj, SVGElement* context)
{
if (obj == NULL)
return;
SVGElement* old_context = svg_object_to_context_map().get(obj);
if (old_context == context)
return;
if (old_context)
old_context->deref();
if (context)
context->ref();
svg_object_to_context_map().set(obj, context);
}
SVGElement* V8Proxy::GetSVGContext(void* obj)
{
return svg_object_to_context_map().get(obj);
}
#endif
// A map from a DOM node to its JS wrapper, the wrapper
// is kept as a strong reference to survive GCs.
static DOMObjectMap& gc_protected_map() {
static DOMObjectMap static_gc_protected_map;
return static_gc_protected_map;
}
// static
void V8Proxy::GCProtect(void* dom_object)
{
if (!dom_object)
return;
if (gc_protected_map().contains(dom_object))
return;
if (!getDOMObjectMap().contains(dom_object))
return;
// Create a new (strong) persistent handle for the object.
v8::Persistent<v8::Object> wrapper = getDOMObjectMap().get(dom_object);
if (wrapper.IsEmpty()) return;
gc_protected_map().set(dom_object, *v8::Persistent<v8::Object>::New(wrapper));
}
// static
void V8Proxy::GCUnprotect(void* dom_object)
{
if (!dom_object)
return;
if (!gc_protected_map().contains(dom_object))
return;
// Dispose the strong reference.
v8::Persistent<v8::Object> wrapper(gc_protected_map().take(dom_object));
wrapper.Dispose();
}
typedef std::pair<uintptr_t, Node*> GrouperPair;
typedef Vector<GrouperPair> GrouperList;
#if PLATFORM(ANDROID)
// Sort GrouperPair by the group id. Node* is only involved to sort within
// a group id, so it will be fine.
// TODO(andreip): used by std::stable_sort function. We can implement
// the std::sort function and remove this one.
static bool ComparePair(const GrouperPair& p1, const GrouperPair& p2) {
return p1.first < p2.first;
}
#endif
// Create object groups for DOM tree nodes.
static void GCPrologue()
{
v8::HandleScope scope;
#ifndef NDEBUG
EnumerateDOMObjectMap(getDOMObjectMap().impl());
#endif
// Run through all objects with possible pending activity making their
// wrappers non weak if there is pending activity.
DOMObjectMap active_map = getActiveDOMObjectMap().impl();
for (DOMObjectMap::iterator it = active_map.begin(), end = active_map.end();
it != end; ++it) {
void* obj = it->first;
v8::Persistent<v8::Object> wrapper = v8::Persistent<v8::Object>(it->second);
ASSERT(wrapper.IsWeak());
V8ClassIndex::V8WrapperType type = V8Proxy::GetDOMWrapperType(wrapper);
switch (type) {
#define MAKE_CASE(TYPE, NAME) \
case V8ClassIndex::TYPE: { \
NAME* impl = static_cast<NAME*>(obj); \
if (impl->hasPendingActivity()) \
wrapper.ClearWeak(); \
break; \
}
ACTIVE_DOM_OBJECT_TYPES(MAKE_CASE)
default:
ASSERT(false);
#undef MAKE_CASE
}
// Additional handling of message port ensuring that entangled ports also
// have their wrappers entangled. This should ideally be handled when the
// ports are actually entangled in MessagePort::entangle, but to avoid
// forking MessagePort.* this is postponed to GC time. Having this postponed
// has the drawback that the wrappers are "entangled/unentangled" for each
// GC even though their entnaglement most likely is still the same.
if (type == V8ClassIndex::MESSAGEPORT) {
// Get the port and its entangled port.
MessagePort* port1 = static_cast<MessagePort*>(obj);
MessagePortProxy* port2 = port1->entangledPort();
if (port2 != NULL) {
// As ports are always entangled in pairs only perform the entanglement
// once for each pair (see ASSERT in MessagePort::unentangle()).
if (port1 < port2) {
v8::Handle<v8::Value> port1_wrapper =
V8Proxy::ToV8Object(V8ClassIndex::MESSAGEPORT, port1);
v8::Handle<v8::Value> port2_wrapper =
V8Proxy::ToV8Object(V8ClassIndex::MESSAGEPORT, port2);
ASSERT(port1_wrapper->IsObject());
v8::Handle<v8::Object>::Cast(port1_wrapper)->SetInternalField(
V8Custom::kMessagePortEntangledPortIndex, port2_wrapper);
ASSERT(port2_wrapper->IsObject());
v8::Handle<v8::Object>::Cast(port2_wrapper)->SetInternalField(
V8Custom::kMessagePortEntangledPortIndex, port1_wrapper);
}
} else {
// Remove the wrapper entanglement when a port is not entangled.
if (V8Proxy::DOMObjectHasJSWrapper(port1)) {
v8::Handle<v8::Value> wrapper =
V8Proxy::ToV8Object(V8ClassIndex::MESSAGEPORT, port1);
ASSERT(wrapper->IsObject());
v8::Handle<v8::Object>::Cast(wrapper)->SetInternalField(
V8Custom::kMessagePortEntangledPortIndex, v8::Undefined());
}
}
}
}
// Create object groups.
DOMNodeMap node_map = getDOMNodeMap().impl();
GrouperList grouper;
grouper.reserveCapacity(node_map.size());
for (DOMNodeMap::iterator it = node_map.begin(), end = node_map.end();
it != end; ++it) {
Node* node = it->first;
// If the node is in document, put it in the ownerDocument's object group.
//
// If an image element was created by JavaScript "new Image",
// it is not in a document. However, if the load event has not
// been fired (still onloading), it is treated as in the document.
//
// Otherwise, the node is put in an object group identified by the root
// elment of the tree to which it belongs.
uintptr_t group_id;
if (node->inDocument() ||
(node->hasTagName(HTMLNames::imgTag) &&
!static_cast<HTMLImageElement*>(node)->haveFiredLoadEvent())) {
group_id = reinterpret_cast<uintptr_t>(node->document());
} else {
Node* root = node;
while (root->parent())
root = root->parent();
// If the node is alone in its DOM tree (doesn't have a parent or any
// children) then the group will be filtered out later anyway.
if (root == node && !node->hasChildNodes())
continue;
group_id = reinterpret_cast<uintptr_t>(root);
}
grouper.append(GrouperPair(group_id, node));
}
#if PLATFORM(ANDROID)
// TODO(andreip): implement std::sort() and get rid of this.
std::stable_sort<GrouperPair>(grouper.begin(), grouper.end(), ComparePair);
#else
// Group by sorting by the group id. This will use the std::pair operator<,
// which will really sort by both the group id and the Node*. However the
// Node* is only involved to sort within a group id, so it will be fine.
std::sort(grouper.begin(), grouper.end());
#endif
// TODO(deanm): Should probably work in iterators here, but indexes were
// easier for my simple mind.
for (size_t i = 0; i < grouper.size(); ) {
// Seek to the next key (or the end of the list).
size_t next_key_index = grouper.size();
for (size_t j = i; j < grouper.size(); ++j) {
if (grouper[i].first != grouper[j].first) {
next_key_index = j;
break;
}
}
ASSERT(next_key_index > i);
// We only care about a group if it has more than one object. If it only
// has one object, it has nothing else that needs to be kept alive.
if (next_key_index - i <= 1) {
i = next_key_index;
continue;
}
Vector<v8::Persistent<v8::Value> > group;
group.reserveCapacity(next_key_index - i);
for (; i < next_key_index; ++i) {
Node* node = grouper[i].second;
v8::Persistent<v8::Value> wrapper =
getDOMNodeMap().get(node);
if (!wrapper.IsEmpty())
group.append(wrapper);
// If the node is styled and there is a wrapper for the inline
// style declaration, we need to keep that style declaration
// wrapper alive as well, so we add it to the object group.
if (node->isStyledElement()) {
StyledElement* element = reinterpret_cast<StyledElement*>(node);
CSSStyleDeclaration* style = element->inlineStyleDecl();
if (style != NULL) {
wrapper = getDOMObjectMap().get(style);
if (!wrapper.IsEmpty())
group.append(wrapper);
}
}
}
if (group.size() > 1)
v8::V8::AddObjectGroup(&group[0], group.size());
ASSERT(i == next_key_index);
}
}
static void GCEpilogue()
{
v8::HandleScope scope;
// Run through all objects with pending activity making their wrappers weak
// again.
DOMObjectMap active_map = getActiveDOMObjectMap().impl();
for (DOMObjectMap::iterator it = active_map.begin(), end = active_map.end();
it != end; ++it) {
void* obj = it->first;
v8::Persistent<v8::Object> wrapper = v8::Persistent<v8::Object>(it->second);
V8ClassIndex::V8WrapperType type = V8Proxy::GetDOMWrapperType(wrapper);
switch (type) {
#define MAKE_CASE(TYPE, NAME) \
case V8ClassIndex::TYPE: { \
NAME* impl = static_cast<NAME*>(obj); \
if (impl->hasPendingActivity()) { \
ASSERT(!wrapper.IsWeak()); \
wrapper.MakeWeak(impl, &weakActiveDOMObjectCallback); \
} \
break; \
}
ACTIVE_DOM_OBJECT_TYPES(MAKE_CASE)
default:
ASSERT(false);
#undef MAKE_CASE
}
}
#ifndef NDEBUG
// Check all survivals are weak.
EnumerateDOMObjectMap(getDOMObjectMap().impl());
EnumerateDOMNodeMap(getDOMNodeMap().impl());
EnumerateDOMObjectMap(gc_protected_map());
EnumerateGlobalHandles();
#undef USE_VAR
#endif
}
typedef HashMap<int, v8::FunctionTemplate*> FunctionTemplateMap;
bool AllowAllocation::m_current = false;
// JavaScriptConsoleMessages encapsulate everything needed to
// log messages originating from JavaScript to the Chrome console.
class JavaScriptConsoleMessage {
public:
JavaScriptConsoleMessage(const String& str,
const String& sourceID,
unsigned lineNumber)
: m_string(str)
, m_sourceID(sourceID)
, m_lineNumber(lineNumber) { }
void AddToPage(Page* page) const;
private:
const String m_string;
const String m_sourceID;
const unsigned m_lineNumber;
};
void JavaScriptConsoleMessage::AddToPage(Page* page) const
{
ASSERT(page);
Console* console = page->mainFrame()->domWindow()->console();
console->addMessage(JSMessageSource, ErrorMessageLevel, m_string, m_lineNumber, m_sourceID);
}
// The ConsoleMessageManager handles all console messages that stem
// from JavaScript. It keeps a list of messages that have been delayed but
// it makes sure to add all messages to the console in the right order.
class ConsoleMessageManager {
public:
// Add a message to the console. May end up calling JavaScript code
// indirectly through the inspector so only call this function when
// it is safe to do allocations.
static void AddMessage(Page* page, const JavaScriptConsoleMessage& message);
// Add a message to the console but delay the reporting until it
// is safe to do so: Either when we leave JavaScript execution or
// when adding other console messages. The primary purpose of this
// method is to avoid calling into V8 to handle console messages
// when the VM is in a state that does not support GCs or allocations.
// Delayed messages are always reported in the page corresponding
// to the active context.
static void AddDelayedMessage(const JavaScriptConsoleMessage& message);
// Process any delayed messages. May end up calling JavaScript code
// indirectly through the inspector so only call this function when
// it is safe to do allocations.
static void ProcessDelayedMessages();
private:
// All delayed messages are stored in this vector. If the vector
// is NULL, there are no delayed messages.
static Vector<JavaScriptConsoleMessage>* m_delayed;
};
Vector<JavaScriptConsoleMessage>* ConsoleMessageManager::m_delayed = NULL;
void ConsoleMessageManager::AddMessage(
Page* page,
const JavaScriptConsoleMessage& message)
{
// Process any delayed messages to make sure that messages
// appear in the right order in the console.
ProcessDelayedMessages();
message.AddToPage(page);
}
void ConsoleMessageManager::AddDelayedMessage(const JavaScriptConsoleMessage& message)
{
if (!m_delayed)
// Allocate a vector for the delayed messages. Will be
// deallocated when the delayed messages are processed
// in ProcessDelayedMessages().
m_delayed = new Vector<JavaScriptConsoleMessage>();
m_delayed->append(message);
}
void ConsoleMessageManager::ProcessDelayedMessages()
{
// If we have a delayed vector it cannot be empty.
if (!m_delayed)
return;
ASSERT(!m_delayed->isEmpty());
// Add the delayed messages to the page of the active
// context. If that for some bizarre reason does not
// exist, we clear the list of delayed messages to avoid
// posting messages. We still deallocate the vector.
Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
Page* page = NULL;
if (frame)
page = frame->page();
if (!page)
m_delayed->clear();
// Iterate through all the delayed messages and add them
// to the console.
const int size = m_delayed->size();
for (int i = 0; i < size; i++) {
m_delayed->at(i).AddToPage(page);
}
// Deallocate the delayed vector.
delete m_delayed;
m_delayed = NULL;
}
// Convenience class for ensuring that delayed messages in the
// ConsoleMessageManager are processed quickly.
class ConsoleMessageScope {
public:
ConsoleMessageScope() { ConsoleMessageManager::ProcessDelayedMessages(); }
~ConsoleMessageScope() { ConsoleMessageManager::ProcessDelayedMessages(); }
};
void log_info(Frame* frame, const String& msg, const String& url)
{
Page* page = frame->page();
if (!page)
return;
JavaScriptConsoleMessage message(msg, url, 0);
ConsoleMessageManager::AddMessage(page, message);
}
static void HandleConsoleMessage(v8::Handle<v8::Message> message,
v8::Handle<v8::Value> data)
{
// Use the frame where JavaScript is called from.
Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
if (!frame)
return;
Page* page = frame->page();
if (!page)
return;
v8::Handle<v8::String> errorMessageString = message->Get();
ASSERT(!errorMessageString.IsEmpty());
String errorMessage = ToWebCoreString(errorMessageString);
v8::Handle<v8::Value> resourceName = message->GetScriptResourceName();
bool useURL = (resourceName.IsEmpty() || !resourceName->IsString());
String resourceNameString = (useURL)
? frame->document()->url()
: ToWebCoreString(resourceName);
JavaScriptConsoleMessage consoleMessage(errorMessage,
resourceNameString,
message->GetLineNumber());
ConsoleMessageManager::AddMessage(page, consoleMessage);
}
enum DelayReporting {
REPORT_LATER,
REPORT_NOW
};
static void ReportUnsafeAccessTo(Frame* target, DelayReporting delay)
{
ASSERT(target);
Document* targetDocument = target->document();
if (!targetDocument)
return;
Frame* source = V8Proxy::retrieveFrameForEnteredContext();
if (!source || !source->document())
return; // Ignore error if the source document is gone.
Document* sourceDocument = source->document();
// FIXME: This error message should contain more specifics of why the same
// origin check has failed.
String str = String::format("Unsafe JavaScript attempt to access frame "
"with URL %s from frame with URL %s. "
"Domains, protocols and ports must match.\n",
targetDocument->url().string().utf8().data(),
sourceDocument->url().string().utf8().data());
// Build a console message with fake source ID and line number.
const String kSourceID = "";
const int kLineNumber = 1;
JavaScriptConsoleMessage message(str, kSourceID, kLineNumber);
if (delay == REPORT_NOW) {
// NOTE(tc): Apple prints the message in the target page, but it seems like
// it should be in the source page. Even for delayed messages, we put it in
// the source page; see ConsoleMessageManager::ProcessDelayedMessages().
ConsoleMessageManager::AddMessage(source->page(), message);
} else {
ASSERT(delay == REPORT_LATER);
// We cannot safely report the message eagerly, because this may cause
// allocations and GCs internally in V8 and we cannot handle that at this
// point. Therefore we delay the reporting.
ConsoleMessageManager::AddDelayedMessage(message);
}
}
static void ReportUnsafeJavaScriptAccess(v8::Local<v8::Object> host,
v8::AccessType type,
v8::Local<v8::Value> data)
{
Frame* target = V8Custom::GetTargetFrame(host, data);
if (target)
ReportUnsafeAccessTo(target, REPORT_LATER);
}
static void HandleFatalErrorInV8()
{
// TODO: We temporarily deal with V8 internal error situations
// such as out-of-memory by crashing the renderer.
CRASH();
}
static void ReportFatalErrorInV8(const char* location, const char* message)
{
// V8 is shutdown, we cannot use V8 api.
// The only thing we can do is to disable JavaScript.
// TODO: clean up V8Proxy and disable JavaScript.
printf("V8 error: %s (%s)\n", message, location);
HandleFatalErrorInV8();
}
V8Proxy::~V8Proxy()
{
clearForClose();
DestroyGlobal();
}
void V8Proxy::DestroyGlobal()
{
if (!m_global.IsEmpty()) {
#ifndef NDEBUG
UnregisterGlobalHandle(this, m_global);
#endif
m_global.Dispose();
m_global.Clear();
}
}
bool V8Proxy::DOMObjectHasJSWrapper(void* obj) {
return getDOMObjectMap().contains(obj) ||
getActiveDOMObjectMap().contains(obj);
}
// The caller must have increased obj's ref count.
void V8Proxy::SetJSWrapperForDOMObject(void* obj, v8::Persistent<v8::Object> wrapper)
{
ASSERT(MaybeDOMWrapper(wrapper));
#ifndef NDEBUG
V8ClassIndex::V8WrapperType type = V8Proxy::GetDOMWrapperType(wrapper);
switch (type) {
#define MAKE_CASE(TYPE, NAME) case V8ClassIndex::TYPE:
ACTIVE_DOM_OBJECT_TYPES(MAKE_CASE)
ASSERT(false);
#undef MAKE_CASE
default: break;
}
#endif
getDOMObjectMap().set(obj, wrapper);
}
// The caller must have increased obj's ref count.
void V8Proxy::SetJSWrapperForActiveDOMObject(void* obj, v8::Persistent<v8::Object> wrapper)
{
ASSERT(MaybeDOMWrapper(wrapper));
#ifndef NDEBUG
V8ClassIndex::V8WrapperType type = V8Proxy::GetDOMWrapperType(wrapper);
switch (type) {
#define MAKE_CASE(TYPE, NAME) case V8ClassIndex::TYPE: break;
ACTIVE_DOM_OBJECT_TYPES(MAKE_CASE)
default: ASSERT(false);
#undef MAKE_CASE
}
#endif
getActiveDOMObjectMap().set(obj, wrapper);
}
// The caller must have increased node's ref count.
void V8Proxy::SetJSWrapperForDOMNode(Node* node, v8::Persistent<v8::Object> wrapper)
{
ASSERT(MaybeDOMWrapper(wrapper));
getDOMNodeMap().set(node, wrapper);
}
// Event listeners
static V8EventListener* FindEventListenerInList(V8EventListenerList& list,
v8::Local<v8::Value> listener,
bool isInline)
{
ASSERT(v8::Context::InContext());
if (!listener->IsObject())
return 0;
return list.find(listener->ToObject(), isInline);
}
// Find an existing wrapper for a JS event listener in the map.
PassRefPtr<V8EventListener> V8Proxy::FindV8EventListener(v8::Local<v8::Value> listener,
bool isInline)
{
return FindEventListenerInList(m_event_listeners, listener, isInline);
}
PassRefPtr<V8EventListener> V8Proxy::FindOrCreateV8EventListener(v8::Local<v8::Value> obj, bool isInline)
{
ASSERT(v8::Context::InContext());
if (!obj->IsObject())
return 0;
V8EventListener* wrapper =
FindEventListenerInList(m_event_listeners, obj, isInline);
if (wrapper)
return wrapper;
// Create a new one, and add to cache.
RefPtr<V8EventListener> new_listener =
V8EventListener::create(m_frame, v8::Local<v8::Object>::Cast(obj), isInline);
m_event_listeners.add(new_listener.get());
return new_listener;
}
// Object event listeners (such as XmlHttpRequest and MessagePort) are
// different from listeners on DOM nodes. An object event listener wrapper
// only holds a weak reference to the JS function. A strong reference can
// create a cycle.
//
// The lifetime of these objects is bounded by the life time of its JS
// wrapper. So we can create a hidden reference from the JS wrapper to
// to its JS function.
//
// (map)
// XHR <---------- JS_wrapper
// | (hidden) : ^
// V V : (may reachable by closure)
// V8_listener --------> JS_function
// (weak) <-- may create a cycle if it is strong
//
// The persistent reference is made weak in the constructor
// of V8ObjectEventListener.
PassRefPtr<V8EventListener> V8Proxy::FindObjectEventListener(
v8::Local<v8::Value> listener, bool isInline)
{
return FindEventListenerInList(m_xhr_listeners, listener, isInline);
}
PassRefPtr<V8EventListener> V8Proxy::FindOrCreateObjectEventListener(
v8::Local<v8::Value> obj, bool isInline)
{
ASSERT(v8::Context::InContext());
if (!obj->IsObject())
return 0;
V8EventListener* wrapper =
FindEventListenerInList(m_xhr_listeners, obj, isInline);
if (wrapper)
return wrapper;
// Create a new one, and add to cache.
RefPtr<V8EventListener> new_listener =
V8ObjectEventListener::create(m_frame, v8::Local<v8::Object>::Cast(obj), isInline);
m_xhr_listeners.add(new_listener.get());
return new_listener.release();
}
static void RemoveEventListenerFromList(V8EventListenerList& list,
V8EventListener* listener)
{
list.remove(listener);
}
void V8Proxy::RemoveV8EventListener(V8EventListener* listener)
{
RemoveEventListenerFromList(m_event_listeners, listener);
}
void V8Proxy::RemoveObjectEventListener(V8ObjectEventListener* listener)
{
RemoveEventListenerFromList(m_xhr_listeners, listener);
}
static void DisconnectEventListenersInList(V8EventListenerList& list)
{
V8EventListenerList::iterator p = list.begin();
while (p != list.end()) {
(*p)->disconnectFrame();
++p;
}
list.clear();
}
void V8Proxy::DisconnectEventListeners()
{
DisconnectEventListenersInList(m_event_listeners);
DisconnectEventListenersInList(m_xhr_listeners);
}
v8::Handle<v8::Script> V8Proxy::CompileScript(v8::Handle<v8::String> code,
const String& fileName,
int baseLine)
#ifdef ANDROID_INSTRUMENT
{
android::TimeCounter::start(android::TimeCounter::JavaScriptParseTimeCounter);
v8::Handle<v8::Script> script = CompileScriptInternal(code, fileName, baseLine);
android::TimeCounter::record(android::TimeCounter::JavaScriptParseTimeCounter, __FUNCTION__);
return script;
}
v8::Handle<v8::Script> V8Proxy::CompileScriptInternal(v8::Handle<v8::String> code,
const String& fileName,
int baseLine)
#endif
{
const uint16_t* fileNameString = FromWebCoreString(fileName);
v8::Handle<v8::String> name =
v8::String::New(fileNameString, fileName.length());
v8::Handle<v8::Integer> line = v8::Integer::New(baseLine);
v8::ScriptOrigin origin(name, line);
v8::Handle<v8::Script> script = v8::Script::Compile(code, &origin);
return script;
}
bool V8Proxy::HandleOutOfMemory()
{
v8::Local<v8::Context> context = v8::Context::GetCurrent();
if (!context->HasOutOfMemoryException())
return false;
// Warning, error, disable JS for this frame?
Frame* frame = V8Proxy::retrieveFrame(context);
V8Proxy* proxy = V8Proxy::retrieve(frame);
if (proxy != NULL) {
// Clean m_context, and event handlers.
proxy->clearForClose();
// Destroy the global object.
proxy->DestroyGlobal();
}
#if PLATFORM(CHROMIUM)
// TODO(andreip): ChromeBridge->BrowserBridge?
ChromiumBridge::notifyJSOutOfMemory(frame);
#endif
// Disable JS.
Settings* settings = frame->settings();
ASSERT(settings);
settings->setJavaScriptEnabled(false);
return true;
}
void V8Proxy::evaluateInNewContext(const Vector<ScriptSourceCode>& sources)
{
InitContextIfNeeded();
v8::HandleScope handleScope;
// Set up the DOM window as the prototype of the new global object.
v8::Handle<v8::Context> windowContext = m_context;
v8::Handle<v8::Object> windowGlobal = windowContext->Global();
v8::Handle<v8::Value> windowWrapper =
V8Proxy::LookupDOMWrapper(V8ClassIndex::DOMWINDOW, windowGlobal);
ASSERT(V8Proxy::DOMWrapperToNative<DOMWindow>(windowWrapper) ==
m_frame->domWindow());
v8::Persistent<v8::Context> context =
createNewContext(v8::Handle<v8::Object>());
v8::Context::Scope context_scope(context);
v8::Handle<v8::Object> global = context->Global();
v8::Handle<v8::String> implicitProtoString = v8::String::New("__proto__");
global->Set(implicitProtoString, windowWrapper);
// Give the code running in the new context a way to get access to the
// original context.
global->Set(v8::String::New("contentWindow"), windowGlobal);
// Run code in the new context.
for (size_t i = 0; i < sources.size(); ++i)
evaluate(sources[i], 0);
// Using the default security token means that the canAccess is always
// called, which is slow.
// TODO(aa): Use tokens where possible. This will mean keeping track of all
// created contexts so that they can all be updated when the document domain
// changes.
context->UseDefaultSecurityToken();
context.Dispose();
}
v8::Local<v8::Value> V8Proxy::evaluate(const ScriptSourceCode& source, Node* n)
{
ASSERT(v8::Context::InContext());
LOCK_V8;
// Compile the script.
v8::Local<v8::String> code = v8ExternalString(source.source());
#if PLATFORM(CHROMIUM)
// TODO(andreip): ChromeBridge->BrowserBridge?
ChromiumBridge::traceEventBegin("v8.compile", n, "");
#endif
// NOTE: For compatibility with WebCore, ScriptSourceCode's line starts at
// 1, whereas v8 starts at 0.
v8::Handle<v8::Script> script = CompileScript(code, source.url(),
source.startLine() - 1);
#if PLATFORM(CHROMIUM)
// TODO(andreip): ChromeBridge->BrowserBridge?
ChromiumBridge::traceEventEnd("v8.compile", n, "");
ChromiumBridge::traceEventBegin("v8.run", n, "");
#endif
v8::Local<v8::Value> result;
{
// Isolate exceptions that occur when executing the code. These
// exceptions should not interfere with javascript code we might
// evaluate from C++ when returning from here
v8::TryCatch try_catch;
try_catch.SetVerbose(true);
// Set inlineCode to true for <a href="javascript:doSomething()">
// and false for <script>doSomething</script>. We make a rough guess at
// this based on whether the script source has a URL.
result = RunScript(script, source.url().string().isNull());
}
#if PLATFORM(CHROMIUM)
// TODO(andreip): ChromeBridge->BrowserBridge?
ChromiumBridge::traceEventEnd("v8.run", n, "");
#endif
return result;
}
v8::Local<v8::Value> V8Proxy::RunScript(v8::Handle<v8::Script> script,
bool inline_code)
#ifdef ANDROID_INSTRUMENT
{
android::TimeCounter::start(android::TimeCounter::JavaScriptExecuteTimeCounter);
v8::Local<v8::Value> result = RunScriptInternal(script, inline_code);
android::TimeCounter::record(android::TimeCounter::JavaScriptExecuteTimeCounter, __FUNCTION__);
return result;
}
v8::Local<v8::Value> V8Proxy::RunScriptInternal(v8::Handle<v8::Script> script,
bool inline_code)
#endif
{
if (script.IsEmpty())
return v8::Local<v8::Value>();
// Compute the source string and prevent against infinite recursion.
if (m_recursion >= kMaxRecursionDepth) {
v8::Local<v8::String> code =
v8ExternalString("throw RangeError('Recursion too deep')");
// TODO(kasperl): Ideally, we should be able to re-use the origin of the
// script passed to us as the argument instead of using an empty string
// and 0 baseLine.
script = CompileScript(code, "", 0);
}
if (HandleOutOfMemory())
ASSERT(script.IsEmpty());
if (script.IsEmpty())
return v8::Local<v8::Value>();
// Save the previous value of the inlineCode flag and update the flag for
// the duration of the script invocation.
bool previous_inline_code = inlineCode();
setInlineCode(inline_code);
// Run the script and keep track of the current recursion depth.
v8::Local<v8::Value> result;
{ ConsoleMessageScope scope;
m_recursion++;
// Evaluating the JavaScript could cause the frame to be deallocated,
// so we start the keep alive timer here.
// Frame::keepAlive method adds the ref count of the frame and sets a
// timer to decrease the ref count. It assumes that the current JavaScript
// execution finishs before firing the timer.
// See issue 1218756 and 914430.
m_frame->keepAlive();
result = script->Run();
m_recursion--;
}
if (HandleOutOfMemory())
ASSERT(result.IsEmpty());
// Handle V8 internal error situation (Out-of-memory).
if (result.IsEmpty())
return v8::Local<v8::Value>();
// Restore inlineCode flag.
setInlineCode(previous_inline_code);
if (v8::V8::IsDead())
HandleFatalErrorInV8();
return result;
}
v8::Local<v8::Value> V8Proxy::CallFunction(v8::Handle<v8::Function> function,
v8::Handle<v8::Object> receiver,
int argc,
v8::Handle<v8::Value> args[])
{
#ifdef ANDROID_INSTRUMENT
android::TimeCounter::start(android::TimeCounter::JavaScriptExecuteTimeCounter);
#endif
// For now, we don't put any artificial limitations on the depth
// of recursion that stems from calling functions. This is in
// contrast to the script evaluations.
v8::Local<v8::Value> result;
{
ConsoleMessageScope scope;
// Evaluating the JavaScript could cause the frame to be deallocated,
// so we start the keep alive timer here.
// Frame::keepAlive method adds the ref count of the frame and sets a
// timer to decrease the ref count. It assumes that the current JavaScript
// execution finishs before firing the timer.
// See issue 1218756 and 914430.
m_frame->keepAlive();
result = function->Call(receiver, argc, args);
}
if (v8::V8::IsDead())
HandleFatalErrorInV8();
#ifdef ANDROID_INSTRUMENT
android::TimeCounter::record(android::TimeCounter::JavaScriptExecuteTimeCounter, __FUNCTION__);
#endif
return result;
}
v8::Local<v8::Value> V8Proxy::NewInstance(v8::Handle<v8::Function> constructor,
int argc,
v8::Handle<v8::Value> args[])
{
// No artificial limitations on the depth of recursion, see comment in
// V8Proxy::CallFunction.
v8::Local<v8::Value> result;
{
ConsoleMessageScope scope;
// See comment in V8Proxy::CallFunction.
m_frame->keepAlive();
result = constructor->NewInstance(argc, args);
}
if (v8::V8::IsDead())
HandleFatalErrorInV8();
return result;
}
v8::Local<v8::Function> V8Proxy::GetConstructor(V8ClassIndex::V8WrapperType t){
// A DOM constructor is a function instance created from a DOM constructor
// template. There is one instance per context. A DOM constructor is
// different from a normal function in two ways:
// 1) it cannot be called as constructor (aka, used to create a DOM object)
// 2) its __proto__ points to Object.prototype rather than
// Function.prototype.
// The reason for 2) is that, in Safari, a DOM constructor is a normal JS
// object, but not a function. Hotmail relies on the fact that, in Safari,
// HTMLElement.__proto__ == Object.prototype.
//
// m_object_prototype is a cache of the original Object.prototype.
ASSERT(ContextInitialized());
// Enter the context of the proxy to make sure that the
// function is constructed in the context corresponding to
// this proxy.
v8::Context::Scope scope(m_context);
v8::Handle<v8::FunctionTemplate> templ = GetTemplate(t);
// Getting the function might fail if we're running out of
// stack or memory.
v8::TryCatch try_catch;
v8::Local<v8::Function> value = templ->GetFunction();
if (value.IsEmpty())
return v8::Local<v8::Function>();
// Hotmail fix, see comments above.
value->Set(v8::String::New("__proto__"), m_object_prototype);
return value;
}
v8::Local<v8::Object> V8Proxy::CreateWrapperFromCache(V8ClassIndex::V8WrapperType type) {
int class_index = V8ClassIndex::ToInt(type);
v8::Local<v8::Value> cached_object =
m_wrapper_boilerplates->Get(v8::Integer::New(class_index));
if (cached_object->IsObject()) {
v8::Local<v8::Object> object = v8::Local<v8::Object>::Cast(cached_object);
return object->Clone();
}
// Not in cache.
InitContextIfNeeded();
v8::Context::Scope scope(m_context);
v8::Local<v8::Function> function = GetConstructor(type);
v8::Local<v8::Object> instance = SafeAllocation::NewInstance(function);
if (!instance.IsEmpty()) {
m_wrapper_boilerplates->Set(v8::Integer::New(class_index), instance);
return instance->Clone();
}
return v8::Local<v8::Object>();
}
// Get the string 'toString'.
static v8::Persistent<v8::String> GetToStringName() {
static v8::Persistent<v8::String> value;
if (value.IsEmpty())
value = v8::Persistent<v8::String>::New(v8::String::New("toString"));
return value;
}
static v8::Handle<v8::Value> ConstructorToString(const v8::Arguments& args) {
// The DOM constructors' toString functions grab the current toString
// for Functions by taking the toString function of itself and then
// calling it with the constructor as its receiver. This means that
// changes to the Function prototype chain or toString function are
// reflected when printing DOM constructors. The only wart is that
// changes to a DOM constructor's toString's toString will cause the
// toString of the DOM constructor itself to change. This is extremely
// obscure and unlikely to be a problem.
v8::Handle<v8::Value> val = args.Callee()->Get(GetToStringName());
if (!val->IsFunction()) return v8::String::New("");
return v8::Handle<v8::Function>::Cast(val)->Call(args.This(), 0, NULL);
}
v8::Persistent<v8::FunctionTemplate> V8Proxy::GetTemplate(
V8ClassIndex::V8WrapperType type)
{
v8::Persistent<v8::FunctionTemplate>* cache_cell =
V8ClassIndex::GetCache(type);
if (!(*cache_cell).IsEmpty())
return *cache_cell;
// not found
FunctionTemplateFactory factory = V8ClassIndex::GetFactory(type);
v8::Persistent<v8::FunctionTemplate> desc = factory();
// DOM constructors are functions and should print themselves as such.
// However, we will later replace their prototypes with Object
// prototypes so we need to explicitly override toString on the
// instance itself. If we later make DOM constructors full objects
// we can give them class names instead and Object.prototype.toString
// will work so we can remove this code.
static v8::Persistent<v8::FunctionTemplate> to_string_template;
if (to_string_template.IsEmpty()) {
to_string_template = v8::Persistent<v8::FunctionTemplate>::New(
v8::FunctionTemplate::New(ConstructorToString));
}
desc->Set(GetToStringName(), to_string_template);
switch (type) {
case V8ClassIndex::CSSSTYLEDECLARATION:
// The named property handler for style declarations has a
// setter. Therefore, the interceptor has to be on the object
// itself and not on the prototype object.
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(CSSStyleDeclaration),
USE_NAMED_PROPERTY_SETTER(CSSStyleDeclaration));
setCollectionStringOrNullIndexedGetter<CSSStyleDeclaration>(desc);
break;
case V8ClassIndex::CSSRULELIST:
setCollectionIndexedGetter<CSSRuleList, CSSRule>(desc,
V8ClassIndex::CSSRULE);
break;
case V8ClassIndex::CSSVALUELIST:
setCollectionIndexedGetter<CSSValueList, CSSValue>(
desc,
V8ClassIndex::CSSVALUE);
break;
case V8ClassIndex::CSSVARIABLESDECLARATION:
setCollectionStringOrNullIndexedGetter<CSSVariablesDeclaration>(desc);
break;
case V8ClassIndex::WEBKITCSSTRANSFORMVALUE:
setCollectionIndexedGetter<WebKitCSSTransformValue, CSSValue>(
desc,
V8ClassIndex::CSSVALUE);
break;
case V8ClassIndex::UNDETECTABLEHTMLCOLLECTION:
desc->InstanceTemplate()->MarkAsUndetectable(); // fall through
case V8ClassIndex::HTMLCOLLECTION:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(HTMLCollection));
desc->InstanceTemplate()->SetCallAsFunctionHandler(
USE_CALLBACK(HTMLCollectionCallAsFunction));
setCollectionIndexedGetter<HTMLCollection, Node>(desc,
V8ClassIndex::NODE);
break;
case V8ClassIndex::HTMLOPTIONSCOLLECTION:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(HTMLCollection));
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(HTMLOptionsCollection),
USE_INDEXED_PROPERTY_SETTER(HTMLOptionsCollection));
desc->InstanceTemplate()->SetCallAsFunctionHandler(
USE_CALLBACK(HTMLCollectionCallAsFunction));
break;
case V8ClassIndex::HTMLSELECTELEMENT:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(HTMLSelectElementCollection));
desc->InstanceTemplate()->SetIndexedPropertyHandler(
nodeCollectionIndexedPropertyGetter<HTMLSelectElement>,
USE_INDEXED_PROPERTY_SETTER(HTMLSelectElementCollection),
0,
0,
nodeCollectionIndexedPropertyEnumerator<HTMLSelectElement>,
v8::Integer::New(V8ClassIndex::NODE));
break;
case V8ClassIndex::HTMLDOCUMENT: {
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(HTMLDocument),
0,
0,
USE_NAMED_PROPERTY_DELETER(HTMLDocument));
// We add an extra internal field to all Document wrappers for
// storing a per document DOMImplementation wrapper.
//
// Additionally, we add two extra internal fields for
// HTMLDocuments to implement temporary shadowing of
// document.all. One field holds an object that is used as a
// marker. The other field holds the marker object if
// document.all is not shadowed and some other value if
// document.all is shadowed.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
ASSERT(instance_template->InternalFieldCount() ==
V8Custom::kDefaultWrapperInternalFieldCount);
instance_template->SetInternalFieldCount(
V8Custom::kHTMLDocumentInternalFieldCount);
break;
}
#if ENABLE(SVG)
case V8ClassIndex::SVGDOCUMENT: // fall through
#endif
case V8ClassIndex::DOCUMENT: {
// We add an extra internal field to all Document wrappers for
// storing a per document DOMImplementation wrapper.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
ASSERT(instance_template->InternalFieldCount() ==
V8Custom::kDefaultWrapperInternalFieldCount);
instance_template->SetInternalFieldCount(
V8Custom::kDocumentMinimumInternalFieldCount);
break;
}
case V8ClassIndex::HTMLAPPLETELEMENT: // fall through
case V8ClassIndex::HTMLEMBEDELEMENT: // fall through
case V8ClassIndex::HTMLOBJECTELEMENT:
// HTMLAppletElement, HTMLEmbedElement and HTMLObjectElement are
// inherited from HTMLPlugInElement, and they share the same property
// handling code.
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(HTMLPlugInElement),
USE_NAMED_PROPERTY_SETTER(HTMLPlugInElement));
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(HTMLPlugInElement),
USE_INDEXED_PROPERTY_SETTER(HTMLPlugInElement));
desc->InstanceTemplate()->SetCallAsFunctionHandler(
USE_CALLBACK(HTMLPlugInElement));
break;
case V8ClassIndex::HTMLFRAMESETELEMENT:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(HTMLFrameSetElement));
break;
case V8ClassIndex::HTMLFORMELEMENT:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(HTMLFormElement));
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(HTMLFormElement),
0,
0,
0,
nodeCollectionIndexedPropertyEnumerator<HTMLFormElement>,
v8::Integer::New(V8ClassIndex::NODE));
break;
case V8ClassIndex::CANVASPIXELARRAY:
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(CanvasPixelArray),
USE_INDEXED_PROPERTY_SETTER(CanvasPixelArray));
break;
case V8ClassIndex::STYLESHEET: // fall through
case V8ClassIndex::CSSSTYLESHEET: {
// We add an extra internal field to hold a reference to
// the owner node.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
ASSERT(instance_template->InternalFieldCount() ==
V8Custom::kDefaultWrapperInternalFieldCount);
instance_template->SetInternalFieldCount(
V8Custom::kStyleSheetInternalFieldCount);
break;
}
case V8ClassIndex::MEDIALIST:
setCollectionStringOrNullIndexedGetter<MediaList>(desc);
break;
case V8ClassIndex::MIMETYPEARRAY:
setCollectionIndexedAndNamedGetters<MimeTypeArray, MimeType>(
desc,
V8ClassIndex::MIMETYPE);
break;
case V8ClassIndex::NAMEDNODEMAP:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(NamedNodeMap));
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(NamedNodeMap),
0,
0,
0,
collectionIndexedPropertyEnumerator<NamedNodeMap>,
v8::Integer::New(V8ClassIndex::NODE));
break;
#if ENABLE(DOM_STORAGE)
case V8ClassIndex::STORAGE:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(Storage),
USE_NAMED_PROPERTY_SETTER(Storage),
0,
USE_NAMED_PROPERTY_DELETER(Storage),
V8Custom::v8StorageNamedPropertyEnumerator);
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(Storage),
USE_INDEXED_PROPERTY_SETTER(Storage),
0,
USE_INDEXED_PROPERTY_DELETER(Storage));
break;
#endif
case V8ClassIndex::NODELIST:
setCollectionIndexedGetter<NodeList, Node>(desc, V8ClassIndex::NODE);
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(NodeList));
break;
case V8ClassIndex::PLUGIN:
setCollectionIndexedAndNamedGetters<Plugin, MimeType>(
desc,
V8ClassIndex::MIMETYPE);
break;
case V8ClassIndex::PLUGINARRAY:
setCollectionIndexedAndNamedGetters<PluginArray, Plugin>(
desc,
V8ClassIndex::PLUGIN);
break;
case V8ClassIndex::STYLESHEETLIST:
desc->InstanceTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(StyleSheetList));
setCollectionIndexedGetter<StyleSheetList, StyleSheet>(
desc,
V8ClassIndex::STYLESHEET);
break;
case V8ClassIndex::DOMWINDOW: {
v8::Local<v8::Signature> default_signature = v8::Signature::New(desc);
desc->PrototypeTemplate()->SetNamedPropertyHandler(
USE_NAMED_PROPERTY_GETTER(DOMWindow));
desc->PrototypeTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(DOMWindow));
desc->SetHiddenPrototype(true);
// Reserve spaces for references to location, history and
// navigator objects.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kDOMWindowInternalFieldCount);
// Set access check callbacks, but turned off initially.
// When a context is detached from a frame, turn on the access check.
// Turning on checks also invalidates inline caches of the object.
instance_template->SetAccessCheckCallbacks(
V8Custom::v8DOMWindowNamedSecurityCheck,
V8Custom::v8DOMWindowIndexedSecurityCheck,
v8::Integer::New(V8ClassIndex::DOMWINDOW),
false);
break;
}
case V8ClassIndex::LOCATION: {
// For security reasons, these functions are on the instance
// instead of on the prototype object to insure that they cannot
// be overwritten.
v8::Local<v8::ObjectTemplate> instance = desc->InstanceTemplate();
instance->SetAccessor(
v8::String::New("reload"),
V8Custom::v8LocationReloadAccessorGetter,
0,
v8::Handle<v8::Value>(),
v8::ALL_CAN_READ,
static_cast<v8::PropertyAttribute>(v8::DontDelete|v8::ReadOnly));
instance->SetAccessor(
v8::String::New("replace"),
V8Custom::v8LocationReplaceAccessorGetter,
0,
v8::Handle<v8::Value>(),
v8::ALL_CAN_READ,
static_cast<v8::PropertyAttribute>(v8::DontDelete|v8::ReadOnly));
instance->SetAccessor(
v8::String::New("assign"),
V8Custom::v8LocationAssignAccessorGetter,
0,
v8::Handle<v8::Value>(),
v8::ALL_CAN_READ,
static_cast<v8::PropertyAttribute>(v8::DontDelete|v8::ReadOnly));
break;
}
case V8ClassIndex::HISTORY: {
break;
}
case V8ClassIndex::MESSAGECHANNEL: {
// Reserve two more internal fields for referencing the port1
// and port2 wrappers. This ensures that the port wrappers are
// kept alive when the channel wrapper is.
desc->SetCallHandler(USE_CALLBACK(MessageChannelConstructor));
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kMessageChannelInternalFieldCount);
break;
}
case V8ClassIndex::MESSAGEPORT: {
// Reserve one more internal field for keeping event listeners.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kMessagePortInternalFieldCount);
break;
}
#if ENABLE(WORKERS)
case V8ClassIndex::WORKER: {
// Reserve one more internal field for keeping event listeners.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kWorkerInternalFieldCount);
desc->SetCallHandler(USE_CALLBACK(WorkerConstructor));
break;
}
case V8ClassIndex::WORKERCONTEXT: {
// Reserve one more internal field for keeping event listeners.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kWorkerContextInternalFieldCount);
break;
}
#endif // WORKERS
#if ENABLE(OFFLINE_WEB_APPLICATIONS)
case V8ClassIndex::DOMAPPLICATIONCACHE: {
// Reserve one more internal field for keeping event listeners.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kDOMApplicationCacheFieldCount);
break;
}
#endif
// The following objects are created from JavaScript.
case V8ClassIndex::DOMPARSER:
desc->SetCallHandler(USE_CALLBACK(DOMParserConstructor));
break;
case V8ClassIndex::HTMLIMAGEELEMENT:
desc->SetCallHandler(USE_CALLBACK(HTMLImageElementConstructor));
break;
case V8ClassIndex::HTMLOPTIONELEMENT:
desc->SetCallHandler(USE_CALLBACK(HTMLOptionElementConstructor));
break;
case V8ClassIndex::WEBKITCSSMATRIX:
desc->SetCallHandler(USE_CALLBACK(WebKitCSSMatrixConstructor));
break;
case V8ClassIndex::WEBKITPOINT:
desc->SetCallHandler(USE_CALLBACK(WebKitPointConstructor));
break;
case V8ClassIndex::XMLSERIALIZER:
desc->SetCallHandler(USE_CALLBACK(XMLSerializerConstructor));
break;
case V8ClassIndex::XMLHTTPREQUEST: {
// Reserve one more internal field for keeping event listeners.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kXMLHttpRequestInternalFieldCount);
desc->SetCallHandler(USE_CALLBACK(XMLHttpRequestConstructor));
break;
}
case V8ClassIndex::XMLHTTPREQUESTUPLOAD: {
// Reserve one more internal field for keeping event listeners.
v8::Local<v8::ObjectTemplate> instance_template =
desc->InstanceTemplate();
instance_template->SetInternalFieldCount(
V8Custom::kXMLHttpRequestInternalFieldCount);
break;
}
#if ENABLE(XPATH)
case V8ClassIndex::XPATHEVALUATOR:
desc->SetCallHandler(USE_CALLBACK(XPathEvaluatorConstructor));
break;
#endif
#if ENABLE(XSLT)
case V8ClassIndex::XSLTPROCESSOR:
desc->SetCallHandler(USE_CALLBACK(XSLTProcessorConstructor));
break;
#endif
#if ENABLE(TOUCH_EVENTS)
// TODO(andreip): upstream touch related changes to Chromium
case V8ClassIndex::TOUCHLIST:
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(TouchList));
break;
#endif
case V8ClassIndex::CLIENTRECTLIST:
desc->InstanceTemplate()->SetIndexedPropertyHandler(
USE_INDEXED_PROPERTY_GETTER(ClientRectList));
break;
default:
break;
}
*cache_cell = desc;
return desc;
}
bool V8Proxy::ContextInitialized()
{
// m_context, m_global, m_object_prototype and m_wrapper_boilerplates should
// all be non-empty if if m_context is non-empty.
ASSERT(m_context.IsEmpty() || !m_global.IsEmpty());
ASSERT(m_context.IsEmpty() || !m_object_prototype.IsEmpty());
ASSERT(m_context.IsEmpty() || !m_wrapper_boilerplates.IsEmpty());
return !m_context.IsEmpty();
}
DOMWindow* V8Proxy::retrieveWindow()
{
// TODO: This seems very fragile. How do we know that the global object
// from the current context is something sensible? Do we need to use the
// last entered here? Who calls this?
return retrieveWindow(v8::Context::GetCurrent());
}
DOMWindow* V8Proxy::retrieveWindow(v8::Handle<v8::Context> context)
{
v8::Handle<v8::Object> global = context->Global();
ASSERT(!global.IsEmpty());
global = LookupDOMWrapper(V8ClassIndex::DOMWINDOW, global);
ASSERT(!global.IsEmpty());
return ToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, global);
}
Frame* V8Proxy::retrieveFrame(v8::Handle<v8::Context> context)
{
return retrieveWindow(context)->frame();
}
Frame* V8Proxy::retrieveFrameForEnteredContext()
{
v8::Handle<v8::Context> context = v8::Context::GetEntered();
if (context.IsEmpty())
return 0;
return retrieveFrame(context);
}
Frame* V8Proxy::retrieveFrameForCurrentContext()
{
v8::Handle<v8::Context> context = v8::Context::GetCurrent();
if (context.IsEmpty())
return 0;
return retrieveFrame(context);
}
Frame* V8Proxy::retrieveFrameForCallingContext()
{
v8::Handle<v8::Context> context = v8::Context::GetCalling();
if (context.IsEmpty())
return 0;
return retrieveFrame(context);
}
Frame* V8Proxy::retrieveFrame()
{
DOMWindow* window = retrieveWindow();
return window ? window->frame() : 0;
}
V8Proxy* V8Proxy::retrieve()
{
DOMWindow* window = retrieveWindow();
ASSERT(window);
return retrieve(window->frame());
}
V8Proxy* V8Proxy::retrieve(Frame* frame)
{
if (!frame)
return 0;
return frame->script()->isEnabled() ? frame->script()->proxy() : 0;
}
V8Proxy* V8Proxy::retrieve(ScriptExecutionContext* context)
{
if (!context->isDocument())
return 0;
return retrieve(static_cast<Document*>(context)->frame());
}
void V8Proxy::disconnectFrame()
{
// disconnect all event listeners
DisconnectEventListeners();
}
bool V8Proxy::isEnabled()
{
Settings* settings = m_frame->settings();
if (!settings)
return false;
// In the common case, JavaScript is enabled and we're done.
if (settings->isJavaScriptEnabled())
return true;
// If JavaScript has been disabled, we need to look at the frame to tell
// whether this script came from the web or the embedder. Scripts from the
// embedder are safe to run, but scripts from the other sources are
// disallowed.
Document* document = m_frame->document();
if (!document)
return false;
SecurityOrigin* origin = document->securityOrigin();
if (origin->protocol().isEmpty())
return false; // Uninitialized document
if (origin->protocol() == "http" || origin->protocol() == "https")
return false; // Web site
// TODO(darin): the following are application decisions, and they should
// not be made at this layer. instead, we should bridge out to the
// embedder to allow them to override policy here.
#if PLATFORM(CHROMIUM)
// TODO(andreip): ChromeBridge->BrowserBridge?
if (origin->protocol() == ChromiumBridge::uiResourceProtocol())
return true; // Embedder's scripts are ok to run
#endif
// If the scheme is ftp: or file:, an empty file name indicates a directory
// listing, which requires JavaScript to function properly.
const char* kDirProtocols[] = { "ftp", "file" };
#if PLATFORM(ANDROID)
// TODO(andreip): port arraysize function to Android. There's one in Gears.
for (size_t i = 0; i < 2; ++i) {
#else
for (size_t i = 0; i < arraysize(kDirProtocols); ++i) {
#endif
if (origin->protocol() == kDirProtocols[i]) {
const KURL& url = document->url();
return url.pathAfterLastSlash() == url.pathEnd();
}
}
return false; // Other protocols fall through to here
}
void V8Proxy::UpdateDocumentWrapper(v8::Handle<v8::Value> wrapper) {
ClearDocumentWrapper();
ASSERT(m_document.IsEmpty());
m_document = v8::Persistent<v8::Value>::New(wrapper);
#ifndef NDEBUG
RegisterGlobalHandle(PROXY, this, m_document);
#endif
}
void V8Proxy::ClearDocumentWrapper()
{
if (!m_document.IsEmpty()) {
#ifndef NDEBUG
UnregisterGlobalHandle(this, m_document);
#endif
m_document.Dispose();
m_document.Clear();
}
}
void V8Proxy::UpdateDocumentWrapperCache()
{
LOCK_V8;
v8::HandleScope handle_scope;
v8::Context::Scope context_scope(GetContext());
v8::Handle<v8::Value> document_wrapper = NodeToV8Object(m_frame->document());
m_context->Global()->ForceSet(v8::String::New("document"),
document_wrapper,
static_cast<v8::PropertyAttribute>(v8::ReadOnly | v8::DontDelete));
}
void V8Proxy::ClearDocumentWrapperCache()
{
ASSERT(!m_context.IsEmpty());
m_context->Global()->ForceDelete(v8::String::New("document"));
}
void V8Proxy::DisposeContextHandles() {
if (!m_context.IsEmpty()) {
m_context.Dispose();
m_context.Clear();
}
if (!m_wrapper_boilerplates.IsEmpty()) {
#ifndef NDEBUG
UnregisterGlobalHandle(this, m_wrapper_boilerplates);
#endif
m_wrapper_boilerplates.Dispose();
m_wrapper_boilerplates.Clear();
}
if (!m_object_prototype.IsEmpty()) {
#ifndef NDEBUG
UnregisterGlobalHandle(this, m_object_prototype);
#endif
m_object_prototype.Dispose();
m_object_prototype.Clear();
}
}
void V8Proxy::clearForClose()
{
if (!m_context.IsEmpty()) {
LOCK_V8;
v8::HandleScope handle_scope;
ClearDocumentWrapper();
DisposeContextHandles();
}
}
void V8Proxy::clearForNavigation()
{
// disconnect all event listeners
DisconnectEventListeners();
if (!m_context.IsEmpty()) {
LOCK_V8;
v8::HandleScope handle;
ClearDocumentWrapper();
v8::Context::Scope context_scope(m_context);
// Clear the document wrapper cache before turning on access checks on
// the old DOMWindow wrapper. This way, access to the document wrapper
// will be protected by the security checks on the DOMWindow wrapper.
ClearDocumentWrapperCache();
// Turn on access check on the old DOMWindow wrapper.
v8::Handle<v8::Object> wrapper =
LookupDOMWrapper(V8ClassIndex::DOMWINDOW, m_global);
ASSERT(!wrapper.IsEmpty());
wrapper->TurnOnAccessCheck();
// Separate the context from its global object.
m_context->DetachGlobal();
DisposeContextHandles();
}
}
void V8Proxy::SetSecurityToken() {
Document* document = m_frame->document();
// Setup security origin and security token
if (!document) {
m_context->UseDefaultSecurityToken();
return;
}
// Ask the document's SecurityOrigin to generate a security token.
// If two tokens are equal, then the SecurityOrigins canAccess each other.
// If two tokens are not equal, then we have to call canAccess.
// Note: we can't use the HTTPOrigin if it was set from the DOM.
SecurityOrigin* origin = document->securityOrigin();
String token;
if (!origin->domainWasSetInDOM())
token = document->securityOrigin()->toString();
// An empty or "null" token means we always have to call
// canAccess. The toString method on securityOrigins returns the
// string "null" for empty security origins and for security
// origins that should only allow access to themselves. In this
// case, we use the global object as the security token to avoid
// calling canAccess when a script accesses its own objects.
if (token.isEmpty() || token == "null") {
m_context->UseDefaultSecurityToken();
return;
}
CString utf8_token = token.utf8();
// NOTE: V8 does identity comparison in fast path, must use a symbol
// as the security token.
m_context->SetSecurityToken(
v8::String::NewSymbol(utf8_token.data(), utf8_token.length()));
}
void V8Proxy::updateDocument()
{
if (!m_frame->document())
return;
if (m_global.IsEmpty())
return;
InitContextIfNeeded();
// We have a new document and we need to update the cache.
UpdateDocumentWrapperCache();
updateSecurityOrigin();
}
void V8Proxy::updateSecurityOrigin()
{
LOCK_V8;
v8::HandleScope scope;
SetSecurityToken();
}
// Same origin policy implementation:
//
// Same origin policy prevents JS code from domain A access JS & DOM objects
// in a different domain B. There are exceptions and several objects are
// accessible by cross-domain code. For example, the window.frames object is
// accessible by code from a different domain, but window.document is not.
//
// The binding code sets security check callbacks on a function template,
// and accessing instances of the template calls the callback function.
// The callback function checks same origin policy.
//
// Callback functions are expensive. V8 uses a security token string to do
// fast access checks for the common case where source and target are in the
// same domain. A security token is a string object that represents
// the protocol/url/port of a domain.
//
// There are special cases where a security token matching is not enough.
// For example, JavaScript can set its domain to a super domain by calling
// document.setDomain(...). In these cases, the binding code can reset
// a context's security token to its global object so that the fast access
// check will always fail.
// Check if the current execution context can access a target frame.
// First it checks same domain policy using the lexical context
//
// This is equivalent to KJS::Window::allowsAccessFrom(ExecState*, String&).
bool V8Proxy::CanAccessPrivate(DOMWindow* target_window)
{
ASSERT(target_window);
String message;
DOMWindow* origin_window = retrieveWindow();
if (origin_window == target_window)
return true;
if (!origin_window)
return false;
const SecurityOrigin* active_security_origin = origin_window->securityOrigin();
const SecurityOrigin* target_security_origin = target_window->securityOrigin();
// We have seen crashes were the security origin of the target has not been
// initialized. Defend against that.
if (!target_security_origin)
return false;
if (active_security_origin->canAccess(target_security_origin))
return true;
// Allow access to a "about:blank" page if the dynamic context is a
// detached context of the same frame as the blank page.
if (target_security_origin->isEmpty() &&
origin_window->frame() == target_window->frame())
return true;
return false;
}
bool V8Proxy::CanAccessFrame(Frame* target, bool report_error)
{
// The subject is detached from a frame, deny accesses.
if (!target)
return false;
if (!CanAccessPrivate(target->domWindow())) {
if (report_error)
ReportUnsafeAccessTo(target, REPORT_NOW);
return false;
}
return true;
}
bool V8Proxy::CheckNodeSecurity(Node* node)
{
if (!node)
return false;
Frame* target = node->document()->frame();
if (!target)
return false;
return CanAccessFrame(target, true);
}
v8::Persistent<v8::Context> V8Proxy::createNewContext(
v8::Handle<v8::Object> global)
{
v8::Persistent<v8::Context> result;
// Create a new environment using an empty template for the shadow
// object. Reuse the global object if one has been created earlier.
v8::Persistent<v8::ObjectTemplate> globalTemplate =
V8DOMWindow::GetShadowObjectTemplate();
if (globalTemplate.IsEmpty())
return result;
// Install a security handler with V8.
globalTemplate->SetAccessCheckCallbacks(
V8Custom::v8DOMWindowNamedSecurityCheck,
V8Custom::v8DOMWindowIndexedSecurityCheck,
v8::Integer::New(V8ClassIndex::DOMWINDOW));
// Dynamically tell v8 about our extensions now.
const char** extensionNames = new const char*[m_extensions.size()];
int index = 0;
for (V8ExtensionList::iterator it = m_extensions.begin();
it != m_extensions.end(); ++it) {
// Note: we check the loader URL here instead of the document URL
// because we might be currently loading an URL into a blank page.
// See http://code.google.com/p/chromium/issues/detail?id=10924
if (it->scheme.length() > 0 &&
(it->scheme != m_frame->loader()->activeDocumentLoader()->url().protocol() ||
it->scheme != m_frame->page()->mainFrame()->loader()->activeDocumentLoader()->url().protocol()))
continue;
extensionNames[index++] = it->extension->name();
}
v8::ExtensionConfiguration extensions(index, extensionNames);
result = v8::Context::New(&extensions, globalTemplate, global);
delete [] extensionNames;
extensionNames = 0;
return result;
}
// Create a new environment and setup the global object.
//
// The global object corresponds to a DOMWindow instance. However, to
// allow properties of the JS DOMWindow instance to be shadowed, we
// use a shadow object as the global object and use the JS DOMWindow
// instance as the prototype for that shadow object. The JS DOMWindow
// instance is undetectable from javascript code because the __proto__
// accessors skip that object.
//
// The shadow object and the DOMWindow instance are seen as one object
// from javascript. The javascript object that corresponds to a
// DOMWindow instance is the shadow object. When mapping a DOMWindow
// instance to a V8 object, we return the shadow object.
//
// To implement split-window, see
// 1) https://bugs.webkit.org/show_bug.cgi?id=17249
// 2) https://wiki.mozilla.org/Gecko:SplitWindow
// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639
// we need to split the shadow object further into two objects:
// an outer window and an inner window. The inner window is the hidden
// prototype of the outer window. The inner window is the default
// global object of the context. A variable declared in the global
// scope is a property of the inner window.
//
// The outer window sticks to a Frame, it is exposed to JavaScript
// via window.window, window.self, window.parent, etc. The outer window
// has a security token which is the domain. The outer window cannot
// have its own properties. window.foo = 'x' is delegated to the
// inner window.
//
// When a frame navigates to a new page, the inner window is cut off
// the outer window, and the outer window identify is preserved for
// the frame. However, a new inner window is created for the new page.
// If there are JS code holds a closure to the old inner window,
// it won't be able to reach the outer window via its global object.
void V8Proxy::InitContextIfNeeded()
{
// Bail out if the context has already been initialized.
if (!m_context.IsEmpty())
return;
#ifdef ANDROID_INSTRUMENT
android::TimeCounter::start(android::TimeCounter::JavaScriptInitTimeCounter);
#endif
LOCK_V8;
// Create a handle scope for all local handles.
v8::HandleScope handle_scope;
// Setup the security handlers and message listener. This only has
// to be done once.
static bool v8_initialized = false;
if (!v8_initialized) {
// Tells V8 not to call the default OOM handler, binding code
// will handle it.
v8::V8::IgnoreOutOfMemoryException();
v8::V8::SetFatalErrorHandler(ReportFatalErrorInV8);
v8::V8::SetGlobalGCPrologueCallback(&GCPrologue);
v8::V8::SetGlobalGCEpilogueCallback(&GCEpilogue);
v8::V8::AddMessageListener(HandleConsoleMessage);
v8::V8::SetFailedAccessCheckCallbackFunction(ReportUnsafeJavaScriptAccess);
v8_initialized = true;
}
m_context = createNewContext(m_global);
if (m_context.IsEmpty())
return;
// Starting from now, use local context only.
v8::Local<v8::Context> context = GetContext();
v8::Context::Scope context_scope(context);
// Store the first global object created so we can reuse it.
if (m_global.IsEmpty()) {
m_global = v8::Persistent<v8::Object>::New(context->Global());
// Bail out if allocation of the first global objects fails.
if (m_global.IsEmpty()) {
DisposeContextHandles();
return;
}
#ifndef NDEBUG
RegisterGlobalHandle(PROXY, this, m_global);
#endif
}
// Allocate strings used during initialization.
v8::Handle<v8::String> object_string = v8::String::New("Object");
v8::Handle<v8::String> prototype_string = v8::String::New("prototype");
v8::Handle<v8::String> implicit_proto_string = v8::String::New("__proto__");
// Bail out if allocation failed.
if (object_string.IsEmpty() ||
prototype_string.IsEmpty() ||
implicit_proto_string.IsEmpty()) {
DisposeContextHandles();
return;
}
// Allocate clone cache and pre-allocated objects
v8::Handle<v8::Object> object = v8::Handle<v8::Object>::Cast(
m_global->Get(object_string));
m_object_prototype = v8::Persistent<v8::Value>::New(
object->Get(prototype_string));
m_wrapper_boilerplates = v8::Persistent<v8::Array>::New(
v8::Array::New(V8ClassIndex::WRAPPER_TYPE_COUNT));
// Bail out if allocation failed.
if (m_object_prototype.IsEmpty()) {
DisposeContextHandles();
return;
}
#ifndef NDEBUG
RegisterGlobalHandle(PROXY, this, m_object_prototype);
RegisterGlobalHandle(PROXY, this, m_wrapper_boilerplates);
#endif
// Create a new JS window object and use it as the prototype for the
// shadow global object.
v8::Handle<v8::Function> window_constructor =
GetConstructor(V8ClassIndex::DOMWINDOW);
v8::Local<v8::Object> js_window =
SafeAllocation::NewInstance(window_constructor);
// Bail out if allocation failed.
if (js_window.IsEmpty()) {
DisposeContextHandles();
return;
}
DOMWindow* window = m_frame->domWindow();
// Wrap the window.
SetDOMWrapper(js_window,
V8ClassIndex::ToInt(V8ClassIndex::DOMWINDOW),
window);
window->ref();
V8Proxy::SetJSWrapperForDOMObject(window,
v8::Persistent<v8::Object>::New(js_window));
// Insert the window instance as the prototype of the shadow object.
v8::Handle<v8::Object> v8_global = context->Global();
v8_global->Set(implicit_proto_string, js_window);
updateDocument();
SetSecurityToken();
m_frame->loader()->dispatchWindowObjectAvailable();
#ifdef ANDROID_INSTRUMENT
android::TimeCounter::record(android::TimeCounter::JavaScriptInitTimeCounter, __FUNCTION__);
#endif
}
void V8Proxy::SetDOMException(int exception_code)
{
if (exception_code <= 0)
return;
ExceptionCodeDescription description;
getExceptionCodeDescription(exception_code, description);
v8::Handle<v8::Value> exception;
switch (description.type) {
case DOMExceptionType:
exception = ToV8Object(V8ClassIndex::DOMCOREEXCEPTION,
DOMCoreException::create(description));
break;
case RangeExceptionType:
exception = ToV8Object(V8ClassIndex::RANGEEXCEPTION,
RangeException::create(description));
break;
case EventExceptionType:
exception = ToV8Object(V8ClassIndex::EVENTEXCEPTION,
EventException::create(description));
break;
case XMLHttpRequestExceptionType:
exception = ToV8Object(V8ClassIndex::XMLHTTPREQUESTEXCEPTION,
XMLHttpRequestException::create(description));
break;
#if ENABLE(SVG)
case SVGExceptionType:
exception = ToV8Object(V8ClassIndex::SVGEXCEPTION,
SVGException::create(description));
break;
#endif
#if ENABLE(XPATH)
case XPathExceptionType:
exception = ToV8Object(V8ClassIndex::XPATHEXCEPTION,
XPathException::create(description));
break;
#endif
}
ASSERT(!exception.IsEmpty());
v8::ThrowException(exception);
}
v8::Handle<v8::Value> V8Proxy::ThrowError(ErrorType type, const char* message)
{
switch (type) {
case RANGE_ERROR:
return v8::ThrowException(v8::Exception::RangeError(v8String(message)));
case REFERENCE_ERROR:
return v8::ThrowException(
v8::Exception::ReferenceError(v8String(message)));
case SYNTAX_ERROR:
return v8::ThrowException(v8::Exception::SyntaxError(v8String(message)));
case TYPE_ERROR:
return v8::ThrowException(v8::Exception::TypeError(v8String(message)));
case GENERAL_ERROR:
return v8::ThrowException(v8::Exception::Error(v8String(message)));
default:
ASSERT(false);
return v8::Handle<v8::Value>();
}
}
v8::Local<v8::Context> V8Proxy::GetContext(Frame* frame)
{
V8Proxy* proxy = retrieve(frame);
if (!proxy)
return v8::Local<v8::Context>();
proxy->InitContextIfNeeded();
return proxy->GetContext();
}
v8::Local<v8::Context> V8Proxy::GetCurrentContext()
{
return v8::Context::GetCurrent();
}
v8::Handle<v8::Value> V8Proxy::ToV8Object(V8ClassIndex::V8WrapperType type, void* imp)
{
ASSERT(type != V8ClassIndex::EVENTLISTENER);
ASSERT(type != V8ClassIndex::EVENTTARGET);
ASSERT(type != V8ClassIndex::EVENT);
bool is_active_dom_object = false;
switch (type) {
#define MAKE_CASE(TYPE, NAME) case V8ClassIndex::TYPE:
DOM_NODE_TYPES(MAKE_CASE)
#if ENABLE(SVG)
SVG_NODE_TYPES(MAKE_CASE)
#endif
return NodeToV8Object(static_cast<Node*>(imp));
case V8ClassIndex::CSSVALUE:
return CSSValueToV8Object(static_cast<CSSValue*>(imp));
case V8ClassIndex::CSSRULE:
return CSSRuleToV8Object(static_cast<CSSRule*>(imp));
case V8ClassIndex::STYLESHEET:
return StyleSheetToV8Object(static_cast<StyleSheet*>(imp));
case V8ClassIndex::DOMWINDOW:
return WindowToV8Object(static_cast<DOMWindow*>(imp));
#if ENABLE(SVG)
SVG_NONNODE_TYPES(MAKE_CASE)
if (type == V8ClassIndex::SVGELEMENTINSTANCE)
return SVGElementInstanceToV8Object(static_cast<SVGElementInstance*>(imp));
return SVGObjectWithContextToV8Object(type, imp);
#endif
ACTIVE_DOM_OBJECT_TYPES(MAKE_CASE)
is_active_dom_object = true;
break;
default:
break;
}
#undef MAKE_CASE
if (!imp) return v8::Null();
// Non DOM node
v8::Persistent<v8::Object> result = is_active_dom_object ?
getActiveDOMObjectMap().get(imp) :
getDOMObjectMap().get(imp);
if (result.IsEmpty()) {
v8::Local<v8::Object> v8obj = InstantiateV8Object(type, type, imp);
if (!v8obj.IsEmpty()) {
// Go through big switch statement, it has some duplications
// that were handled by code above (such as CSSVALUE, CSSRULE, etc).
switch (type) {
#define MAKE_CASE(TYPE, NAME) \
case V8ClassIndex::TYPE: static_cast<NAME*>(imp)->ref(); break;
DOM_OBJECT_TYPES(MAKE_CASE)
#undef MAKE_CASE
default:
ASSERT(false);
}
result = v8::Persistent<v8::Object>::New(v8obj);
if (is_active_dom_object)
SetJSWrapperForActiveDOMObject(imp, result);
else
SetJSWrapperForDOMObject(imp, result);
// Special case for non-node objects associated with a
// DOMWindow. Both Safari and FF let the JS wrappers for these
// objects survive GC. To mimic their behavior, V8 creates
// hidden references from the DOMWindow to these wrapper
// objects. These references get cleared when the DOMWindow is
// reused by a new page.
switch (type) {
case V8ClassIndex::CONSOLE:
SetHiddenWindowReference(static_cast<Console*>(imp)->frame(),
V8Custom::kDOMWindowConsoleIndex, result);
break;
case V8ClassIndex::HISTORY:
SetHiddenWindowReference(static_cast<History*>(imp)->frame(),
V8Custom::kDOMWindowHistoryIndex, result);
break;
case V8ClassIndex::NAVIGATOR:
SetHiddenWindowReference(static_cast<Navigator*>(imp)->frame(),
V8Custom::kDOMWindowNavigatorIndex, result);
break;
case V8ClassIndex::SCREEN:
SetHiddenWindowReference(static_cast<Screen*>(imp)->frame(),
V8Custom::kDOMWindowScreenIndex, result);
break;
case V8ClassIndex::LOCATION:
SetHiddenWindowReference(static_cast<Location*>(imp)->frame(),
V8Custom::kDOMWindowLocationIndex, result);
break;
case V8ClassIndex::DOMSELECTION:
SetHiddenWindowReference(static_cast<DOMSelection*>(imp)->frame(),
V8Custom::kDOMWindowDOMSelectionIndex, result);
break;
case V8ClassIndex::BARINFO: {
BarInfo* barinfo = static_cast<BarInfo*>(imp);
Frame* frame = barinfo->frame();
switch (barinfo->type()) {
case BarInfo::Locationbar:
SetHiddenWindowReference(frame, V8Custom::kDOMWindowLocationbarIndex, result);
break;
case BarInfo::Menubar:
SetHiddenWindowReference(frame, V8Custom::kDOMWindowMenubarIndex, result);
break;
case BarInfo::Personalbar:
SetHiddenWindowReference(frame, V8Custom::kDOMWindowPersonalbarIndex, result);
break;
case BarInfo::Scrollbars:
SetHiddenWindowReference(frame, V8Custom::kDOMWindowScrollbarsIndex, result);
break;
case BarInfo::Statusbar:
SetHiddenWindowReference(frame, V8Custom::kDOMWindowStatusbarIndex, result);
break;
case BarInfo::Toolbar:
SetHiddenWindowReference(frame, V8Custom::kDOMWindowToolbarIndex, result);
break;
}
break;
}
default:
break;
}
}
}
return result;
}
void V8Proxy::SetHiddenWindowReference(Frame* frame,
const int internal_index,
v8::Handle<v8::Object> jsobj)
{
// Get DOMWindow
if (!frame) return; // Object might be detached from window
v8::Handle<v8::Context> context = GetContext(frame);
if (context.IsEmpty()) return;
ASSERT(internal_index < V8Custom::kDOMWindowInternalFieldCount);
v8::Handle<v8::Object> global = context->Global();
// Look for real DOM wrapper.
global = LookupDOMWrapper(V8ClassIndex::DOMWINDOW, global);
ASSERT(!global.IsEmpty());
ASSERT(global->GetInternalField(internal_index)->IsUndefined());
global->SetInternalField(internal_index, jsobj);
}
V8ClassIndex::V8WrapperType V8Proxy::GetDOMWrapperType(v8::Handle<v8::Object> object)
{
ASSERT(MaybeDOMWrapper(object));
v8::Handle<v8::Value> type =
object->GetInternalField(V8Custom::kDOMWrapperTypeIndex);
return V8ClassIndex::FromInt(type->Int32Value());
}
void* V8Proxy::ToNativeObjectImpl(V8ClassIndex::V8WrapperType type,
v8::Handle<v8::Value> object)
{
// Native event listener is per frame, it cannot be handled
// by this generic function.
ASSERT(type != V8ClassIndex::EVENTLISTENER);
ASSERT(type != V8ClassIndex::EVENTTARGET);
ASSERT(MaybeDOMWrapper(object));
switch (type) {
#define MAKE_CASE(TYPE, NAME) case V8ClassIndex::TYPE:
DOM_NODE_TYPES(MAKE_CASE)
#if ENABLE(SVG)
SVG_NODE_TYPES(MAKE_CASE)
#endif
ASSERT(false);
return NULL;
case V8ClassIndex::XMLHTTPREQUEST:
return DOMWrapperToNative<XMLHttpRequest>(object);
case V8ClassIndex::EVENT:
return DOMWrapperToNative<Event>(object);
case V8ClassIndex::CSSRULE:
return DOMWrapperToNative<CSSRule>(object);
default:
break;
}
#undef MAKE_CASE
return DOMWrapperToNative<void>(object);
}
void* V8Proxy::ToSVGPODTypeImpl(V8ClassIndex::V8WrapperType type,
v8::Handle<v8::Value> object) {
return IsWrapperOfType(object, type)
? DOMWrapperToNative<void>(object)
: NULL;
}
v8::Handle<v8::Object> V8Proxy::LookupDOMWrapper(
V8ClassIndex::V8WrapperType type, v8::Handle<v8::Value> value)
{
if (value.IsEmpty())
return v8::Handle<v8::Object>();
v8::Handle<v8::FunctionTemplate> desc = V8Proxy::GetTemplate(type);
while (value->IsObject()) {
v8::Handle<v8::Object> object = v8::Handle<v8::Object>::Cast(value);
if (desc->HasInstance(object))
return object;
value = object->GetPrototype();
}
return v8::Handle<v8::Object>();
}
// static
void* V8Proxy::DOMWrapperToNodeHelper(v8::Handle<v8::Value> value) {
ASSERT(MaybeDOMWrapper(value));
v8::Handle<v8::Object> object = v8::Handle<v8::Object>::Cast(value);
ASSERT(GetDOMWrapperType(object) == V8ClassIndex::NODE);
v8::Handle<v8::Value> wrapper =
object->GetInternalField(V8Custom::kDOMWrapperObjectIndex);
return ExtractCPointer<Node>(wrapper);
}
PassRefPtr<NodeFilter> V8Proxy::ToNativeNodeFilter(v8::Handle<v8::Value> filter)
{
// A NodeFilter is used when walking through a DOM tree or iterating tree
// nodes.
// TODO: we may want to cache NodeFilterCondition and NodeFilter
// object, but it is minor.
// NodeFilter is passed to NodeIterator that has a ref counted pointer
// to NodeFilter. NodeFilter has a ref counted pointer to NodeFilterCondition.
// In NodeFilterCondition, filter object is persisted in its constructor,
// and disposed in its destructor.
if (!filter->IsFunction())
return 0;
NodeFilterCondition* cond = new V8NodeFilterCondition(filter);
return NodeFilter::create(cond);
}
v8::Local<v8::Object> V8Proxy::InstantiateV8Object(
V8ClassIndex::V8WrapperType desc_type,
V8ClassIndex::V8WrapperType cptr_type,
void* imp)
{
// Make a special case for document.all
if (desc_type == V8ClassIndex::HTMLCOLLECTION &&
static_cast<HTMLCollection*>(imp)->type() == DocAll) {
desc_type = V8ClassIndex::UNDETECTABLEHTMLCOLLECTION;
}
V8Proxy* proxy = V8Proxy::retrieve();
v8::Local<v8::Object> instance;
if (proxy) {
instance = proxy->CreateWrapperFromCache(desc_type);
} else {
v8::Local<v8::Function> function = GetTemplate(desc_type)->GetFunction();
instance = SafeAllocation::NewInstance(function);
}
if (!instance.IsEmpty()) {
// Avoid setting the DOM wrapper for failed allocations.
SetDOMWrapper(instance, V8ClassIndex::ToInt(cptr_type), imp);
}
return instance;
}
v8::Handle<v8::Value> V8Proxy::CheckNewLegal(const v8::Arguments& args)
{
if (!AllowAllocation::m_current)
return ThrowError(TYPE_ERROR, "Illegal constructor");
return args.This();
}
void V8Proxy::SetDOMWrapper(v8::Handle<v8::Object> obj, int type, void* cptr)
{
ASSERT(obj->InternalFieldCount() >= 2);
obj->SetInternalField(V8Custom::kDOMWrapperObjectIndex, WrapCPointer(cptr));
obj->SetInternalField(V8Custom::kDOMWrapperTypeIndex, v8::Integer::New(type));
}
#ifndef NDEBUG
bool V8Proxy::MaybeDOMWrapper(v8::Handle<v8::Value> value)
{
if (value.IsEmpty() || !value->IsObject()) return false;
v8::Handle<v8::Object> obj = v8::Handle<v8::Object>::Cast(value);
if (obj->InternalFieldCount() == 0) return false;
ASSERT(obj->InternalFieldCount() >=
V8Custom::kDefaultWrapperInternalFieldCount);
v8::Handle<v8::Value> type =
obj->GetInternalField(V8Custom::kDOMWrapperTypeIndex);
ASSERT(type->IsInt32());
ASSERT(V8ClassIndex::INVALID_CLASS_INDEX < type->Int32Value() &&
type->Int32Value() < V8ClassIndex::CLASSINDEX_END);
v8::Handle<v8::Value> wrapper =
obj->GetInternalField(V8Custom::kDOMWrapperObjectIndex);
ASSERT(wrapper->IsNumber() || wrapper->IsExternal());
return true;
}
#endif
bool V8Proxy::IsDOMEventWrapper(v8::Handle<v8::Value> value)
{
// All kinds of events use EVENT as dom type in JS wrappers.
// See EventToV8Object
return IsWrapperOfType(value, V8ClassIndex::EVENT);
}
bool V8Proxy::IsWrapperOfType(v8::Handle<v8::Value> value,
V8ClassIndex::V8WrapperType classType)
{
if (value.IsEmpty() || !value->IsObject()) return false;
v8::Handle<v8::Object> obj = v8::Handle<v8::Object>::Cast(value);
if (obj->InternalFieldCount() == 0) return false;
ASSERT(obj->InternalFieldCount() >=
V8Custom::kDefaultWrapperInternalFieldCount);
v8::Handle<v8::Value> wrapper =
obj->GetInternalField(V8Custom::kDOMWrapperObjectIndex);
ASSERT(wrapper->IsNumber() || wrapper->IsExternal());
v8::Handle<v8::Value> type =
obj->GetInternalField(V8Custom::kDOMWrapperTypeIndex);
ASSERT(type->IsInt32());
ASSERT(V8ClassIndex::INVALID_CLASS_INDEX < type->Int32Value() &&
type->Int32Value() < V8ClassIndex::CLASSINDEX_END);
return V8ClassIndex::FromInt(type->Int32Value()) == classType;
}
#if ENABLE(VIDEO)
#define FOR_EACH_VIDEO_TAG(macro) \
macro(audio, AUDIO) \
macro(source, SOURCE) \
macro(video, VIDEO)
#else
#define FOR_EACH_VIDEO_TAG(macro)
#endif
#define FOR_EACH_TAG(macro) \
macro(a, ANCHOR) \
macro(applet, APPLET) \
macro(area, AREA) \
macro(base, BASE) \
macro(basefont, BASEFONT) \
macro(blockquote, BLOCKQUOTE) \
macro(body, BODY) \
macro(br, BR) \
macro(button, BUTTON) \
macro(caption, TABLECAPTION) \
macro(col, TABLECOL) \
macro(colgroup, TABLECOL) \
macro(del, MOD) \
macro(canvas, CANVAS) \
macro(dir, DIRECTORY) \
macro(div, DIV) \
macro(dl, DLIST) \
macro(embed, EMBED) \
macro(fieldset, FIELDSET) \
macro(font, FONT) \
macro(form, FORM) \
macro(frame, FRAME) \
macro(frameset, FRAMESET) \
macro(h1, HEADING) \
macro(h2, HEADING) \
macro(h3, HEADING) \
macro(h4, HEADING) \
macro(h5, HEADING) \
macro(h6, HEADING) \
macro(head, HEAD) \
macro(hr, HR) \
macro(html, HTML) \
macro(img, IMAGE) \
macro(iframe, IFRAME) \
macro(image, IMAGE) \
macro(input, INPUT) \
macro(ins, MOD) \
macro(isindex, ISINDEX) \
macro(keygen, SELECT) \
macro(label, LABEL) \
macro(legend, LEGEND) \
macro(li, LI) \
macro(link, LINK) \
macro(listing, PRE) \
macro(map, MAP) \
macro(marquee, MARQUEE) \
macro(menu, MENU) \
macro(meta, META) \
macro(object, OBJECT) \
macro(ol, OLIST) \
macro(optgroup, OPTGROUP) \
macro(option, OPTION) \
macro(p, PARAGRAPH) \
macro(param, PARAM) \
macro(pre, PRE) \
macro(q, QUOTE) \
macro(script, SCRIPT) \
macro(select, SELECT) \
macro(style, STYLE) \
macro(table, TABLE) \
macro(thead, TABLESECTION) \
macro(tbody, TABLESECTION) \
macro(tfoot, TABLESECTION) \
macro(td, TABLECELL) \
macro(th, TABLECELL) \
macro(tr, TABLEROW) \
macro(textarea, TEXTAREA) \
macro(title, TITLE) \
macro(ul, ULIST) \
macro(xmp, PRE)
V8ClassIndex::V8WrapperType V8Proxy::GetHTMLElementType(HTMLElement* element)
{
static HashMap<String, V8ClassIndex::V8WrapperType> map;
if (map.isEmpty()) {
#define ADD_TO_HASH_MAP(tag, name) \
map.set(#tag, V8ClassIndex::HTML##name##ELEMENT);
FOR_EACH_TAG(ADD_TO_HASH_MAP)
#if ENABLE(VIDEO)
if (MediaPlayer::isAvailable()) {
FOR_EACH_VIDEO_TAG(ADD_TO_HASH_MAP)
}
#endif
#undef ADD_TO_HASH_MAP
}
V8ClassIndex::V8WrapperType t = map.get(element->localName().impl());
if (t == 0)
return V8ClassIndex::HTMLELEMENT;
return t;
}
#undef FOR_EACH_TAG
#if ENABLE(SVG)
#if ENABLE(SVG_ANIMATION)
#define FOR_EACH_ANIMATION_TAG(macro) \
macro(animateColor, ANIMATECOLOR) \
macro(animate, ANIMATE) \
macro(animateTransform, ANIMATETRANSFORM) \
macro(set, SET)
#else
#define FOR_EACH_ANIMATION_TAG(macro)
#endif
#if ENABLE(SVG_FILTERS)
#define FOR_EACH_FILTERS_TAG(macro) \
macro(feBlend, FEBLEND) \
macro(feColorMatrix, FECOLORMATRIX) \
macro(feComponentTransfer, FECOMPONENTTRANSFER) \
macro(feComposite, FECOMPOSITE) \
macro(feDiffuseLighting, FEDIFFUSELIGHTING) \
macro(feDisplacementMap, FEDISPLACEMENTMAP) \
macro(feDistantLight, FEDISTANTLIGHT) \
macro(feFlood, FEFLOOD) \
macro(feFuncA, FEFUNCA) \
macro(feFuncB, FEFUNCB) \
macro(feFuncG, FEFUNCG) \
macro(feFuncR, FEFUNCR) \
macro(feGaussianBlur, FEGAUSSIANBLUR) \
macro(feImage, FEIMAGE) \
macro(feMerge, FEMERGE) \
macro(feMergeNode, FEMERGENODE) \
macro(feOffset, FEOFFSET) \
macro(fePointLight, FEPOINTLIGHT) \
macro(feSpecularLighting, FESPECULARLIGHTING) \
macro(feSpotLight, FESPOTLIGHT) \
macro(feTile, FETILE) \
macro(feTurbulence, FETURBULENCE) \
macro(filter, FILTER)
#else
#define FOR_EACH_FILTERS_TAG(macro)
#endif
#if ENABLE(SVG_FONTS)
#define FOR_EACH_FONTS_TAG(macro) \
macro(definition-src, DEFINITIONSRC) \
macro(font-face, FONTFACE) \
macro(font-face-format, FONTFACEFORMAT) \
macro(font-face-name, FONTFACENAME) \
macro(font-face-src, FONTFACESRC) \
macro(font-face-uri, FONTFACEURI)
#else
#define FOR_EACH_FONTS_TAG(marco)
#endif
#if ENABLE(SVG_FOREIGN_OBJECT)
#define FOR_EACH_FOREIGN_OBJECT_TAG(macro) \
macro(foreignObject, FOREIGNOBJECT)
#else
#define FOR_EACH_FOREIGN_OBJECT_TAG(macro)
#endif
#if ENABLE(SVG_USE)
#define FOR_EACH_USE_TAG(macro) \
macro(use, USE)
#else
#define FOR_EACH_USE_TAG(macro)
#endif
#define FOR_EACH_TAG(macro) \
FOR_EACH_ANIMATION_TAG(macro) \
FOR_EACH_FILTERS_TAG(macro) \
FOR_EACH_FONTS_TAG(macro) \
FOR_EACH_FOREIGN_OBJECT_TAG(macro) \
FOR_EACH_USE_TAG(macro) \
macro(a, A) \
macro(altGlyph, ALTGLYPH) \
macro(circle, CIRCLE) \
macro(clipPath, CLIPPATH) \
macro(cursor, CURSOR) \
macro(defs, DEFS) \
macro(desc, DESC) \
macro(ellipse, ELLIPSE) \
macro(g, G) \
macro(glyph, GLYPH) \
macro(image, IMAGE) \
macro(linearGradient, LINEARGRADIENT) \
macro(line, LINE) \
macro(marker, MARKER) \
macro(mask, MASK) \
macro(metadata, METADATA) \
macro(path, PATH) \
macro(pattern, PATTERN) \
macro(polyline, POLYLINE) \
macro(polygon, POLYGON) \
macro(radialGradient, RADIALGRADIENT) \
macro(rect, RECT) \
macro(script, SCRIPT) \
macro(stop, STOP) \
macro(style, STYLE) \
macro(svg, SVG) \
macro(switch, SWITCH) \
macro(symbol, SYMBOL) \
macro(text, TEXT) \
macro(textPath, TEXTPATH) \
macro(title, TITLE) \
macro(tref, TREF) \
macro(tspan, TSPAN) \
macro(view, VIEW) \
// end of macro
V8ClassIndex::V8WrapperType V8Proxy::GetSVGElementType(SVGElement* element)
{
static HashMap<String, V8ClassIndex::V8WrapperType> map;
if (map.isEmpty()) {
#define ADD_TO_HASH_MAP(tag, name) \
map.set(#tag, V8ClassIndex::SVG##name##ELEMENT);
FOR_EACH_TAG(ADD_TO_HASH_MAP)
#undef ADD_TO_HASH_MAP
}
V8ClassIndex::V8WrapperType t = map.get(element->localName().impl());
if (t == 0) return V8ClassIndex::SVGELEMENT;
return t;
}
#undef FOR_EACH_TAG
#endif // ENABLE(SVG)
v8::Handle<v8::Value> V8Proxy::EventToV8Object(Event* event)
{
if (!event)
return v8::Null();
v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(event);
if (!wrapper.IsEmpty())
return wrapper;
V8ClassIndex::V8WrapperType type = V8ClassIndex::EVENT;
if (event->isUIEvent()) {
if (event->isKeyboardEvent())
type = V8ClassIndex::KEYBOARDEVENT;
else if (event->isTextEvent())
type = V8ClassIndex::TEXTEVENT;
else if (event->isMouseEvent())
type = V8ClassIndex::MOUSEEVENT;
else if (event->isWheelEvent())
type = V8ClassIndex::WHEELEVENT;
#if ENABLE(TOUCH_EVENTS)
else if (event->isTouchEvent())
type = V8ClassIndex::TOUCHEVENT;
#endif
#if ENABLE(SVG)
else if (event->isSVGZoomEvent())
type = V8ClassIndex::SVGZOOMEVENT;
#endif
else
type = V8ClassIndex::UIEVENT;
} else if (event->isMutationEvent())
type = V8ClassIndex::MUTATIONEVENT;
else if (event->isOverflowEvent())
type = V8ClassIndex::OVERFLOWEVENT;
else if (event->isMessageEvent())
type = V8ClassIndex::MESSAGEEVENT;
else if (event->isProgressEvent()) {
if (event->isXMLHttpRequestProgressEvent())
type = V8ClassIndex::XMLHTTPREQUESTPROGRESSEVENT;
else
type = V8ClassIndex::PROGRESSEVENT;
} else if (event->isWebKitAnimationEvent())
type = V8ClassIndex::WEBKITANIMATIONEVENT;
else if (event->isWebKitTransitionEvent())
type = V8ClassIndex::WEBKITTRANSITIONEVENT;
v8::Handle<v8::Object> result =
InstantiateV8Object(type, V8ClassIndex::EVENT, event);
if (result.IsEmpty()) {
// Instantiation failed. Avoid updating the DOM object map and
// return null which is already handled by callers of this function
// in case the event is NULL.
return v8::Null();
}
event->ref(); // fast ref
SetJSWrapperForDOMObject(event, v8::Persistent<v8::Object>::New(result));
return result;
}
// Caller checks node is not null.
v8::Handle<v8::Value> V8Proxy::NodeToV8Object(Node* node)
{
if (!node) return v8::Null();
// Find the context to which the node belongs and create the wrapper
// in that context. If the node is not in a document, the current
// context is used.
//
// Getting the context might initialize the context which can instantiate
// a document wrapper. Therefore, we get the context before checking if
// the node already has a wrapper.
v8::Local<v8::Context> context;
Document* doc = node->document();
if (doc) {
context = V8Proxy::GetContext(doc->frame());
}
v8::Handle<v8::Object> wrapper = getDOMNodeMap().get(node);
if (!wrapper.IsEmpty())
return wrapper;
bool is_document = false; // document type node has special handling
V8ClassIndex::V8WrapperType type;
switch (node->nodeType()) {
case Node::ELEMENT_NODE:
if (node->isHTMLElement())
type = GetHTMLElementType(static_cast<HTMLElement*>(node));
#if ENABLE(SVG)
else if (node->isSVGElement())
type = GetSVGElementType(static_cast<SVGElement*>(node));
#endif
else
type = V8ClassIndex::ELEMENT;
break;
case Node::ATTRIBUTE_NODE:
type = V8ClassIndex::ATTR;
break;
case Node::TEXT_NODE:
type = V8ClassIndex::TEXT;
break;
case Node::CDATA_SECTION_NODE:
type = V8ClassIndex::CDATASECTION;
break;
case Node::ENTITY_NODE:
type = V8ClassIndex::ENTITY;
break;
case Node::PROCESSING_INSTRUCTION_NODE:
type = V8ClassIndex::PROCESSINGINSTRUCTION;
break;
case Node::COMMENT_NODE:
type = V8ClassIndex::COMMENT;
break;
case Node::DOCUMENT_NODE: {
is_document = true;
Document* doc = static_cast<Document*>(node);
if (doc->isHTMLDocument())
type = V8ClassIndex::HTMLDOCUMENT;
#if ENABLE(SVG)
else if (doc->isSVGDocument())
type = V8ClassIndex::SVGDOCUMENT;
#endif
else
type = V8ClassIndex::DOCUMENT;
break;
}
case Node::DOCUMENT_TYPE_NODE:
type = V8ClassIndex::DOCUMENTTYPE;
break;
case Node::NOTATION_NODE:
type = V8ClassIndex::NOTATION;
break;
case Node::DOCUMENT_FRAGMENT_NODE:
type = V8ClassIndex::DOCUMENTFRAGMENT;
break;
case Node::ENTITY_REFERENCE_NODE:
type = V8ClassIndex::ENTITYREFERENCE;
break;
default:
type = V8ClassIndex::NODE;
}
// Enter the node's context and create the wrapper in that context.
if (!context.IsEmpty()) {
context->Enter();
}
v8::Local<v8::Object> result =
InstantiateV8Object(type, V8ClassIndex::NODE, node);
// Exit the node's context if it was entered.
if (!context.IsEmpty()) {
context->Exit();
}
if (result.IsEmpty()) {
// If instantiation failed it's important not to add the result
// to the DOM node map. Instead we return an empty handle, which
// should already be handled by callers of this function in case
// the node is NULL.
return result;
}
node->ref();
SetJSWrapperForDOMNode(node, v8::Persistent<v8::Object>::New(result));
if (is_document) {
Document* doc = static_cast<Document*>(node);
V8Proxy* proxy = V8Proxy::retrieve(doc->frame());
if (proxy)
proxy->UpdateDocumentWrapper(result);
if (type == V8ClassIndex::HTMLDOCUMENT) {
// Create marker object and insert it in two internal fields.
// This is used to implement temporary shadowing of
// document.all.
ASSERT(result->InternalFieldCount() ==
V8Custom::kHTMLDocumentInternalFieldCount);
v8::Local<v8::Object> marker = v8::Object::New();
result->SetInternalField(V8Custom::kHTMLDocumentMarkerIndex, marker);
result->SetInternalField(V8Custom::kHTMLDocumentShadowIndex, marker);
}
}
return result;
}
// A JS object of type EventTarget can only be the following possible types:
// 1) EventTargetNode; 2) DOMWindow 3) XMLHttpRequest; 4) MessagePort;
// 5) XMLHttpRequestUpload
// check EventTarget.h for new type conversion methods
v8::Handle<v8::Value> V8Proxy::EventTargetToV8Object(EventTarget* target)
{
if (!target)
return v8::Null();
#if ENABLE(SVG)
SVGElementInstance* instance = target->toSVGElementInstance();
if (instance)
return ToV8Object(V8ClassIndex::SVGELEMENTINSTANCE, instance);
#endif
#if ENABLE(WORKERS)
Worker* worker = target->toWorker();
if (worker)
return ToV8Object(V8ClassIndex::WORKER, worker);
#endif // WORKERS
#if ENABLE(OFFLINE_WEB_APPLICATIONS)
DOMApplicationCache* app_cache = target->toDOMApplicationCache();
if (app_cache)
return ToV8Object(V8ClassIndex::DOMAPPLICATIONCACHE, app_cache);
#endif
Node* node = target->toNode();
if (node)
return NodeToV8Object(node);
if (DOMWindow* domWindow = target->toDOMWindow())
return ToV8Object(V8ClassIndex::DOMWINDOW, domWindow);
// XMLHttpRequest is created within its JS counterpart.
XMLHttpRequest* xhr = target->toXMLHttpRequest();
if (xhr) {
v8::Handle<v8::Object> wrapper = getActiveDOMObjectMap().get(xhr);
ASSERT(!wrapper.IsEmpty());
return wrapper;
}
// MessagePort is created within its JS counterpart
MessagePort* port = target->toMessagePort();
if (port) {
v8::Handle<v8::Object> wrapper = getActiveDOMObjectMap().get(port);
ASSERT(!wrapper.IsEmpty());
return wrapper;
}
XMLHttpRequestUpload* upload = target->toXMLHttpRequestUpload();
if (upload) {
v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(upload);
ASSERT(!wrapper.IsEmpty());
return wrapper;
}
ASSERT(0);
return v8::Handle<v8::Value>();
}
v8::Handle<v8::Value> V8Proxy::EventListenerToV8Object(
EventListener* listener)
{
if (listener == 0) return v8::Null();
// TODO(fqian): can a user take a lazy event listener and set to other places?
V8AbstractEventListener* v8listener =
static_cast<V8AbstractEventListener*>(listener);
return v8listener->getListenerObject();
}
v8::Handle<v8::Value> V8Proxy::DOMImplementationToV8Object(
DOMImplementation* impl)
{
v8::Handle<v8::Object> result =
InstantiateV8Object(V8ClassIndex::DOMIMPLEMENTATION,
V8ClassIndex::DOMIMPLEMENTATION,
impl);
if (result.IsEmpty()) {
// If the instantiation failed, we ignore it and return null instead
// of returning an empty handle.
return v8::Null();
}
return result;
}
v8::Handle<v8::Value> V8Proxy::StyleSheetToV8Object(StyleSheet* sheet)
{
if (!sheet) return v8::Null();
v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(sheet);
if (!wrapper.IsEmpty())
return wrapper;
V8ClassIndex::V8WrapperType type = V8ClassIndex::STYLESHEET;
if (sheet->isCSSStyleSheet())
type = V8ClassIndex::CSSSTYLESHEET;
v8::Handle<v8::Object> result =
InstantiateV8Object(type, V8ClassIndex::STYLESHEET, sheet);
if (!result.IsEmpty()) {
// Only update the DOM object map if the result is non-empty.
sheet->ref();
SetJSWrapperForDOMObject(sheet, v8::Persistent<v8::Object>::New(result));
}
// Add a hidden reference from stylesheet object to its owner node.
Node* owner_node = sheet->ownerNode();
if (owner_node) {
v8::Handle<v8::Object> owner =
v8::Handle<v8::Object>::Cast(NodeToV8Object(owner_node));
result->SetInternalField(V8Custom::kStyleSheetOwnerNodeIndex, owner);
}
return result;
}
v8::Handle<v8::Value> V8Proxy::CSSValueToV8Object(CSSValue* value)
{
if (!value) return v8::Null();
v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(value);
if (!wrapper.IsEmpty())
return wrapper;
V8ClassIndex::V8WrapperType type;
if (value->isWebKitCSSTransformValue())
type = V8ClassIndex::WEBKITCSSTRANSFORMVALUE;
else if (value->isValueList())
type = V8ClassIndex::CSSVALUELIST;
else if (value->isPrimitiveValue())
type = V8ClassIndex::CSSPRIMITIVEVALUE;
#if ENABLE(SVG)
else if (value->isSVGPaint())
type = V8ClassIndex::SVGPAINT;
else if (value->isSVGColor())
type = V8ClassIndex::SVGCOLOR;
#endif
else
type = V8ClassIndex::CSSVALUE;
v8::Handle<v8::Object> result =
InstantiateV8Object(type, V8ClassIndex::CSSVALUE, value);
if (!result.IsEmpty()) {
// Only update the DOM object map if the result is non-empty.
value->ref();
SetJSWrapperForDOMObject(value, v8::Persistent<v8::Object>::New(result));
}
return result;
}
v8::Handle<v8::Value> V8Proxy::CSSRuleToV8Object(CSSRule* rule)
{
if (!rule) return v8::Null();
v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(rule);
if (!wrapper.IsEmpty())
return wrapper;
V8ClassIndex::V8WrapperType type;
switch (rule->type()) {
case CSSRule::STYLE_RULE:
type = V8ClassIndex::CSSSTYLERULE;
break;
case CSSRule::CHARSET_RULE:
type = V8ClassIndex::CSSCHARSETRULE;
break;
case CSSRule::IMPORT_RULE:
type = V8ClassIndex::CSSIMPORTRULE;
break;
case CSSRule::MEDIA_RULE:
type = V8ClassIndex::CSSMEDIARULE;
break;
case CSSRule::FONT_FACE_RULE:
type = V8ClassIndex::CSSFONTFACERULE;
break;
case CSSRule::PAGE_RULE:
type = V8ClassIndex::CSSPAGERULE;
break;
case CSSRule::VARIABLES_RULE:
type = V8ClassIndex::CSSVARIABLESRULE;
break;
case CSSRule::WEBKIT_KEYFRAME_RULE:
type = V8ClassIndex::WEBKITCSSKEYFRAMERULE;
break;
case CSSRule::WEBKIT_KEYFRAMES_RULE:
type = V8ClassIndex::WEBKITCSSKEYFRAMESRULE;
break;
default: // CSSRule::UNKNOWN_RULE
type = V8ClassIndex::CSSRULE;
break;
}
v8::Handle<v8::Object> result =
InstantiateV8Object(type, V8ClassIndex::CSSRULE, rule);
if (!result.IsEmpty()) {
// Only update the DOM object map if the result is non-empty.
rule->ref();
SetJSWrapperForDOMObject(rule, v8::Persistent<v8::Object>::New(result));
}
return result;
}
v8::Handle<v8::Value> V8Proxy::WindowToV8Object(DOMWindow* window)
{
if (!window) return v8::Null();
// Initializes environment of a frame, and return the global object
// of the frame.
Frame* frame = window->frame();
if (!frame)
return v8::Handle<v8::Object>();
// Special case: Because of evaluateInNewContext() one DOMWindow can have
// multiple contexts and multiple global objects associated with it. When
// code running in one of those contexts accesses the window object, we
// want to return the global object associated with that context, not
// necessarily the first global object associated with that DOMWindow.
v8::Handle<v8::Context> current_context = v8::Context::GetCurrent();
v8::Handle<v8::Object> current_global = current_context->Global();
v8::Handle<v8::Object> windowWrapper =
LookupDOMWrapper(V8ClassIndex::DOMWINDOW, current_global);
if (!windowWrapper.IsEmpty())
if (DOMWrapperToNative<DOMWindow>(windowWrapper) == window)
return current_global;
// Otherwise, return the global object associated with this frame.
v8::Handle<v8::Context> context = GetContext(frame);
if (context.IsEmpty())
return v8::Handle<v8::Object>();
v8::Handle<v8::Object> global = context->Global();
ASSERT(!global.IsEmpty());
return global;
}
void V8Proxy::BindJSObjectToWindow(Frame* frame,
const char* name,
int type,
v8::Handle<v8::FunctionTemplate> desc,
void* imp)
{
// Get environment.
v8::Handle<v8::Context> context = V8Proxy::GetContext(frame);
if (context.IsEmpty())
return; // JS not enabled.
v8::Context::Scope scope(context);
v8::Handle<v8::Object> instance = desc->GetFunction();
SetDOMWrapper(instance, type, imp);
v8::Handle<v8::Object> global = context->Global();
global->Set(v8::String::New(name), instance);
}
void V8Proxy::ProcessConsoleMessages()
{
ConsoleMessageManager::ProcessDelayedMessages();
}
// Create the utility context for holding JavaScript functions used internally
// which are not visible to JavaScript executing on the page.
void V8Proxy::CreateUtilityContext() {
ASSERT(m_utilityContext.IsEmpty());
v8::HandleScope scope;
v8::Handle<v8::ObjectTemplate> global_template = v8::ObjectTemplate::New();
m_utilityContext = v8::Context::New(NULL, global_template);
v8::Context::Scope context_scope(m_utilityContext);
// Compile JavaScript function for retrieving the source line of the top
// JavaScript stack frame.
static const char* frame_source_line_source =
"function frame_source_line(exec_state) {"
" return exec_state.frame(0).sourceLine();"
"}";
v8::Script::Compile(v8::String::New(frame_source_line_source))->Run();
// Compile JavaScript function for retrieving the source name of the top
// JavaScript stack frame.
static const char* frame_source_name_source =
"function frame_source_name(exec_state) {"
" var frame = exec_state.frame(0);"
" if (frame.func().resolved() && "
" frame.func().script() && "
" frame.func().script().name()) {"
" return frame.func().script().name();"
" }"
"}";
v8::Script::Compile(v8::String::New(frame_source_name_source))->Run();
}
int V8Proxy::GetSourceLineNumber() {
#if PLATFORM(ANDROID)
// TODO(andreip): consider V8's DEBUG flag here, rather than PLATFORM(ANDROID)
// or, even better, the WEBKIT inspector flag.
return 0;
#else
v8::HandleScope scope;
v8::Handle<v8::Context> utility_context = V8Proxy::GetUtilityContext();
if (utility_context.IsEmpty()) {
return 0;
}
v8::Context::Scope context_scope(utility_context);
v8::Handle<v8::Function> frame_source_line;
frame_source_line = v8::Local<v8::Function>::Cast(
utility_context->Global()->Get(v8::String::New("frame_source_line")));
if (frame_source_line.IsEmpty()) {
return 0;
}
v8::Handle<v8::Value> result = v8::Debug::Call(frame_source_line);
if (result.IsEmpty()) {
return 0;
}
return result->Int32Value();
#endif
}
String V8Proxy::GetSourceName() {
#if PLATFORM(ANDROID)
return String();
#else
v8::HandleScope scope;
v8::Handle<v8::Context> utility_context = GetUtilityContext();
if (utility_context.IsEmpty()) {
return String();
}
v8::Context::Scope context_scope(utility_context);
v8::Handle<v8::Function> frame_source_name;
frame_source_name = v8::Local<v8::Function>::Cast(
utility_context->Global()->Get(v8::String::New("frame_source_name")));
if (frame_source_name.IsEmpty()) {
return String();
}
return ToWebCoreString(v8::Debug::Call(frame_source_name));
#endif
}
void V8Proxy::RegisterExtension(v8::Extension* extension,
const String& schemeRestriction) {
v8::RegisterExtension(extension);
V8ExtensionInfo info = {schemeRestriction, extension};
m_extensions.append(info);
}
} // namespace WebCore