| Index: src/top.cc
|
| ===================================================================
|
| --- src/top.cc (revision 539)
|
| +++ src/top.cc (working copy)
|
| @@ -66,7 +66,6 @@
|
|
|
| void Top::Iterate(ObjectVisitor* v, ThreadLocalTop* thread) {
|
| v->VisitPointer(&(thread->pending_exception_));
|
| - v->VisitPointer(bit_cast<Object**, Context**>(&(thread->security_context_)));
|
| v->VisitPointer(bit_cast<Object**, Context**>(&(thread->context_)));
|
| v->VisitPointer(&(thread->scheduled_exception_));
|
|
|
| @@ -96,7 +95,6 @@
|
| thread_local_.handler_ = 0;
|
| thread_local_.stack_is_cooked_ = false;
|
| thread_local_.try_catch_handler_ = NULL;
|
| - thread_local_.security_context_ = NULL;
|
| thread_local_.context_ = NULL;
|
| thread_local_.external_caught_exception_ = false;
|
| thread_local_.failed_access_check_callback_ = NULL;
|
| @@ -444,7 +442,7 @@
|
| if (!thread_local_.failed_access_check_callback_) return;
|
|
|
| ASSERT(receiver->IsAccessCheckNeeded());
|
| - ASSERT(Top::security_context());
|
| + ASSERT(Top::context());
|
| // The callers of this method are not expecting a GC.
|
| AssertNoAllocation no_gc;
|
|
|
| @@ -465,24 +463,46 @@
|
| v8::Utils::ToLocal(data));
|
| }
|
|
|
| +
|
| +enum MayAccessDecision{
|
| + YES, NO, UNKNOWN
|
| +};
|
| +
|
| +
|
| +static MayAccessDecision MayAccessPreCheck(JSObject* receiver,
|
| + v8::AccessType type) {
|
| + // During bootstrapping, callback functions are not enabled yet.
|
| + if (Bootstrapper::IsActive()) return YES;
|
| +
|
| + if (receiver->IsJSGlobalProxy()) {
|
| + Object* receiver_context = JSGlobalProxy::cast(receiver)->context();
|
| + if (!receiver_context->IsContext()) return NO;
|
| +
|
| + // Get the global context of current top context.
|
| + // avoid using Top::global_context() because it uses Handle.
|
| + Context* global_context = Top::context()->global()->global_context();
|
| + if (receiver_context == global_context) return YES;
|
| +
|
| + if (Context::cast(receiver_context)->security_token() ==
|
| + global_context->security_token())
|
| + return YES;
|
| + }
|
| +
|
| + return UNKNOWN;
|
| +}
|
| +
|
| +
|
| bool Top::MayNamedAccess(JSObject* receiver, Object* key, v8::AccessType type) {
|
| ASSERT(receiver->IsAccessCheckNeeded());
|
| // Check for compatibility between the security tokens in the
|
| - // current security context and the accessed object.
|
| - ASSERT(Top::security_context());
|
| + // current lexical context and the accessed object.
|
| + ASSERT(Top::context());
|
| // The callers of this method are not expecting a GC.
|
| AssertNoAllocation no_gc;
|
|
|
| - // During bootstrapping, callback functions are not enabled yet.
|
| - if (Bootstrapper::IsActive()) return true;
|
| + MayAccessDecision decision = MayAccessPreCheck(receiver, type);
|
| + if (decision != UNKNOWN) return decision == YES;
|
|
|
| - if (receiver->IsJSGlobalObject()) {
|
| - JSGlobalObject* global = JSGlobalObject::cast(receiver);
|
| - JSGlobalObject* current =
|
| - JSGlobalObject::cast(Top::security_context()->global());
|
| - if (current->security_token() == global->security_token()) return true;
|
| - }
|
| -
|
| // Get named access check callback
|
| JSFunction* constructor = JSFunction::cast(receiver->map()->constructor());
|
| Object* info = constructor->shared()->function_data();
|
| @@ -520,21 +540,14 @@
|
| v8::AccessType type) {
|
| ASSERT(receiver->IsAccessCheckNeeded());
|
| // Check for compatibility between the security tokens in the
|
| - // current security context and the accessed object.
|
| - ASSERT(Top::security_context());
|
| + // current lexical context and the accessed object.
|
| + ASSERT(Top::context());
|
| // The callers of this method are not expecting a GC.
|
| AssertNoAllocation no_gc;
|
|
|
| - // During bootstrapping, callback functions are not enabled yet.
|
| - if (Bootstrapper::IsActive()) return true;
|
| + MayAccessDecision decision = MayAccessPreCheck(receiver, type);
|
| + if (decision != UNKNOWN) return decision == YES;
|
|
|
| - if (receiver->IsJSGlobalObject()) {
|
| - JSGlobalObject* global = JSGlobalObject::cast(receiver);
|
| - JSGlobalObject* current =
|
| - JSGlobalObject::cast(Top::security_context()->global());
|
| - if (current->security_token() == global->security_token()) return true;
|
| - }
|
| -
|
| // Get indexed access check callback
|
| JSFunction* constructor = JSFunction::cast(receiver->map()->constructor());
|
| Object* info = constructor->shared()->function_data();
|
| @@ -570,8 +583,7 @@
|
| HandleScope scope;
|
| Handle<String> key = Factory::stack_overflow_symbol();
|
| Handle<JSObject> boilerplate =
|
| - Handle<JSObject>::cast(
|
| - GetProperty(Top::security_context_builtins(), key));
|
| + Handle<JSObject>::cast(GetProperty(Top::builtins(), key));
|
| Handle<Object> exception = Copy(boilerplate);
|
| // TODO(1240995): To avoid having to call JavaScript code to compute
|
| // the message for stack overflow exceptions which is very likely to
|
|
|
Chromium Code Reviews
Issue 7366:
Split window support from V8. ... (Closed)
Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/