Add a scoping object to help block scripting during plugin destruction.

Source/platform/ReentrantScriptForbiddenScope.h

Index: Source/platform/ReentrantScriptForbiddenScope.h
diff --git a/Source/platform/ReentrantScriptForbiddenScope.h b/Source/platform/ReentrantScriptForbiddenScope.h
new file mode 100644
index 0000000000000000000000000000000000000000..2389b78a8388fea3f19c9a53bbe823cbe8b5ac91
--- /dev/null
+++ b/Source/platform/ReentrantScriptForbiddenScope.h
@@ -0,0 +1,49 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef ReentrantScriptForbiddenScope_h
+#define ReentrantScriptForbiddenScope_h
+
+#include "platform/PlatformExport.h"
+
+namespace blink {
+
+// Similar to ScriptForbiddenScope, but more selective. This is intended to help

[haraken, 2015/06/10 02:14:37]

I don't fully understand the difference. What's an issue of just using
ScriptForbiddenScope for your purpose?

[dcheng, 2015/06/10 02:18:40]

ScriptForbiddenScope would block all script execution.

This would break things like FrameLoader::commitProvisionalLoad, where we still
need JS for unload event handlers to run. The only thing I want to block is
plugins calling back into Blink to execute script.

Sorry this comment is really long, but it's a very messy area and I couldn't
think of a good way to shorten it.

[haraken, 2015/06/10 02:22:19]

Makes sense. If this is a plugin-specific thing, shall we rename
ReentrantScriptForbiddenScope to PluginScriptForbiddenScope?
ReentrantScriptForbiddenScope is confusing because ScriptForbiddenScope is
reentrant as well.

[dcheng, 2015/06/10 03:11:03]

Done.

+// reduce the number of places where Flash can run a nested message loop as its
+// plugin element is being destroyed. One of the reasons that Flash runs this
+// nested message loop is to allow Flash content to synchronously script the
+// page when the plugin element is destroyed.
+//
+// This is problematic for many reasons: the DOM may not be in a consistent
+// state, since Blink is in the middle of detaching nodes, nested message loops
+// can cause normally impossible conditions to occur (https://crbug.com/367210),
+// etc.
+//
+// When this object is instantiated on the stack, it allows execution of event
+// handlers, etc but blocks attempts by plugins to call back into Blink to
+// execute script.
+//
+// Background:
+// For historical reasons, Flash has allowed synchronous scripting during
+// teardown of the plugin. This is generally problematic, but sites apparently
+// rely on this behavior. Over time, Blink has added restrictions on this
+// synchronous scripting: for example, past a certain point in Frame detach,
+// script execution by Flash is ignored: https://crbug.com/371084.
+//
+// Unfortunately, there are still ways for plugins to synchronously script
+// during Document detach: if an unload handler removes a Flash plugin element,
+// that will run the nested message loop, etc. This scoper is intended to block
+// those usages, with the eventual goal that Frame detach will never have to run
+// a nested message loop.

[haraken, 2015/06/10 02:14:37]

Great comment!

+class PLATFORM_EXPORT ReentrantScriptForbiddenScope {
+public:
+    ReentrantScriptForbiddenScope();
+    ~ReentrantScriptForbiddenScope();
+
+    static bool isForbidden();
+};
+
+} // namespace blink
+
+#endif // ReentrantScriptForbiddenScope_h