Add access checks to V8WrapperInstationScope.

Source/bindings/core/v8/V8DOMWrapper.cpp

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 16 matching lines @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "bindings/core/v8/V8DOMWrapper.h"
 
 #include "bindings/core/v8/V8Binding.h"
 #include "bindings/core/v8/V8HTMLCollection.h"
 #include "bindings/core/v8/V8HTMLDocument.h"
+#include "bindings/core/v8/V8Location.h"
 #include "bindings/core/v8/V8ObjectConstructor.h"
 #include "bindings/core/v8/V8PerContextData.h"
 #include "bindings/core/v8/V8PerIsolateData.h"
 #include "bindings/core/v8/V8ScriptRunner.h"
 #include "bindings/core/v8/V8Window.h"
 
 namespace blink {
 
 static v8::Local<v8::Object> wrapInShadowTemplate(v8::Local<v8::Object> wrapper, ScriptWrappable* scriptWrappable, v8::Isolate* isolate)
 {
@@ skipping 18 matching lines @@
     if (!V8ScriptRunner::instantiateObject(isolate, shadowConstructor).ToLocal(&shadow))
         return v8::Local<v8::Object>();
     if (!v8CallBoolean(shadow->SetPrototype(isolate->GetCurrentContext(), wrapper)))
         return v8::Local<v8::Object>();
     V8DOMWrapper::setNativeInfo(wrapper, &V8HTMLDocument::wrapperTypeInfo, scriptWrappable);
     return shadow;
 }
 
 v8::Local<v8::Object> V8DOMWrapper::createWrapper(v8::Isolate* isolate, v8::Local<v8::Object> creationContext, const WrapperTypeInfo* type, ScriptWrappable* scriptWrappable)
 {
-    V8WrapperInstantiationScope scope(creationContext, isolate);
+    bool withSecurityCheck = !type->equals(&V8Window::wrapperTypeInfo) && !type->equals(&V8Location::wrapperTypeInfo);

[haraken, 2015/07/30 10:43:36]

I guess this might regress performance. As commented in V8DOMWrapper.h, I wonder
why we want to enable the security check only for location.

[Yuki, 2015/07/30 11:00:54]

It seems that the CL is enabling the security check except for Location.

By the way, we never come to here with Window.

[haraken, 2015/07/30 11:08:06]

Thanks, that totally makes sense to me.

- Remove the type->equals(&V8Window::wrapperTypeInfo) check.
- Add ASSERT(!type->equals(&V8Window::wrapperTypeInfo)).
- Add a comment why Location is special-cased.

+    V8WrapperInstantiationScope scope(creationContext, isolate, withSecurityCheck);
 
     V8PerContextData* perContextData = V8PerContextData::from(scope.context());
     v8::Local<v8::Object> wrapper;
     if (perContextData) {
         wrapper = perContextData->createWrapperFromCache(type);
     } else {
         v8::Local<v8::Function> function;
         if (!type->domTemplate(isolate)->GetFunction(isolate->GetCurrentContext()).ToLocal(&function))
             return v8::Local<v8::Object>();
         if (!V8ObjectConstructor::newInstance(isolate, function).ToLocal(&wrapper))
@@ skipping 32 matching lines @@
         return false;
 
     const ScriptWrappable* untrustedScriptWrappable = toScriptWrappable(object);
     const WrapperTypeInfo* untrustedWrapperTypeInfo = toWrapperTypeInfo(object);
     return untrustedScriptWrappable
         && untrustedWrapperTypeInfo
         && untrustedWrapperTypeInfo->ginEmbedder == gin::kEmbedderBlink;
 }
 
 } // namespace blink