bindings: Makes the window object be the inner global object.

third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp

 /*
  * Copyright (C) 2008, 2009, 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 227 matching lines @@
     ScriptState::Scope scope(m_scriptState.get());
     v8::Local<v8::Context> context = m_scriptState->context();
     if (m_global.isEmpty()) {
         m_global.set(m_isolate, context->Global());
         if (m_global.isEmpty()) {
             disposeContext(DoNotDetachGlobal);
             return false;
         }
     }
 
-    if (!installDOMWindow()) {
+    if (!setupWindowPrototypeChain()) {
         disposeContext(DoNotDetachGlobal);
         return false;
     }
 
     SecurityOrigin* origin = 0;
     if (m_world->isMainWorld()) {
         // ActivityLogger for main world is updated within updateDocument().
         updateDocument();
         origin = m_frame->securityContext()->getSecurityOrigin();
         // FIXME: Can this be removed when CSP moves to browser?
         ContentSecurityPolicy* csp = m_frame->securityContext()->contentSecurityPolicy();
         context->AllowCodeGenerationFromStrings(csp->allowEval(0, ContentSecurityPolicy::SuppressReport));
         context->SetErrorMessageForCodeGenerationFromStrings(v8String(m_isolate, csp->evalDisabledErrorMessage()));
     } else {
         updateActivityLogger();
         origin = m_world->isolatedWorldSecurityOrigin();
         setSecurityToken(origin);
     }
     if (m_frame->isLocalFrame()) {
         LocalFrame* frame = toLocalFrame(m_frame);
         MainThreadDebugger::instance()->contextCreated(m_scriptState.get(), frame, origin);
         frame->loader().client()->didCreateScriptContext(context, m_world->extensionGroup(), m_world->worldId());
     }
     return true;
 }
 
-namespace {
-
-void configureInnerGlobalObjectTemplate(v8::Local<v8::ObjectTemplate> templ, v8::Isolate* isolate)
-{
-    // Install a security handler with V8.
-    templ->SetAccessCheckCallback(V8Window::securityCheckCustom, v8::External::New(isolate, const_cast<WrapperTypeInfo*>(&V8Window::wrapperTypeInfo)));
-    templ->SetInternalFieldCount(V8Window::internalFieldCount);
-}
-
-v8::Local<v8::ObjectTemplate> getInnerGlobalObjectTemplate(v8::Isolate* isolate)
-{
-    // It is OK to share the same object template between the main world and
-    // non-main worlds because the inner global object doesn't install any
-    // DOM attributes/methods.
-    DEFINE_STATIC_LOCAL(v8::Persistent<v8::ObjectTemplate>, innerGlobalObjectTemplate, ());
-    if (innerGlobalObjectTemplate.IsEmpty()) {
-        TRACE_EVENT_SCOPED_SAMPLING_STATE("blink", "BuildDOMTemplate");
-        v8::Local<v8::ObjectTemplate> templ = v8::ObjectTemplate::New(isolate);
-        configureInnerGlobalObjectTemplate(templ, isolate);
-        innerGlobalObjectTemplate.Reset(isolate, templ);
-    }
-    return v8::Local<v8::ObjectTemplate>::New(isolate, innerGlobalObjectTemplate);
-}
-
-} // namespace
-
 void WindowProxy::createContext()
 {
     // FIXME: This should be a null check of m_frame->client(), but there are still some edge cases
     // that this fails to catch during frame detach.
     if (m_frame->isLocalFrame() && !toLocalFrame(m_frame)->loader().documentLoader())
         return;
 
-    // Create a new environment using an empty template for the shadow
-    // object. Reuse the global object if one has been created earlier.
-    v8::Local<v8::ObjectTemplate> globalTemplate = getInnerGlobalObjectTemplate(m_isolate);
+    // Create a new v8::Context with the window object as the global object
+    // (aka the inner global).  Reuse the global proxy object (aka the outer
+    // global) if it already exists.  See the comments in
+    // setupWindowPrototypeChain for the structure of the prototype chain of
+    // the global object.
+    v8::Local<v8::ObjectTemplate> globalTemplate = V8Window::domTemplate(m_isolate, *m_world)->InstanceTemplate();
     if (globalTemplate.IsEmpty())
         return;
 
     // FIXME: It's not clear what the right thing to do for remote frames is.
     // The extensions registered don't generally seem to make sense for remote
     // frames, so skip it for now.
     Vector<const char*> extensionNames;
     if (m_frame->isLocalFrame()) {
         LocalFrame* frame = toLocalFrame(m_frame);
         // Dynamically tell v8 about our extensions now.
         const V8Extensions& extensions = ScriptController::registeredExtensions();
         extensionNames.reserveInitialCapacity(extensions.size());
         int extensionGroup = m_world->extensionGroup();
         int worldId = m_world->worldId();
         for (const auto* extension : extensions) {
             if (!frame->loader().client()->allowScriptExtension(extension->name(), extensionGroup, worldId))
                 continue;
 
             extensionNames.append(extension->name());
         }
     }
     v8::ExtensionConfiguration extensionConfiguration(extensionNames.size(), extensionNames.data());
 
-    v8::Local<v8::Context> context = v8::Context::New(m_isolate, &extensionConfiguration, globalTemplate, m_global.newLocal(m_isolate));
+    v8::Local<v8::Context> context;
+    {
+        V8PerIsolateData::UseCounterDisabledScope useCounterDisabled(V8PerIsolateData::from(m_isolate));
+        context = v8::Context::New(m_isolate, &extensionConfiguration, globalTemplate, m_global.newLocal(m_isolate));
+    }
     if (context.IsEmpty())
         return;
     m_scriptState = ScriptState::create(context, m_world);
 }
 
-static v8::Local<v8::Object> toInnerGlobalObject(v8::Local<v8::Context> context)
+bool WindowProxy::setupWindowPrototypeChain()
 {
-    return v8::Local<v8::Object>::Cast(context->Global()->GetPrototype());
-}
+    // Associate the window wrapper object and its prototype chain with the
+    // corresponding native DOMWindow object.
+    // The full structure of the global object's prototype chain is as follows:
+    //
+    // global proxy object [1]
+    //   -- has prototype --> global object (window wrapper object) [2]

[haraken, 2016/04/18 08:04:15]

I'd rename:

- "global proxy object" => "outer global object"
- "global object" => "inner global object"

+    //   -- has prototype --> Window.prototype
+    //   -- has prototype --> WindowProperties [3]
+    //   -- has prototype --> EventTarget.prototype
+    //   -- has prototype --> Object.prototype
+    //   -- has prototype --> null
+    //
+    // [1] Global proxy object is as known as "outer global object".  It's an
+    //   empty object and remains after navigation.  When navigated, points to
+    //   a different global object as the prototype object.
+    // [2] Global object is as known as "inner global object" or "window wrapper
+    //   object".  The prototype chain between global proxy object and global
+    //   object is NOT observable from user JavaScript code.  All other
+    //   prototype chains are observable.  Global proxy object and global object
+    //   together appear to be the same single JavaScript object.  See also:
+    //     https://wiki.mozilla.org/Gecko:SplitWindow
+    //   global object (= window wrapper object) provides most of Window's DOM
+    //   attributes and operations.  Also global variables defined by user
+    //   JavaScript are placed on this object.  When navigated, a new global
+    //   object is created together with a new v8::Context, but the global proxy
+    //   object doesn't change.
+    // [3] WindowProperties is a named properties object of Window interface.
 
-bool WindowProxy::installDOMWindow()
-{
     DOMWindow* window = m_frame->domWindow();
     const WrapperTypeInfo* wrapperTypeInfo = window->wrapperTypeInfo();
-    v8::Local<v8::Object> windowWrapper;
-    v8::Local<v8::Function> constructor = m_scriptState->perContextData()->constructorForType(wrapperTypeInfo);
-    if (constructor.IsEmpty())
-        return false;
-    if (!V8ObjectConstructor::newInstance(m_isolate, constructor).ToLocal(&windowWrapper))
-        return false;
+
+    v8::Local<v8::Context> context = m_scriptState->context();
+    // The global proxy object.  Note this is not the global object.
+    v8::Local<v8::Object> globalProxy = context->Global();
+    // The global object, aka window wrapper object.
+    v8::Local<v8::Object> windowWrapper = globalProxy->GetPrototype().As<v8::Object>();
     windowWrapper = V8DOMWrapper::associateObjectWithWrapper(m_isolate, window, wrapperTypeInfo, windowWrapper);
-
-    v8::Local<v8::Object> windowPrototype = v8::Local<v8::Object>::Cast(windowWrapper->GetPrototype());
+    // The prototype object of Window interface.
+    v8::Local<v8::Object> windowPrototype = windowWrapper->GetPrototype().As<v8::Object>();
     RELEASE_ASSERT(!windowPrototype.IsEmpty());
     V8DOMWrapper::setNativeInfo(windowPrototype, wrapperTypeInfo, window);

[haraken, 2016/04/18 08:04:15]

Not directly related to this CL, do you know why we need to call setNativeInfo
for the prototype object? We're not calling it for worker's prototype object.

[Yuki, 2016/04/18 08:27:07]

Not sure.  I vaguely guess that we can remove it.

-    v8::Local<v8::Object> windowProperties = v8::Local<v8::Object>::Cast(windowPrototype->GetPrototype());
+    // The named properties object of Window interface.
+    v8::Local<v8::Object> windowProperties = windowPrototype->GetPrototype().As<v8::Object>();
     RELEASE_ASSERT(!windowProperties.IsEmpty());
     V8DOMWrapper::setNativeInfo(windowProperties, wrapperTypeInfo, window);

[haraken, 2016/04/18 08:04:15]

Ditto.

 
-    // Install the windowWrapper as the prototype of the innerGlobalObject.
-    // The full structure of the global object is as follows:
-    //
-    // outerGlobalObject (Empty object, remains after navigation)
-    //   -- has prototype --> innerGlobalObject (Holds global variables, changes during navigation)
-    //   -- has prototype --> DOMWindow instance
-    //   -- has prototype --> Window.prototype
-    //   -- has prototype --> WindowProperties (named properties object)
-    //   -- has prototype --> EventTarget.prototype
-    //   -- has prototype --> Object.prototype
-    //
-    // Note: Much of this prototype structure is hidden from web content. The
-    //       outer, inner, and DOMWindow instance all appear to be the same
-    //       JavaScript object.
-    v8::Local<v8::Context> context = m_scriptState->context();
-    v8::Local<v8::Object> innerGlobalObject = toInnerGlobalObject(m_scriptState->context());
-    V8DOMWrapper::setNativeInfo(innerGlobalObject, wrapperTypeInfo, window);
-    if (!v8CallBoolean(innerGlobalObject->SetPrototype(context, windowWrapper)))
-        return false;
-
     // TODO(keishi): Remove installPagePopupController and implement
     // PagePopupController in another way.
     V8PagePopupControllerBinding::installPagePopupController(context, windowWrapper);
     return true;
 }
 
 void WindowProxy::updateDocumentWrapper(v8::Local<v8::Object> wrapper)
 {
     ASSERT(m_world->isMainWorld());
     m_document.set(m_isolate, wrapper);
@@ skipping 166 matching lines @@
 }
 
 void WindowProxy::updateSecurityOrigin(SecurityOrigin* origin)
 {
     if (!isContextInitialized())
         return;
     setSecurityToken(origin);
 }
 
 } // namespace blink