[DO NOT COMMIT] CallWith=ScriptState with iframe

[DO NOT COMMIT] CallWith=ScriptState with iframe

BUG=

[yhirano, 2016-04-18 08:54:56]

yhirano@chromium.org changed reviewers:
+ haraken@chromium.org, shimazu@chromium.org, yukishiino@chromium.or

[yhirano, 2016-04-18 08:54:57]

See
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
I expected this test passes.

[haraken, 2016-04-18 11:10:30]

On 2016/04/18 08:54:57, yhirano wrote:
> See
>
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
> I expected this test passes.

I think the existing behavior is correct.

  var obj = iframe.contentWindow.TestObject;
  obj.getScriptStateURL();

should return the same result as:

  iframe.contentWindow.TestObject.getScriptStateURL();

The latter should clearly return the URL of the iframe's context. This means
that the former should return the URL of the iframe's context.

[yhirano1, 2016-04-18 11:16:28]

On 2016/04/18 11:10:30, haraken wrote:
> On 2016/04/18 08:54:57, yhirano wrote:
> > See
> >
>
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
> > I expected this test passes.
> 
> I think the existing behavior is correct.
> 
>   var obj = iframe.contentWindow.TestObject;
>   obj.getScriptStateURL();
> 

(Note: I'm creating a new TestObject instance in the test. I don't know if it
changes the conclusion)


> should return the same result as:
> 
>   iframe.contentWindow.TestObject.getScriptStateURL();
> 

> The latter should clearly return the URL of the iframe's context. This means
> that the former should return the URL of the iframe's context.

Can you explain this a bit?

[haraken, 2016-04-18 13:11:42]

On 2016/04/18 11:16:28, yhirano1 wrote:
> On 2016/04/18 11:10:30, haraken wrote:
> > On 2016/04/18 08:54:57, yhirano wrote:
> > > See
> > >
> >
>
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
> > > I expected this test passes.
> > 
> > I think the existing behavior is correct.
> > 
> >   var obj = iframe.contentWindow.TestObject;
> >   obj.getScriptStateURL();
> > 
> 
> (Note: I'm creating a new TestObject instance in the test. I don't know if it
> changes the conclusion)
> 
> 
> > should return the same result as:
> > 
> >   iframe.contentWindow.TestObject.getScriptStateURL();
> > 
> 
> > The latter should clearly return the URL of the iframe's context. This means
> > that the former should return the URL of the iframe's context.
> 
> Can you explain this a bit?

(Disclaimer: I haven't yet verified my theory -- so the following description
might be wrong.)

- When you create a new wrapper in x.bar(), the new wrapper is created in x's
creation context. When you create a new TestObject in
iframe.contentWindow.TestObject, the TestObject is created in the iframe's
context.

- When you call x.foo() and V8 calls back fooMethodCallback in V8 binding,
isolate->GetCurrentContext is pointing to the context of x's creation context.
When you call obj.getScriptStateURL(), the callback method runs with
isolate->GetCurrentContext pointing to the obj's creation context; i.e., the
iframe's context. Then it returns a URL of the iframe's context.

[yhirano, 2016-04-20 03:38:30]

On 2016/04/18 13:11:42, haraken wrote:
> On 2016/04/18 11:16:28, yhirano1 wrote:
> > On 2016/04/18 11:10:30, haraken wrote:
> > > On 2016/04/18 08:54:57, yhirano wrote:
> > > > See
> > > >
> > >
> >
>
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
> > > > I expected this test passes.
> > > 
> > > I think the existing behavior is correct.
> > > 
> > >   var obj = iframe.contentWindow.TestObject;
> > >   obj.getScriptStateURL();
> > > 
> > 
> > (Note: I'm creating a new TestObject instance in the test. I don't know if
it
> > changes the conclusion)
> > 
> > 
> > > should return the same result as:
> > > 
> > >   iframe.contentWindow.TestObject.getScriptStateURL();
> > > 
> > 
> > > The latter should clearly return the URL of the iframe's context. This
means
> > > that the former should return the URL of the iframe's context.
> > 
> > Can you explain this a bit?
> 
> (Disclaimer: I haven't yet verified my theory -- so the following description
> might be wrong.)
> 
> - When you create a new wrapper in x.bar(), the new wrapper is created in x's
> creation context. When you create a new TestObject in
> iframe.contentWindow.TestObject, the TestObject is created in the iframe's
> context.
> 
> - When you call x.foo() and V8 calls back fooMethodCallback in V8 binding,
> isolate->GetCurrentContext is pointing to the context of x's creation context.
> When you call obj.getScriptStateURL(), the callback method runs with
> isolate->GetCurrentContext pointing to the obj's creation context; i.e., the
> iframe's context. Then it returns a URL of the iframe's context.

v8::internal::Execution::Call[1] enters |function|'s context and hence we are in
|foo|'s creation context in your example, right?

1:
https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/execution.c...

[haraken, 2016-04-20 04:28:54]

On 2016/04/20 03:38:30, yhirano wrote:
> On 2016/04/18 13:11:42, haraken wrote:
> > On 2016/04/18 11:16:28, yhirano1 wrote:
> > > On 2016/04/18 11:10:30, haraken wrote:
> > > > On 2016/04/18 08:54:57, yhirano wrote:
> > > > > See
> > > > >
> > > >
> > >
> >
>
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
> > > > > I expected this test passes.
> > > > 
> > > > I think the existing behavior is correct.
> > > > 
> > > >   var obj = iframe.contentWindow.TestObject;
> > > >   obj.getScriptStateURL();
> > > > 
> > > 
> > > (Note: I'm creating a new TestObject instance in the test. I don't know if
> it
> > > changes the conclusion)
> > > 
> > > 
> > > > should return the same result as:
> > > > 
> > > >   iframe.contentWindow.TestObject.getScriptStateURL();
> > > > 
> > > 
> > > > The latter should clearly return the URL of the iframe's context. This
> means
> > > > that the former should return the URL of the iframe's context.
> > > 
> > > Can you explain this a bit?
> > 
> > (Disclaimer: I haven't yet verified my theory -- so the following
description
> > might be wrong.)
> > 
> > - When you create a new wrapper in x.bar(), the new wrapper is created in
x's
> > creation context. When you create a new TestObject in
> > iframe.contentWindow.TestObject, the TestObject is created in the iframe's
> > context.
> > 
> > - When you call x.foo() and V8 calls back fooMethodCallback in V8 binding,
> > isolate->GetCurrentContext is pointing to the context of x's creation
context.
> > When you call obj.getScriptStateURL(), the callback method runs with
> > isolate->GetCurrentContext pointing to the obj's creation context; i.e., the
> > iframe's context. Then it returns a URL of the iframe's context.
> 
> v8::internal::Execution::Call[1] enters |function|'s context and hence we are
in
> |foo|'s creation context in your example, right?
> 
> 1:
>
https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/execution.c...

Right, but the foo's creation context is the x's creation context; i.e., the
iframe's context.

  document.createElement !== iframe.contentWindow.document.createElement

These two functions are different things. The left-side one is the one created
in the main frame's context. The right-side one is the one created in the
iframe's context.

[yhirano, 2016-04-28 05:53:14]

Description was changed from

==========
[DO NOT COMMIT] CallWith=ScriptState with iframe

BUG=
==========

to

==========
[DO NOT COMMIT] CallWith=ScriptState with iframe

BUG=
==========

[yhirano, 2016-04-28 05:53:26]

yhirano@chromium.org changed reviewers:
+ yukishiino@chromium.org
- yukishiino@chromium.or

[yhirano, 2016-04-28 06:04:40]

On 2016/04/20 04:28:54, haraken wrote:
> On 2016/04/20 03:38:30, yhirano wrote:
> > On 2016/04/18 13:11:42, haraken wrote:
> > > On 2016/04/18 11:16:28, yhirano1 wrote:
> > > > On 2016/04/18 11:10:30, haraken wrote:
> > > > > On 2016/04/18 08:54:57, yhirano wrote:
> > > > > > See
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
> > > > > > I expected this test passes.
> > > > > 
> > > > > I think the existing behavior is correct.
> > > > > 
> > > > >   var obj = iframe.contentWindow.TestObject;
> > > > >   obj.getScriptStateURL();
> > > > > 
> > > > 
> > > > (Note: I'm creating a new TestObject instance in the test. I don't know
if
> > it
> > > > changes the conclusion)
> > > > 
> > > > 
> > > > > should return the same result as:
> > > > > 
> > > > >   iframe.contentWindow.TestObject.getScriptStateURL();
> > > > > 
> > > > 
> > > > > The latter should clearly return the URL of the iframe's context. This
> > means
> > > > > that the former should return the URL of the iframe's context.
> > > > 
> > > > Can you explain this a bit?
> > > 
> > > (Disclaimer: I haven't yet verified my theory -- so the following
> description
> > > might be wrong.)
> > > 
> > > - When you create a new wrapper in x.bar(), the new wrapper is created in
> x's
> > > creation context. When you create a new TestObject in
> > > iframe.contentWindow.TestObject, the TestObject is created in the iframe's
> > > context.
> > > 
> > > - When you call x.foo() and V8 calls back fooMethodCallback in V8 binding,
> > > isolate->GetCurrentContext is pointing to the context of x's creation
> context.
> > > When you call obj.getScriptStateURL(), the callback method runs with
> > > isolate->GetCurrentContext pointing to the obj's creation context; i.e.,
the
> > > iframe's context. Then it returns a URL of the iframe's context.
> > 
> > v8::internal::Execution::Call[1] enters |function|'s context and hence we
are
> in
> > |foo|'s creation context in your example, right?
> > 
> > 1:
> >
>
https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/execution.c...
> 
> Right, but the foo's creation context is the x's creation context; i.e., the
> iframe's context.
> 
>   document.createElement !== iframe.contentWindow.document.createElement
> 
> These two functions are different things. The left-side one is the one created
> in the main frame's context. The right-side one is the one created in the
> iframe's context.

Thank you.

That said, I want to expect that a ScriptState passed from CallWith=ScriptState
is always valid. Does it make sense to filter out such cases in the generated
code, by
 - Returning a rejected promise for promise-returning functions, and
 - Returning undefined (or throwing an exception?) for other functions.

[haraken, 2016-04-28 14:44:50]

On 2016/04/28 06:04:40, yhirano wrote:
> On 2016/04/20 04:28:54, haraken wrote:
> > On 2016/04/20 03:38:30, yhirano wrote:
> > > On 2016/04/18 13:11:42, haraken wrote:
> > > > On 2016/04/18 11:16:28, yhirano1 wrote:
> > > > > On 2016/04/18 11:10:30, haraken wrote:
> > > > > > On 2016/04/18 08:54:57, yhirano wrote:
> > > > > > > See
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://storage.googleapis.com/chromium-layout-test-archives/mac_chromium_rel....
> > > > > > > I expected this test passes.
> > > > > > 
> > > > > > I think the existing behavior is correct.
> > > > > > 
> > > > > >   var obj = iframe.contentWindow.TestObject;
> > > > > >   obj.getScriptStateURL();
> > > > > > 
> > > > > 
> > > > > (Note: I'm creating a new TestObject instance in the test. I don't
know
> if
> > > it
> > > > > changes the conclusion)
> > > > > 
> > > > > 
> > > > > > should return the same result as:
> > > > > > 
> > > > > >   iframe.contentWindow.TestObject.getScriptStateURL();
> > > > > > 
> > > > > 
> > > > > > The latter should clearly return the URL of the iframe's context.
This
> > > means
> > > > > > that the former should return the URL of the iframe's context.
> > > > > 
> > > > > Can you explain this a bit?
> > > > 
> > > > (Disclaimer: I haven't yet verified my theory -- so the following
> > description
> > > > might be wrong.)
> > > > 
> > > > - When you create a new wrapper in x.bar(), the new wrapper is created
in
> > x's
> > > > creation context. When you create a new TestObject in
> > > > iframe.contentWindow.TestObject, the TestObject is created in the
iframe's
> > > > context.
> > > > 
> > > > - When you call x.foo() and V8 calls back fooMethodCallback in V8
binding,
> > > > isolate->GetCurrentContext is pointing to the context of x's creation
> > context.
> > > > When you call obj.getScriptStateURL(), the callback method runs with
> > > > isolate->GetCurrentContext pointing to the obj's creation context; i.e.,
> the
> > > > iframe's context. Then it returns a URL of the iframe's context.
> > > 
> > > v8::internal::Execution::Call[1] enters |function|'s context and hence we
> are
> > in
> > > |foo|'s creation context in your example, right?
> > > 
> > > 1:
> > >
> >
>
https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/execution.c...
> > 
> > Right, but the foo's creation context is the x's creation context; i.e., the
> > iframe's context.
> > 
> >   document.createElement !== iframe.contentWindow.document.createElement
> > 
> > These two functions are different things. The left-side one is the one
created
> > in the main frame's context. The right-side one is the one created in the
> > iframe's context.
> 
> Thank you.
> 
> That said, I want to expect that a ScriptState passed from
CallWith=ScriptState
> is always valid. Does it make sense to filter out such cases in the generated
> code, by
>  - Returning a rejected promise for promise-returning functions, and
>  - Returning undefined (or throwing an exception?) for other functions.

I think this is worth investigating. Currently we support script execution for a
detached iframe, but jochen@ and I are wondering if we really need to support
it. If we can just forbid executing scripts for a detached iframe, the problem
will be gone. (We need to investigate the spec and behaviors of other browsers.)

If we need to support it, one option would be to return a rejected promise or
undefined as you suggested, but here we need to investigate the spec and
behaviors of other browsers.