extensions/renderer/utils_native_handler.cc - Issue 1903303002: Ensure that privates are private.

Side by Side Diff: extensions/renderer/utils_native_handler.cc

Issue 1903303002: Ensure that privates are private. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "extensions/renderer/utils_native_handler.h"	5 #include "extensions/renderer/utils_native_handler.h"

6	6

	7 #include <algorithm>

	8

7 #include "base/macros.h"	9 #include "base/macros.h"

	10 #include "base/strings/string_util.h"

8 #include "base/strings/stringprintf.h"	11 #include "base/strings/stringprintf.h"

9 #include "extensions/renderer/script_context.h"	12 #include "extensions/renderer/script_context.h"

10 #include "third_party/WebKit/public/web/WebSerializedScriptValue.h"	13 #include "third_party/WebKit/public/web/WebSerializedScriptValue.h"

11	14

12 namespace extensions {	15 namespace extensions {

13	16

	17 namespace {

	18

	19 // Returns whether \|name\| can safely be used as an identifier in JavaScript code

	20 // without side effects. This method allows syntax errors, but not execution of

	21 // arbitrary JavaScript code.

	22 bool IsAllowedFunctionName(const std::string& name) {

	23 return std::find_if_not(name.begin(), name.end(), [](char c) {

	24 return base::IsAsciiAlpha(c);

	25 }) == name.end();

	26 }

	27

	28 } // namespace

	29

14 UtilsNativeHandler::UtilsNativeHandler(ScriptContext* context)	30 UtilsNativeHandler::UtilsNativeHandler(ScriptContext* context)

15 : ObjectBackedNativeHandler(context) {	31 : ObjectBackedNativeHandler(context) {

16 RouteFunction("createClassWrapper",	32 RouteFunction("createClassWrapper",

17 base::Bind(&UtilsNativeHandler::CreateClassWrapper,	33 base::Bind(&UtilsNativeHandler::CreateClassWrapper,

18 base::Unretained(this)));	34 base::Unretained(this)));

19 RouteFunction(	35 RouteFunction(

20 "deepCopy",	36 "deepCopy",

21 base::Bind(&UtilsNativeHandler::DeepCopy, base::Unretained(this)));	37 base::Bind(&UtilsNativeHandler::DeepCopy, base::Unretained(this)));

22 }	38 }

23	39

24 UtilsNativeHandler::~UtilsNativeHandler() {}	40 UtilsNativeHandler::~UtilsNativeHandler() {}

25	41

26 void UtilsNativeHandler::CreateClassWrapper(	42 void UtilsNativeHandler::CreateClassWrapper(

27 const v8::FunctionCallbackInfo<v8::Value>& args) {	43 const v8::FunctionCallbackInfo<v8::Value>& args) {

28 CHECK_EQ(3, args.Length());	44 CHECK_EQ(3, args.Length());

29 CHECK(args[0]->IsString());	45 CHECK(args[0]->IsString());

30 std::string name = *v8::String::Utf8Value(args[0]);	46 std::string name = *v8::String::Utf8Value(args[0]);

	47 CHECK(IsAllowedFunctionName(name));

31 CHECK(args[1]->IsObject());	48 CHECK(args[1]->IsObject());

32 v8::Local<v8::Object> cls = args[1].As<v8::Object>();	49 v8::Local<v8::Object> cls = args[1].As<v8::Object>();

33 CHECK(args[2]->IsObject() \|\| args[2]->IsUndefined());	50 CHECK(args[2]->IsObject() \|\| args[2]->IsUndefined());

34 v8::Local<v8::Value> superclass = args[2];	51 v8::Local<v8::Value> superclass = args[2];

35	52

36 v8::HandleScope handle_scope(GetIsolate());	53 v8::HandleScope handle_scope(GetIsolate());

37 // TODO(fsamuel): Consider moving the source wrapping to ModuleSystem.	54 // TODO(fsamuel): Consider moving the source wrapping to ModuleSystem.

38 v8::Local<v8::String> source = v8::String::NewFromUtf8(	55 v8::Local<v8::String> source = v8::String::NewFromUtf8(

39 GetIsolate(),	56 GetIsolate(),

40 base::StringPrintf(	57 base::StringPrintf(

41 "(function($Object, $Function, privates, cls, superclass) {"	58 "(function($Object, $Function, privates, cls, superclass) {"

42 "'use strict';\n"	59 "'use strict';\n"

43 " function %s() {\n"	60 " function %s() {\n"
	Devlin 2016/04/20 17:42:07 Wow. I don't think I've ever looked closely at th Wow. I don't think I've ever looked closely at this code. Executing from JS - crazy. I'm also a little confused on why exactly this needs to be in C++ - utils has privates already, so what's the benefit in having this in a native handler at all? Could we just have utils.expose construct it's own function? robwu 2016/04/21 08:48:11 This exists to generate meaningful stack traces, s Show quoted text On 2016/04/20 17:42:07, Devlin wrote: > Wow. I don't think I've ever looked closely at this code. Executing from JS - > crazy. > > I'm also a little confused on why exactly this needs to be in C++ - utils has > privates already, so what's the benefit in having this in a native handler at > all? Could we just have utils.expose construct it's own function? This exists to generate meaningful stack traces, see https://crbug.com/345429 robwu 2016/04/21 17:29:35 With that snippet, you'll be in the same situation Show quoted text On 2016/04/21 16:33:05, Devlin wrote: > On 2016/04/21 16:32:32, Devlin wrote: > > On 2016/04/21 08:48:11, robwu wrote: > > > On 2016/04/20 17:42:07, Devlin wrote: > > > > Wow. I don't think I've ever looked closely at this code. Executing from > > JS > > > - > > > > crazy. > > > > > > > > I'm also a little confused on why exactly this needs to be in C++ - utils > > has > > > > privates already, so what's the benefit in having this in a native handler > > at > > > > all? Could we just have utils.expose construct it's own function? > > > > > > This exists to generate meaningful stack traces, see > https://crbug.com/345429 > > > > Couldn't we still trivially do this in JS through something like: > > // utils.js > > function create(cls, superclass) { > > return function() { /* util ctor-y stuff / }; > > } > > > > function expose(ctor, exposed) { > > // utils exposing stuff > > } > > > > // messaging.js > > var Port = utils.create(PortImpl); > > utils.expose(Port, {functions: [...], properties: [...] }); > > > > In that example, we have two separate calls, but we might be able to do away > > with that if we thought about it hard enough, and even if not, there are 12 > > calls to utils.expose, so I'd take the 12 extra lines in exchange for not > > executing any passed-in JS. :) > > (and removing utils native handler is a plus) With that snippet, you'll be in the same situation again as https://crbug.com/345429, except then the functions are not called "publicClass", but anonymous. What do you think of something like this? Three lines extra per caller in exchange for no natives. function Port(params) { privates(utils).constructPrivate(this, arguments); } utils.expose(Port, PortImpl, {__proto__:null, ...func & prop...}); // utils.js function expose(publicClass, cls, exposed) { logging.CHECK(typeof publicClass === 'function'); if (typeof exposed.superclass === 'function') { publicClass.prototype = $Object.create(exposed.superclass.prototype); } // Set up functions/properties/readonly as currently implemented in expose. ... privates(publicClass).constructPrivate = function(self, args) { var privateObj = $Object.create(cls.prototype); $Function.apply(cls, privateObj, args); privateObj.wrapper = self; privates(self).impl = privateObj; }; } robwu* 2016/04/21 17:33:36 privates(utils).constructPrivate should be private Show quoted text On 2016/04/21 17:29:35, robwu wrote: > On 2016/04/21 16:33:05, Devlin wrote: > > On 2016/04/21 16:32:32, Devlin wrote: > > > On 2016/04/21 08:48:11, robwu wrote: > > > > On 2016/04/20 17:42:07, Devlin wrote: > > > > > Wow. I don't think I've ever looked closely at this code. Executing > from > > > JS > > > > - > > > > > crazy. > > > > > > > > > > I'm also a little confused on why exactly this needs to be in C++ - > utils > > > has > > > > > privates already, so what's the benefit in having this in a native > handler > > > at > > > > > all? Could we just have utils.expose construct it's own function? > > > > > > > > This exists to generate meaningful stack traces, see > > https://crbug.com/345429 > > > > > > Couldn't we still trivially do this in JS through something like: > > > // utils.js > > > function create(cls, superclass) { > > > return function() { /* util ctor-y stuff */ }; > > > } > > > > > > function expose(ctor, exposed) { > > > // utils exposing stuff > > > } > > > > > > // messaging.js > > > var Port = utils.create(PortImpl); > > > utils.expose(Port, {functions: [...], properties: [...] }); > > > > > > In that example, we have two separate calls, but we might be able to do away > > > with that if we thought about it hard enough, and even if not, there are 12 > > > calls to utils.expose, so I'd take the 12 extra lines in exchange for not > > > executing any passed-in JS. :) > > > > (and removing utils native handler is a plus) > > With that snippet, you'll be in the same situation again as > https://crbug.com/345429, except then the functions are not called > "publicClass", but anonymous. > > What do you think of something like this? Three lines extra per caller in > exchange for no natives. > > function Port(params) { > privates(utils).constructPrivate(this, arguments); > } > > utils.expose(Port, PortImpl, {__proto__:null, ...func & prop...}); > > // utils.js > function expose(publicClass, cls, exposed) { > logging.CHECK(typeof publicClass === 'function'); > if (typeof exposed.superclass === 'function') { > publicClass.prototype = $Object.create(exposed.superclass.prototype); > } > // Set up functions/properties/readonly as currently implemented in expose. > ... > > privates(publicClass).constructPrivate = function(self, args) { > var privateObj = $Object.create(cls.prototype); > $Function.apply(cls, privateObj, args); > privateObj.wrapper = self; > privates(self).impl = privateObj; > }; > } privates(utils).constructPrivate should be privates(Port).constructPrivate. Or even abstracted away to utils and then utils.privateCostructor(port)(this, arguments), or some other signature. WDYT?
44 " var privateObj = $Object.create(cls.prototype);\n"	61 " var privateObj = $Object.create(cls.prototype);\n"

45 " $Function.apply(cls, privateObj, arguments);\n"	62 " $Function.apply(cls, privateObj, arguments);\n"

46 " privateObj.wrapper = this;\n"	63 " privateObj.wrapper = this;\n"

47 " privates(this).impl = privateObj;\n"	64 " privates(this).impl = privateObj;\n"

48 " };\n"	65 " };\n"

49 " if (superclass) {\n"	66 " if (superclass) {\n"

50 " %s.prototype = Object.create(superclass.prototype);\n"	67 " %s.prototype = Object.create(superclass.prototype);\n"

51 " }\n"	68 " }\n"

52 " return %s;\n"	69 " return %s;\n"

53 "})",	70 "})",

(...skipping 31 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
85 }	102 }

86	103

87 void UtilsNativeHandler::DeepCopy(	104 void UtilsNativeHandler::DeepCopy(

88 const v8::FunctionCallbackInfo<v8::Value>& args) {	105 const v8::FunctionCallbackInfo<v8::Value>& args) {

89 CHECK_EQ(1, args.Length());	106 CHECK_EQ(1, args.Length());

90 args.GetReturnValue().Set(	107 args.GetReturnValue().Set(

91 blink::WebSerializedScriptValue::serialize(args[0]).deserialize());	108 blink::WebSerializedScriptValue::serialize(args[0]).deserialize());

92 }	109 }

93	110

94 } // namespace extensions	111 } // namespace extensions

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »