Disallow certain blocking DOM calls during microtask execution.

third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved.
  * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
@@ skipping 717 matching lines @@
     if (!(frame() && frame()->owner() && frame()->owner()->isLocal()))
         return nullptr;
 
     return toHTMLFrameOwnerElement(frame()->owner());
 }
 
 void LocalDOMWindow::blur()
 {
 }
 
-void LocalDOMWindow::print()
+void LocalDOMWindow::print(ScriptState* scriptState)
 {
     if (!frame())
         return;
 
     FrameHost* host = frame()->host();
     if (!host)
         return;
 
     if (frame()->document()->isSandboxed(SandboxModals)) {
         UseCounter::count(frame()->document(), UseCounter::DialogInSandboxedContext);
         if (RuntimeEnabledFeatures::sandboxBlocksModalsEnabled()) {
             frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'print()'. The document is sandboxed, and the 'allow-modals' keyword is not set."));
             return;
         }
     }
 
+    if (scriptState && v8::MicrotasksScope::IsRunningMicrotasks(scriptState->isolate())) {
+        Deprecation::countDeprecation(frame()->document(), UseCounter::During_Microtask_Print);
+        if (RuntimeEnabledFeatures::disableBlockingMethodsDuringMicrotasksEnabled()) {
+            frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'print()' during microtask execution."));
+            return;
+        }
+    }
+
     if (frame()->isLoading()) {
         m_shouldPrintWhenFinishedLoading = true;
         return;
     }
     m_shouldPrintWhenFinishedLoading = false;
     host->chromeClient().print(frame());
 }
 
 void LocalDOMWindow::stop()
 {
     if (!frame())
         return;
     frame()->loader().stopAllLoaders();
 }
 
-void LocalDOMWindow::alert(const String& message)
+void LocalDOMWindow::alert(ScriptState* scriptState, const String& message)
 {
     if (!frame())
         return;
 
     if (frame()->document()->isSandboxed(SandboxModals)) {
         UseCounter::count(frame()->document(), UseCounter::DialogInSandboxedContext);
         if (RuntimeEnabledFeatures::sandboxBlocksModalsEnabled()) {
             frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'alert()'. The document is sandboxed, and the 'allow-modals' keyword is not set."));
             return;
         }
     }
 
+    if (v8::MicrotasksScope::IsRunningMicrotasks(scriptState->isolate())) {
+        Deprecation::countDeprecation(frame()->document(), UseCounter::During_Microtask_Alert);
+        if (RuntimeEnabledFeatures::disableBlockingMethodsDuringMicrotasksEnabled()) {
+            frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'alert()' during microtask execution."));
+            return;
+        }
+    }
+
     frame()->document()->updateLayoutTree();
 
     FrameHost* host = frame()->host();
     if (!host)
         return;
 
     host->chromeClient().openJavaScriptAlert(frame(), message);
 }
 
-bool LocalDOMWindow::confirm(const String& message)
+bool LocalDOMWindow::confirm(ScriptState* scriptState, const String& message)
 {
     if (!frame())
         return false;
 
     if (frame()->document()->isSandboxed(SandboxModals)) {
         UseCounter::count(frame()->document(), UseCounter::DialogInSandboxedContext);
         if (RuntimeEnabledFeatures::sandboxBlocksModalsEnabled()) {
             frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'confirm()'. The document is sandboxed, and the 'allow-modals' keyword is not set."));
             return false;
         }
     }
 
+    if (v8::MicrotasksScope::IsRunningMicrotasks(scriptState->isolate())) {
+        Deprecation::countDeprecation(frame()->document(), UseCounter::During_Microtask_Confirm);
+        if (RuntimeEnabledFeatures::disableBlockingMethodsDuringMicrotasksEnabled()) {
+            frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'confirm()' during microtask execution."));
+            return false;
+        }
+    }
+
     frame()->document()->updateLayoutTree();
 
     FrameHost* host = frame()->host();
     if (!host)
         return false;
 
     return host->chromeClient().openJavaScriptConfirm(frame(), message);
 }
 
-String LocalDOMWindow::prompt(const String& message, const String& defaultValue)
+String LocalDOMWindow::prompt(ScriptState* scriptState, const String& message, const String& defaultValue)
 {
     if (!frame())
         return String();
 
     if (frame()->document()->isSandboxed(SandboxModals)) {
         UseCounter::count(frame()->document(), UseCounter::DialogInSandboxedContext);
         if (RuntimeEnabledFeatures::sandboxBlocksModalsEnabled()) {
             frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'prompt()'. The document is sandboxed, and the 'allow-modals' keyword is not set."));
             return String();
         }
     }
 
+    if (v8::MicrotasksScope::IsRunningMicrotasks(scriptState->isolate())) {
+        Deprecation::countDeprecation(frame()->document(), UseCounter::During_Microtask_Prompt);
+        if (RuntimeEnabledFeatures::disableBlockingMethodsDuringMicrotasksEnabled()) {
+            frameConsole()->addMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Ignored call to 'prompt()' during microtask execution."));
+            return String();
+        }
+    }
+
     frame()->document()->updateLayoutTree();
 
     FrameHost* host = frame()->host();
     if (!host)
         return String();
 
     String returnValue;
     if (host->chromeClient().openJavaScriptPrompt(frame(), message, defaultValue, returnValue))
         return returnValue;
 
@@ skipping 560 matching lines @@
         frame()->host()->eventHandlerRegistry().didRemoveAllEventHandlers(*this);
 
     removeAllUnloadEventListeners(this);
     removeAllBeforeUnloadEventListeners(this);
 }
 
 void LocalDOMWindow::finishedLoading()
 {
     if (m_shouldPrintWhenFinishedLoading) {
         m_shouldPrintWhenFinishedLoading = false;
-        print();
+        print(nullptr);
     }
 }
 
 void LocalDOMWindow::printErrorMessage(const String& message) const
 {
     if (!isCurrentlyDisplayedInFrame())
         return;
 
     if (message.isEmpty())
         return;
@@ skipping 87 matching lines @@
 {
     // If the LocalDOMWindow still has a frame reference, that frame must point
     // back to this LocalDOMWindow: otherwise, it's easy to get into a situation
     // where script execution leaks between different LocalDOMWindows.
     if (m_frameObserver->frame())
         ASSERT_WITH_SECURITY_IMPLICATION(m_frameObserver->frame()->domWindow() == this);
     return m_frameObserver->frame();
 }
 
 } // namespace blink