Implement cross-origin attributes using access check interceptors.

third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp

 /*
  * Copyright (C) 2008, 2009, 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 97 matching lines @@
     // The embedder could run arbitrary code in response to the
     // willReleaseScriptContext callback, so all disposing should happen after
     // it returns.
     frame->loader().client()->willReleaseScriptContext(context,
                                                        m_world->worldId());
     MainThreadDebugger::instance()->contextWillBeDestroyed(m_scriptState.get());
   }
 
   m_document.clear();
 
-  if (behavior == DetachGlobal)
+  if (behavior == DetachGlobal) {
+    // Clean up state on the global proxy, which will be reused.
+    // TODO(dcheng): Check if this is needed.
+    V8DOMWrapper::clearNativeInfo(m_isolate, context->Global());
+    DCHECK(m_globalProxy == m_scriptState->context()->Global());
+    m_globalProxy.get().SetWrapperClassId(0);
     m_scriptState->detachGlobalObject();
+  }
 
   m_scriptState->disposePerContextData();
 
   // It's likely that disposing the context has created a lot of
   // garbage. Notify V8 about this so it'll have a chance of cleaning
   // it up when idle.
   V8GCForContextDispose::instance().notifyContextDisposed(
       m_frame->isMainFrame());
 }
 
@@ skipping 229 matching lines @@
   //   object is created together with a new v8::Context, but the global proxy
   //   object doesn't change.
   // [3] WindowProperties is a named properties object of Window interface.
 
   DOMWindow* window = m_frame->domWindow();
   const WrapperTypeInfo* wrapperTypeInfo = window->wrapperTypeInfo();
 
   v8::Local<v8::Context> context = m_scriptState->context();
   // The global proxy object.  Note this is not the global object.
   v8::Local<v8::Object> globalProxy = context->Global();
+  V8DOMWrapper::setNativeInfo(m_isolate, globalProxy, wrapperTypeInfo, window);
+  // Mark the handle to be traced by Oilpan, since the global proxy has a
+  // reference to the DOMWindow.
+  DCHECK(m_globalProxy == globalProxy);
+  m_globalProxy.get().SetWrapperClassId(wrapperTypeInfo->wrapperClassId);
   // The global object, aka window wrapper object.
   v8::Local<v8::Object> windowWrapper =
       globalProxy->GetPrototype().As<v8::Object>();
   windowWrapper = V8DOMWrapper::associateObjectWithWrapper(
       m_isolate, window, wrapperTypeInfo, windowWrapper);
   // The prototype object of Window interface.
   v8::Local<v8::Object> windowPrototype =
       windowWrapper->GetPrototype().As<v8::Object>();
   RELEASE_ASSERT(!windowPrototype.IsEmpty());
   V8DOMWrapper::setNativeInfo(m_isolate, windowPrototype, wrapperTypeInfo,
@@ skipping 198 matching lines @@
                          v8String(m_isolate, name));
 }
 
 void WindowProxy::updateSecurityOrigin(SecurityOrigin* origin) {
   if (!isContextInitialized())
     return;
   setSecurityToken(origin);
 }
 
 }  // namespace blink