Implement cross-origin attributes using access check interceptors.

third_party/WebKit/Source/bindings/scripts/v8_attributes.py

Index: third_party/WebKit/Source/bindings/scripts/v8_attributes.py
diff --git a/third_party/WebKit/Source/bindings/scripts/v8_attributes.py b/third_party/WebKit/Source/bindings/scripts/v8_attributes.py
index d28bb73b68382f9b7faf5127494a391d5881177a..06da8dc5bd26d916a60003f8bd216ba5718c6e9e 100644
--- a/third_party/WebKit/Source/bindings/scripts/v8_attributes.py
+++ b/third_party/WebKit/Source/bindings/scripts/v8_attributes.py
@@ -68,14 +68,17 @@ def attribute_context(interface, attribute, interfaces):
         includes.add('core/inspector/ConsoleMessage.h')
 
     # [CheckSecurity]
-    is_do_not_check_security = 'DoNotCheckSecurity' in extended_attributes
+    is_cross_origin = 'CrossOrigin' in extended_attributes
     is_check_security_for_receiver = (
         has_extended_attribute_value(interface, 'CheckSecurity', 'Receiver') and
-        not is_do_not_check_security)
+        not is_cross_origin)

[dcheng, 2016/11/02 01:46:42]

I'm not sure this is actually necessary: it seems weird to specify CheckSecurity
*and* CrossOrigin on the same attribute. I propose that we just get rid of "and
not is_cross_origin" here.

(Once I can run the layout tests again, I am going to try removing this)

[haraken, 2016/11/02 04:30:32]

Yeah, agreed. Let's make the change in a separate CL.

[dcheng, 2016/11/02 07:45:32]

Added a TODO back.

     is_check_security_for_return_value = (
         has_extended_attribute_value(attribute, 'CheckSecurity', 'ReturnValue'))
     if is_check_security_for_receiver or is_check_security_for_return_value:
         includes.add('bindings/core/v8/BindingSecurity.h')
+    # [CrossOrigin]
+    if has_extended_attribute_value(attribute, 'CrossOrigin', 'Setter'):
+        includes.add('bindings/core/v8/V8CrossOriginSetterInfo.h')
     # [Constructor]
     # TODO(yukishiino): Constructors are much like methods although constructors
     # are not methods.  Constructors must be data-type properties, and we can
@@ -133,6 +136,8 @@ def attribute_context(interface, attribute, interfaces):
         'enum_type': idl_type.enum_type,
         'enum_values': idl_type.enum_values,
         'exposed_test': v8_utilities.exposed(attribute, interface),  # [Exposed]
+        'has_cross_origin_getter': has_extended_attribute_value(attribute, 'CrossOrigin', None),

[dcheng, 2016/11/02 01:46:42]

I'm not actually sure if it's OK to make this mutually exclusive with Setter:
the main attribute I see this being problematic for is window.location. As far
as I can tell, we don't rely it in our implementation (thanks to
PutForwards=href).

(This is another thing I will test again...)

+        'has_cross_origin_setter': has_extended_attribute_value(attribute, 'CrossOrigin', 'Setter'),
         'has_custom_getter': has_custom_getter(attribute),
         'has_custom_setter': has_custom_setter(attribute),
         'has_setter': has_setter(interface, attribute),
@@ -532,18 +537,10 @@ def has_setter(interface, attribute):
     return is_writable(attribute)
 
 
-# [DoNotCheckSecurity], [Unforgeable]
+# [Unforgeable]
 def access_control_list(interface, attribute):
     extended_attributes = attribute.extended_attributes
     access_control = []
-    if 'DoNotCheckSecurity' in extended_attributes:
-        do_not_check_security = extended_attributes['DoNotCheckSecurity']
-        if do_not_check_security == 'Setter':
-            access_control.append('v8::ALL_CAN_WRITE')
-        else:
-            access_control.append('v8::ALL_CAN_READ')
-            if has_setter(interface, attribute):
-                access_control.append('v8::ALL_CAN_WRITE')
     if is_unforgeable(interface, attribute):
         access_control.append('v8::PROHIBITS_OVERWRITING')
     return access_control or ['v8::DEFAULT']