Never resolve promises inside ScriptForbiddenScopes.

third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h

Index: third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h
diff --git a/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h b/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h
index a07e16d4494ed318ad780380a74845134ad4caf6..079fd6ddd1fb936cc823f6b1e5540b9b0d36af2c 100644
--- a/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h
+++ b/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h
@@ -12,6 +12,7 @@
 #include "core/CoreExport.h"
 #include "core/dom/ActiveDOMObject.h"
 #include "core/dom/ExecutionContext.h"
+#include "platform/ScriptForbiddenScope.h"
 #include "platform/Timer.h"
 #include "platform/heap/Handle.h"
 #include "platform/heap/SelfKeepAlive.h"
@@ -135,6 +136,16 @@ class CORE_EXPORT ScriptPromiseResolver
       keepAliveWhilePending();
       return;
     }
+    // TODO(esprehn): This is a hack, instead we should RELEASE_ASSERT that
+    // script is allowed, and v8 should be running the entry hooks below and
+    // crashing if script is forbidden. We should then audit all users of
+    // ScriptPromiseResolver and the related specs and switch to an async
+    // resolve.
+    // See: http://crbug.com/663476
+    if (ScriptForbiddenScope::isScriptForbidden()) {
+      m_timer.startOneShot(0, BLINK_FROM_HERE);
+      return;
+    }
     resolveOrRejectImmediately();
   }