Refactor WindowProxy into Local and Remote subclasses.

third_party/WebKit/Source/bindings/core/v8/RemoteWindowProxy.cpp

 /*
- * Copyright (C) 2009 Google Inc. All rights reserved.

[dcheng, 2017/01/11 08:35:16]

I was unable to get the diffbase on Rietveld to work correctly: this is forked
from WindowProxy.cpp, but for some reason, Rietveld refuses to detect that,
though depot_tools handles it correctly...

+ * Copyright (C) 2008, 2009, 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
  * copyright notice, this list of conditions and the following disclaimer
  * in the documentation and/or other materials provided with the
  * distribution.
  *     * Neither the name of Google Inc. nor the names of its
  * contributors may be used to endorse or promote products derived from
  * this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef WindowProxy_h
-#define WindowProxy_h
+#include "bindings/core/v8/WindowProxy.h"
 
+#include "bindings/core/v8/ConditionalFeatures.h"
 #include "bindings/core/v8/DOMWrapperWorld.h"
-#include "bindings/core/v8/ScopedPersistent.h"
-#include "bindings/core/v8/ScriptState.h"
+#include "bindings/core/v8/ScriptController.h"
+#include "bindings/core/v8/ToV8.h"
+#include "bindings/core/v8/V8Binding.h"
+#include "bindings/core/v8/V8DOMActivityLogger.h"
+#include "bindings/core/v8/V8Document.h"
+#include "bindings/core/v8/V8GCForContextDispose.h"
+#include "bindings/core/v8/V8HTMLCollection.h"
+#include "bindings/core/v8/V8HTMLDocument.h"
+#include "bindings/core/v8/V8HiddenValue.h"
+#include "bindings/core/v8/V8Initializer.h"
+#include "bindings/core/v8/V8ObjectConstructor.h"
+#include "bindings/core/v8/V8PagePopupControllerBinding.h"
+#include "bindings/core/v8/V8PrivateProperty.h"
+#include "bindings/core/v8/V8Window.h"
+#include "core/frame/LocalFrame.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
+#include "core/html/DocumentNameCollection.h"
+#include "core/html/HTMLCollection.h"
+#include "core/html/HTMLIFrameElement.h"
+#include "core/inspector/InspectorInstrumentation.h"
+#include "core/inspector/MainThreadDebugger.h"
+#include "core/loader/DocumentLoader.h"
+#include "core/loader/FrameLoader.h"
+#include "core/loader/FrameLoaderClient.h"
+#include "core/origin_trials/OriginTrialContext.h"
+#include "platform/Histogram.h"
+#include "platform/RuntimeEnabledFeatures.h"
+#include "platform/ScriptForbiddenScope.h"
 #include "platform/heap/Handle.h"
+#include "platform/instrumentation/tracing/TraceEvent.h"
 #include "platform/weborigin/SecurityOrigin.h"
-#include "wtf/HashMap.h"
-#include "wtf/PassRefPtr.h"
-#include "wtf/RefPtr.h"
-#include "wtf/text/AtomicString.h"
+#include "public/platform/Platform.h"
+#include "wtf/Assertions.h"
+#include "wtf/StringExtras.h"
+#include "wtf/text/CString.h"
+#include <algorithm>
+#include <utility>
+#include <v8-debug.h>
 #include <v8.h>
 
 namespace blink {
 
-class Frame;
-class HTMLDocument;
-class SecurityOrigin;
+RemoteWindowProxy::~RemoteWindowProxy() {
+  // clearForClose() or clearForNavigation() must be invoked before destruction
+  // starts.
+  DCHECK(m_lifecycle != Lifecycle::ContextInitialized);
+}
 
-// WindowProxy represents all the per-global object state for a Frame that
-// persist between navigations.
-class WindowProxy final : public GarbageCollectedFinalized<WindowProxy> {
- public:
-  static WindowProxy* create(v8::Isolate*, Frame*, DOMWrapperWorld&);
+RemoteWindowProxy::RemoteWindowProxy(RemoteFrame& frame,
+                                     v8::Isolate* isolate,
+                                     RefPtr<DOMWrapperWorld> world)
+    : WindowProxy(frame, isolate, std::move(world)) {}
 
-  ~WindowProxy();
-  DECLARE_TRACE();
+void RemoteWindowProxy::disposeContext(GlobalDetachmentBehavior behavior) {
+  if (m_lifecycle != Lifecycle::ContextInitialized)
+    return;
 
-  v8::Local<v8::Context> contextIfInitialized() const {
-    return m_scriptState ? m_scriptState->context() : v8::Local<v8::Context>();
+  WindowProxy::disposeContext(behavior);
+}
+
+void RemoteWindowProxy::initialize() {
+  TRACE_EVENT1("v8", "RemoteWindowProxy::initialize", "isMainWindow",
+               frame()->isMainFrame());
+  SCOPED_BLINK_UMA_HISTOGRAM_TIMER(
+      frame()->isMainFrame() ? "Blink.Binding.InitializeMainWindowProxy"
+                             : "Blink.Binding.InitializeNonMainWindowProxy");
+
+  ScriptForbiddenScope::AllowUserAgentScript allowScript;
+
+  v8::HandleScope handleScope(isolate());
+
+  createContext();
+
+  ScriptState::Scope scope(m_scriptState.get());
+  v8::Local<v8::Context> context = m_scriptState->context();
+  if (m_globalProxy.isEmpty()) {
+    m_globalProxy.set(isolate(), context->Global());
+    CHECK(!m_globalProxy.isEmpty());
   }
-  ScriptState* getScriptState() const { return m_scriptState.get(); }
 
-  // Update document object of the frame.
-  void updateDocument();
+  setupWindowPrototypeChain();
 
-  void namedItemAdded(HTMLDocument*, const AtomicString&);
-  void namedItemRemoved(HTMLDocument*, const AtomicString&);
+  // Remote frames always require a full canAccess() check.

[dcheng, 2017/01/11 08:35:16]

Moving this here allows us to cleanup the logic in setSecurityToken(). All the
other work in WindowProxy after createContext() is pretty much a no-op. Going in
order:

- updateDocument() calls
updateActivityLogger()+updateDocumentProperty()+updateSecurityOrigin()
  - updateActivityLogger(): the installed activity logger isn't used by anything
available via a remote frame
  - updateDocumentProperty(): returns early if the frame is remote
  - updateSecurityOrigin(): calls setSecurityToken() which eventually uses the
default security token (which is what we do here)

- Checks CSP to enable eval, but we can't eval in a remote context.

- Invokes a few FrameLoaderClient / inspector callbacks that only work for local
frames.

- Installs conditional features, which we don't have on remote contexts.

+  context->UseDefaultSecurityToken();
+}
 
-  // Update the security origin of a document
-  // (e.g., after setting docoument.domain).
-  void updateSecurityOrigin(SecurityOrigin*);
+void RemoteWindowProxy::createContext() {

[Yuki, 2017/01/11 10:09:24]

Can we unify the implementation between local and remote frames?

Say,
  LocalWindowProxy::createContext() {
    v8::ExcensionConfiguration extensionConfiguration = ...;
    WindowProxy::createContextInternal(&extensionConfiguration);
  }
  RemoteWindowProxy::createContext() {
    WindowProxy::createContextInternal(nullptr);
  }

Does this make sense?

[dcheng, 2017/01/11 10:35:28]

I intentionally split this, because RemoteWindowProxy::createContext() will look
very different soon -- it won't create ScriptState or v8::Context at all, since
it will be using v8::Context::NewRemoteContext. Thus, I didn't want to implement
this logic in a common base class because I'll have to move it in a followup
anyway.

+  // Create a new v8::Context with the window object as the global object
+  // (aka the inner global).  Reuse the global proxy object (aka the outer
+  // global) if it already exists.  See the comments in
+  // setupWindowPrototypeChain for the structure of the prototype chain of
+  // the global object.
+  v8::Local<v8::ObjectTemplate> globalTemplate =
+      V8Window::domTemplate(isolate(), *m_world)->InstanceTemplate();
+  CHECK(!globalTemplate.IsEmpty());
 
-  void initializeIfNeeded();
+  v8::Local<v8::Context> context;
+  {
+    V8PerIsolateData::UseCounterDisabledScope useCounterDisabled(
+        V8PerIsolateData::from(isolate()));
+    context = v8::Context::New(isolate(), nullptr, globalTemplate,
+                               m_globalProxy.newLocal(isolate()));
+  }
+  CHECK(!context.IsEmpty());
 
-  void clearForNavigation();
-  void clearForClose();
+  m_scriptState = ScriptState::create(context, m_world);
 
-  v8::Local<v8::Object> globalIfNotDetached();
-  v8::Local<v8::Object> releaseGlobal();
-  void setGlobal(v8::Local<v8::Object>);
-
-  DOMWrapperWorld& world() { return *m_world; }
-
- private:
-  // A valid transition is from ContextUninitialized to ContextInitialized,
-  // and then ContextDetached. Other transitions are forbidden.
-  enum class Lifecycle {
-    ContextUninitialized,
-    ContextInitialized,
-    ContextDetached,
-  };
-
-  WindowProxy(Frame*, PassRefPtr<DOMWrapperWorld>, v8::Isolate*);
-  void initialize();
-
-  enum GlobalDetachmentBehavior { DoNotDetachGlobal, DetachGlobal };
-  void disposeContext(GlobalDetachmentBehavior);
-
-  void setSecurityToken(SecurityOrigin*);
-
-  // The JavaScript wrapper for the document object is cached on the global
-  // object for fast access. UpdateDocumentProperty sets the wrapper
-  // for the current document on the global object.
-  void updateDocumentProperty();
-
-  // Updates Activity Logger for the current context.
-  void updateActivityLogger();
-
-  // Creates a new v8::Context with the window wrapper object as the global
-  // object (aka the inner global).  Note that the window wrapper and its
-  // prototype chain do not get fully initialized yet, e.g. the window
-  // wrapper is not yet associated with the native DOMWindow object.
-  void createContext();
-
-  // Associates the window wrapper and its prototype chain with the native
-  // DOMWindow object.  Also does some more Window-specific initialization.
-  void setupWindowPrototypeChain();
-
-  Member<Frame> m_frame;
-  v8::Isolate* m_isolate;
-  RefPtr<ScriptState> m_scriptState;
-  RefPtr<DOMWrapperWorld> m_world;
-  ScopedPersistent<v8::Object> m_globalProxy;
-  Lifecycle m_lifecycle;
-};
+  // TODO(haraken): Currently we cannot enable the following DCHECK because
+  // an already detached window proxy can be re-initialized. This is wrong.
+  // DCHECK(m_lifecycle == Lifecycle::ContextUninitialized);
+  m_lifecycle = Lifecycle::ContextInitialized;
+  DCHECK(m_scriptState->contextIsValid());
+}
 
 }  // namespace blink
-
-#endif  // WindowProxy_h