Use the current context as the creation context for cross-origin objects.

third_party/WebKit/Source/bindings/core/v8/ToV8.cpp

Index: third_party/WebKit/Source/bindings/core/v8/ToV8.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/ToV8.cpp b/third_party/WebKit/Source/bindings/core/v8/ToV8.cpp
index 42889491ff216295e7912e8a80b7e652bf8828b5..b07317d256c2fc10e658f4c86a9696b1b50db9d4 100644
--- a/third_party/WebKit/Source/bindings/core/v8/ToV8.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/ToV8.cpp
@@ -8,6 +8,7 @@
 #include "core/events/EventTarget.h"
 #include "core/frame/DOMWindow.h"
 #include "core/frame/Frame.h"
+#include "core/frame/Location.h"
 
 namespace blink {
 
@@ -29,6 +30,34 @@ v8::Local<v8::Value> ToV8(DOMWindow* window,
       ->globalIfNotDetached();
 }
 
+v8::Local<v8::Value> ToV8(Location* location,
+                          v8::Local<v8::Object> creationContext,
+                          v8::Isolate* isolate) {
+  // https://whatwg.org/C/browsers.html#crossorigingetownpropertyhelper-(-o,-p-)
+  //
+  //   If e.[[NeedsGet]] is true, then set crossOriginGet to an anonymous
+  //   built-in function, created in the current Realm Record, that performs the
+  //   same steps as the getter of the IDL attribute P on object O.
+  //
+  // Thus, the returned object should be created in the current Realm Record as
+  // well, so ignore creationContext and use the current context as the creation
+  // context.
+  //
+  // TODO(dcheng): Is it possible for v8 to just always return the current
+  // context as the creation context of a remote context's global proxy?
+
+  if (UNLIKELY(!location))
+    return v8::Null(isolate);
+
+  v8::Local<v8::Value> wrapper = DOMDataStore::getWrapper(location, isolate);
+  if (!wrapper.IsEmpty())
+    return wrapper;
+
+  wrapper = location->wrap(isolate, isolate->GetCurrentContext()->Global());
+  DCHECK(!wrapper.IsEmpty());
+  return wrapper;
+}

[dcheng, 2017/01/19 23:34:07]

Modifying ToV8 was my original approach, but it has the problem that we only
cache one wrapper per-world. This means if a cross-origin context touches this
property first, it will be created with creation context == cross-origin
context, which has surprising affects.

To get around this, I started modifying the bindings (the currently uploaded
PS). However, it requires a bunch of code duplication, and I don't really like
it.

Instead, I want to try to add an extra bool parameter called is_cross_origin,
and gate behavior based on that bool. However, this means that we need to pass
an extra parameter for attributes that are exposed cross-origin. When
is_cross_origin is true, we will use a different creation context, and cache the
wrappers differently. I am also not sure if it will affect performance too much,
but it seems like it'll be the easiest to understand... does this last approach
sound OK?

+
 v8::Local<v8::Value> ToV8(EventTarget* impl,
                           v8::Local<v8::Object> creationContext,
                           v8::Isolate* isolate) {