Add AllowUserAgentScript in ScriptPromiseResolver::resolveOrReject

third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef ScriptPromiseResolver_h
 #define ScriptPromiseResolver_h
 
 #include "bindings/core/v8/ScopedPersistent.h"
 #include "bindings/core/v8/ScriptPromise.h"
 #include "bindings/core/v8/ScriptState.h"
@@ skipping 108 matching lines @@
 
   template <typename T>
   void resolveOrReject(T value, ResolutionState newState) {
     if (m_state != Pending || !getScriptState()->contextIsValid() ||
         !getExecutionContext() || getExecutionContext()->isContextDestroyed())
       return;
     ASSERT(newState == Resolving || newState == Rejecting);
     m_state = newState;
 
     ScriptState::Scope scope(m_scriptState.get());
-    // TODO(aobzhirov): Converting value to the wrapper can trigger assert
-    // if the script is forbidden.
-    // The script check below will be unreachable in this case.
-    m_value.set(m_scriptState->isolate(),
-                ToV8(value, m_scriptState->context()->Global(),
-                     m_scriptState->isolate()));
+
+    // Calling ToV8 in a ScriptForbiddenScope will trigger a RELEASE_ASSERT and
+    // cause a crash. ToV8 just invokes a constructor for wrapper creation,
+    // which is safe (no author script can be run). Adding AllowUserAgentScript
+    // directly inside createWrapper could cause a perf impact (calling
+    // isMainThread() every time a wrapper is created is expensive). Ideally,
+    // resolveOrReject shouldn't be called inside a ScriptForbiddenScope.
+    {
+      ScriptForbiddenScope::AllowUserAgentScript allowScript;
+      m_value.set(m_scriptState->isolate(),
+                  ToV8(value, m_scriptState->context()->Global(),

[haraken, 2017/01/21 01:51:09]

Are we pretty sure that we have no way to invoke a user script in ToV8? (I just
don't know. JS is a very flexible language :-)

[adithyas, 2017/01/23 15:43:30]

If I understand correctly, the constructors called by this function are native
constructors, which cannot be replaced by user script (or rather, I don't know
how to replace these constructors with script). So I'm not sure how you could
invoke user script here.

+                       m_scriptState->isolate()));
+    }
 
     if (getExecutionContext()->isContextSuspended()) {
       // Retain this object until it is actually resolved or rejected.
       keepAliveWhilePending();
       return;
     }
     // TODO(esprehn): This is a hack, instead we should RELEASE_ASSERT that
     // script is allowed, and v8 should be running the entry hooks below and
     // crashing if script is forbidden. We should then audit all users of
     // ScriptPromiseResolver and the related specs and switch to an async
@@ skipping 21 matching lines @@
 
 #if DCHECK_IS_ON()
   // True if promise() is called.
   bool m_isPromiseCalled = false;
 #endif
 };
 
 }  // namespace blink
 
 #endif  // ScriptPromiseResolver_h