Chromium Code Reviews| Index: third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h |
| diff --git a/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h b/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h |
| index 2eb716d8a32d33f2f91abae5b58aeb67a75db33a..fcb38a2954ebde1f82cb30752f5ce78b3222f482 100644 |
| --- a/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h |
| +++ b/third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h |
| @@ -126,12 +126,19 @@ class CORE_EXPORT ScriptPromiseResolver |
| m_state = newState; |
| ScriptState::Scope scope(m_scriptState.get()); |
| - // TODO(aobzhirov): Converting value to the wrapper can trigger assert |
| - // if the script is forbidden. |
| - // The script check below will be unreachable in this case. |
| - m_value.set(m_scriptState->isolate(), |
| - ToV8(value, m_scriptState->context()->Global(), |
| - m_scriptState->isolate())); |
| + |
| + // Calling ToV8 in a ScriptForbiddenScope will trigger a RELEASE_ASSERT and |
| + // cause a crash. ToV8 just invokes a constructor for wrapper creation, |
| + // which is safe (no author script can be run). Adding AllowUserAgentScript |
| + // directly inside createWrapper could cause a perf impact (calling |
| + // isMainThread() every time a wrapper is created is expensive). Ideally, |
| + // resolveOrReject shouldn't be called inside a ScriptForbiddenScope. |
| + { |
| + ScriptForbiddenScope::AllowUserAgentScript allowScript; |
| + m_value.set(m_scriptState->isolate(), |
| + ToV8(value, m_scriptState->context()->Global(), |
|
haraken
2017/01/21 01:51:09
Are we pretty sure that we have no way to invoke a
adithyas
2017/01/23 15:43:30
If I understand correctly, the constructors called
|
| + m_scriptState->isolate())); |
| + } |
| if (getExecutionContext()->isContextSuspended()) { |
| // Retain this object until it is actually resolved or rejected. |