OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 13 matching lines...) Expand all Loading... |
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #ifndef WindowProxy_h | 31 #ifndef WindowProxy_h |
32 #define WindowProxy_h | 32 #define WindowProxy_h |
33 | 33 |
| 34 #include <v8.h> |
34 #include "bindings/core/v8/DOMWrapperWorld.h" | 35 #include "bindings/core/v8/DOMWrapperWorld.h" |
35 #include "bindings/core/v8/ScopedPersistent.h" | 36 #include "bindings/core/v8/ScopedPersistent.h" |
36 #include "core/CoreExport.h" | 37 #include "core/CoreExport.h" |
37 #include "platform/heap/Handle.h" | 38 #include "platform/heap/Handle.h" |
38 #include "v8/include/v8.h" | 39 #include "v8/include/v8.h" |
39 #include "wtf/RefPtr.h" | 40 #include "wtf/RefPtr.h" |
40 | 41 |
41 namespace blink { | 42 namespace blink { |
42 | 43 |
43 class Frame; | 44 class Frame; |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 // different process, i.e. a RemoteFrame. | 95 // different process, i.e. a RemoteFrame. |
95 // | 96 // |
96 // While having a RemoteFrame implies the frame must be cross-origin, the | 97 // While having a RemoteFrame implies the frame must be cross-origin, the |
97 // opposite is not true: a LocalFrame can be same-origin or cross-origin. One | 98 // opposite is not true: a LocalFrame can be same-origin or cross-origin. One |
98 // additional complexity (which slightly violates the HTML standard): it is | 99 // additional complexity (which slightly violates the HTML standard): it is |
99 // possible to have SecurityOrigin::canAccess() return true for a RemoteFrame's | 100 // possible to have SecurityOrigin::canAccess() return true for a RemoteFrame's |
100 // security origin; however, it is important to still deny access as if the | 101 // security origin; however, it is important to still deny access as if the |
101 // frame were cross-origin. This is due to complexities in the process | 102 // frame were cross-origin. This is due to complexities in the process |
102 // allocation model for renderer processes. See https://crbug.com/601629. | 103 // allocation model for renderer processes. See https://crbug.com/601629. |
103 // | 104 // |
104 // ====== LocalWindowProxy/RemoteWindowProxy ====== | 105 // ====== LocalWindowProxy ====== |
105 // Currently, the prototype chain for LocalWindowProxy and RemoteWindowProxy | 106 // Since a LocalWindowProxy can represent a same-origin or cross-origin frame, |
106 // look the same: | 107 // the entire prototype chain must be available: |
107 // | 108 // |
108 // outer global proxy | 109 // outer global proxy |
109 // -- has prototype --> inner global object | 110 // -- has prototype --> inner global object |
110 // -- has prototype --> Window.prototype | 111 // -- has prototype --> Window.prototype |
111 // -- has prototype --> WindowProperties [1] | 112 // -- has prototype --> WindowProperties [1] |
112 // -- has prototype --> EventTarget.prototype | 113 // -- has prototype --> EventTarget.prototype |
113 // -- has prototype --> Object.prototype | 114 // -- has prototype --> Object.prototype |
114 // -- has prototype --> null | 115 // -- has prototype --> null |
115 // | 116 // |
116 // [1] WindowProperties is the named properties object of the Window interface. | 117 // [1] WindowProperties is the named properties object of the Window interface. |
117 // | 118 // |
118 // There is work in progress to refactor RemoteWindowProxy to use remote v8 | 119 // ====== RemoteWindowProxy ====== |
119 // contexts, to reduce the overhead of remote frames. | 120 // Since a RemoteWindowProxy only represents a cross-origin frame, it has a much |
| 121 // simpler prototype chain. |
| 122 // |
| 123 // outer global proxy |
| 124 // -- has prototype --> inner global object |
| 125 // -- has prototype --> null |
| 126 // |
| 127 // Property access to get/set attributes and methods on the outer global proxy |
| 128 // are redirected through the cross-origin interceptors, since any access will |
| 129 // fail the security check, by definition. |
| 130 // |
| 131 // However, note that method invocations still use the inner global object as |
| 132 // the receiver object. Blink bindings use v8::Signature to perform a strict |
| 133 // receiver check, which requires that the FunctionTemplate used to instantiate |
| 134 // the receiver object matches exactly. However, when creating a new context, |
| 135 // only inner global object is instantiated using Blink's global template, so by |
| 136 // definition, it is the only receiver object in the prototype chain that will |
| 137 // match. |
120 // | 138 // |
121 // ====== References ====== | 139 // ====== References ====== |
122 // https://wiki.mozilla.org/Gecko:SplitWindow | 140 // https://wiki.mozilla.org/Gecko:SplitWindow |
123 // https://whatwg.org/C/browsers.html#the-windowproxy-exotic-object | 141 // https://whatwg.org/C/browsers.html#the-windowproxy-exotic-object |
124 class WindowProxy : public GarbageCollectedFinalized<WindowProxy> { | 142 class WindowProxy : public GarbageCollectedFinalized<WindowProxy> { |
125 public: | 143 public: |
126 virtual ~WindowProxy(); | 144 virtual ~WindowProxy(); |
127 | 145 |
128 DECLARE_TRACE(); | 146 DECLARE_TRACE(); |
129 | 147 |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 protected: | 192 protected: |
175 // TODO(dcheng): Consider making these private and using getters. | 193 // TODO(dcheng): Consider making these private and using getters. |
176 const RefPtr<DOMWrapperWorld> m_world; | 194 const RefPtr<DOMWrapperWorld> m_world; |
177 ScopedPersistent<v8::Object> m_globalProxy; | 195 ScopedPersistent<v8::Object> m_globalProxy; |
178 Lifecycle m_lifecycle; | 196 Lifecycle m_lifecycle; |
179 }; | 197 }; |
180 | 198 |
181 } // namespace blink | 199 } // namespace blink |
182 | 200 |
183 #endif // WindowProxy_h | 201 #endif // WindowProxy_h |
OLD | NEW |