OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
96 // different process, i.e. a RemoteFrame. | 96 // different process, i.e. a RemoteFrame. |
97 // | 97 // |
98 // While having a RemoteFrame implies the frame must be cross-origin, the | 98 // While having a RemoteFrame implies the frame must be cross-origin, the |
99 // opposite is not true: a LocalFrame can be same-origin or cross-origin. One | 99 // opposite is not true: a LocalFrame can be same-origin or cross-origin. One |
100 // additional complexity (which slightly violates the HTML standard): it is | 100 // additional complexity (which slightly violates the HTML standard): it is |
101 // possible to have SecurityOrigin::canAccess() return true for a RemoteFrame's | 101 // possible to have SecurityOrigin::canAccess() return true for a RemoteFrame's |
102 // security origin; however, it is important to still deny access as if the | 102 // security origin; however, it is important to still deny access as if the |
103 // frame were cross-origin. This is due to complexities in the process | 103 // frame were cross-origin. This is due to complexities in the process |
104 // allocation model for renderer processes. See https://crbug.com/601629. | 104 // allocation model for renderer processes. See https://crbug.com/601629. |
105 // | 105 // |
106 // ====== LocalWindowProxy/RemoteWindowProxy ====== | 106 // ====== LocalWindowProxy ====== |
107 // Currently, the prototype chain for LocalWindowProxy and RemoteWindowProxy | 107 // Since a LocalWindowProxy can represent a same-origin or cross-origin frame, |
108 // look the same: | 108 // the entire prototype chain must be available: |
109 // | 109 // |
110 // outer global proxy | 110 // outer global proxy |
111 // -- has prototype --> inner global object | 111 // -- has prototype --> inner global object |
112 // -- has prototype --> Window.prototype | 112 // -- has prototype --> Window.prototype |
113 // -- has prototype --> WindowProperties [1] | 113 // -- has prototype --> WindowProperties [1] |
114 // -- has prototype --> EventTarget.prototype | 114 // -- has prototype --> EventTarget.prototype |
115 // -- has prototype --> Object.prototype | 115 // -- has prototype --> Object.prototype |
116 // -- has prototype --> null | 116 // -- has prototype --> null |
117 // | 117 // |
118 // [1] WindowProperties is the named properties object of the Window interface. | 118 // [1] WindowProperties is the named properties object of the Window interface. |
119 // | 119 // |
120 // There is work in progress to refactor RemoteWindowProxy to use remote v8 | 120 // ====== RemoteWindowProxy ====== |
121 // contexts, to reduce the overhead of remote frames. | 121 // Since a RemoteWindowProxy only represents a cross-origin frame, it has a much |
| 122 // simpler prototype chain. |
| 123 // |
| 124 // outer global proxy |
| 125 // -- has prototype --> inner global object |
| 126 // -- has prototype --> null |
| 127 // |
| 128 // Property access to get/set attributes and methods on the outer global proxy |
| 129 // are redirected through the cross-origin interceptors, since any access will |
| 130 // fail the security check, by definition. |
| 131 // |
| 132 // However, note that method invocations still use the inner global object as |
| 133 // the receiver object. Blink bindings use v8::Signature to perform a strict |
| 134 // receiver check, which requires that the FunctionTemplate used to instantiate |
| 135 // the receiver object matches exactly. However, when creating a new context, |
| 136 // only inner global object is instantiated using Blink's global template, so by |
| 137 // definition, it is the only receiver object in the prototype chain that will |
| 138 // match. |
| 139 // |
122 // | 140 // |
123 // ====== References ====== | 141 // ====== References ====== |
124 // https://wiki.mozilla.org/Gecko:SplitWindow | 142 // https://wiki.mozilla.org/Gecko:SplitWindow |
125 // https://whatwg.org/C/browsers.html#the-windowproxy-exotic-object | 143 // https://whatwg.org/C/browsers.html#the-windowproxy-exotic-object |
126 class WindowProxy : public GarbageCollectedFinalized<WindowProxy> { | 144 class WindowProxy : public GarbageCollectedFinalized<WindowProxy> { |
127 public: | 145 public: |
128 virtual ~WindowProxy(); | 146 virtual ~WindowProxy(); |
129 | 147 |
130 DECLARE_TRACE(); | 148 DECLARE_TRACE(); |
131 | 149 |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
187 protected: | 205 protected: |
188 // TODO(dcheng): Consider making these private and using getters. | 206 // TODO(dcheng): Consider making these private and using getters. |
189 const RefPtr<DOMWrapperWorld> m_world; | 207 const RefPtr<DOMWrapperWorld> m_world; |
190 ScopedPersistent<v8::Object> m_globalProxy; | 208 ScopedPersistent<v8::Object> m_globalProxy; |
191 Lifecycle m_lifecycle; | 209 Lifecycle m_lifecycle; |
192 }; | 210 }; |
193 | 211 |
194 } // namespace blink | 212 } // namespace blink |
195 | 213 |
196 #endif // WindowProxy_h | 214 #endif // WindowProxy_h |
OLD | NEW |