OLD | NEW |
1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdlib.h> | 5 #include <stdlib.h> |
6 #include <limits> | 6 #include <limits> |
7 | 7 |
8 #include "src/v8.h" | 8 #include "src/v8.h" |
9 | 9 |
10 #include "src/accessors.h" | 10 #include "src/accessors.h" |
(...skipping 9764 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9775 // No callback set and code generation disallowed. | 9775 // No callback set and code generation disallowed. |
9776 return false; | 9776 return false; |
9777 } else { | 9777 } else { |
9778 // Callback set. Let it decide if code generation is allowed. | 9778 // Callback set. Let it decide if code generation is allowed. |
9779 VMState<EXTERNAL> state(isolate); | 9779 VMState<EXTERNAL> state(isolate); |
9780 return callback(v8::Utils::ToLocal(context)); | 9780 return callback(v8::Utils::ToLocal(context)); |
9781 } | 9781 } |
9782 } | 9782 } |
9783 | 9783 |
9784 | 9784 |
| 9785 // Walk up the stack expecting: |
| 9786 // - Runtime_CompileString |
| 9787 // - JSFunction callee (eval, Function constructor, etc) |
| 9788 // - call() (maybe) |
| 9789 // - apply() (maybe) |
| 9790 // - bind() (maybe) |
| 9791 // - JSFunction caller (maybe) |
| 9792 // |
| 9793 // return true if the caller has the same security token as the callee |
| 9794 // or if an exit frame was hit, in which case allow it through, as it could |
| 9795 // have come through the api. |
| 9796 static bool TokensMatchForCompileString(Isolate* isolate) { |
| 9797 MaybeHandle<JSFunction> callee; |
| 9798 bool exit_handled = true; |
| 9799 bool tokens_match = true; |
| 9800 bool done = false; |
| 9801 for (StackFrameIterator it(isolate); !it.done() && !done; it.Advance()) { |
| 9802 StackFrame* raw_frame = it.frame(); |
| 9803 if (!raw_frame->is_java_script()) { |
| 9804 if (raw_frame->is_exit()) exit_handled = false; |
| 9805 continue; |
| 9806 } |
| 9807 JavaScriptFrame* outer_frame = JavaScriptFrame::cast(raw_frame); |
| 9808 List<FrameSummary> frames(FLAG_max_inlining_levels + 1); |
| 9809 outer_frame->Summarize(&frames); |
| 9810 for (int i = frames.length() - 1; i >= 0 && !done; --i) { |
| 9811 FrameSummary& frame = frames[i]; |
| 9812 Handle<JSFunction> fun = frame.function(); |
| 9813 // Capture the callee function. |
| 9814 if (callee.is_null()) { |
| 9815 callee = fun; |
| 9816 exit_handled = true; |
| 9817 continue; |
| 9818 } |
| 9819 // Exit condition. |
| 9820 Handle<Context> context(callee.ToHandleChecked()->context()); |
| 9821 if (!fun->context()->HasSameSecurityTokenAs(*context)) { |
| 9822 tokens_match = false; |
| 9823 done = true; |
| 9824 continue; |
| 9825 } |
| 9826 // Skip bound functions in correct origin. |
| 9827 if (fun->shared()->bound()) { |
| 9828 exit_handled = true; |
| 9829 continue; |
| 9830 } |
| 9831 done = true; |
| 9832 } |
| 9833 } |
| 9834 return !exit_handled || tokens_match; |
| 9835 } |
| 9836 |
| 9837 |
9785 RUNTIME_FUNCTION(Runtime_CompileString) { | 9838 RUNTIME_FUNCTION(Runtime_CompileString) { |
9786 HandleScope scope(isolate); | 9839 HandleScope scope(isolate); |
9787 ASSERT(args.length() == 2); | 9840 ASSERT(args.length() == 2); |
9788 CONVERT_ARG_HANDLE_CHECKED(String, source, 0); | 9841 CONVERT_ARG_HANDLE_CHECKED(String, source, 0); |
9789 CONVERT_BOOLEAN_ARG_CHECKED(function_literal_only, 1); | 9842 CONVERT_BOOLEAN_ARG_CHECKED(function_literal_only, 1); |
9790 | 9843 |
9791 // Extract native context. | 9844 // Extract native context. |
9792 Handle<Context> context(isolate->context()->native_context()); | 9845 Handle<Context> context(isolate->context()->native_context()); |
9793 | 9846 |
| 9847 // Filter cross security context calls. |
| 9848 if (!TokensMatchForCompileString(isolate)) { |
| 9849 return isolate->heap()->undefined_value(); |
| 9850 } |
| 9851 |
9794 // Check if native context allows code generation from | 9852 // Check if native context allows code generation from |
9795 // strings. Throw an exception if it doesn't. | 9853 // strings. Throw an exception if it doesn't. |
9796 if (context->allow_code_gen_from_strings()->IsFalse() && | 9854 if (context->allow_code_gen_from_strings()->IsFalse() && |
9797 !CodeGenerationFromStringsAllowed(isolate, context)) { | 9855 !CodeGenerationFromStringsAllowed(isolate, context)) { |
9798 Handle<Object> error_message = | 9856 Handle<Object> error_message = |
9799 context->ErrorMessageForCodeGenerationFromStrings(); | 9857 context->ErrorMessageForCodeGenerationFromStrings(); |
9800 return isolate->Throw(*isolate->factory()->NewEvalError( | 9858 return isolate->Throw(*isolate->factory()->NewEvalError( |
9801 "code_gen_from_strings", HandleVector<Object>(&error_message, 1))); | 9859 "code_gen_from_strings", HandleVector<Object>(&error_message, 1))); |
9802 } | 9860 } |
9803 | 9861 |
(...skipping 5339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
15143 } | 15201 } |
15144 return NULL; | 15202 return NULL; |
15145 } | 15203 } |
15146 | 15204 |
15147 | 15205 |
15148 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { | 15206 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { |
15149 return &(kIntrinsicFunctions[static_cast<int>(id)]); | 15207 return &(kIntrinsicFunctions[static_cast<int>(id)]); |
15150 } | 15208 } |
15151 | 15209 |
15152 } } // namespace v8::internal | 15210 } } // namespace v8::internal |
OLD | NEW |