Chromium Code Reviews Chromium Code Reviews
Issue 314953005:
Add an ASSERT about cross-world wrapper leakage into ScriptValue (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2009 Apple Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 495 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 506 // We need to hold onto the LocalFrame here because executing script can | 506 // We need to hold onto the LocalFrame here because executing script can |
| 507 // destroy the frame. | 507 // destroy the frame. |
| 508 RefPtr<LocalFrame> protector(m_frame); | 508 RefPtr<LocalFrame> protector(m_frame); |
| 509 RefPtrWillBeRawPtr<Document> ownerDocument(m_frame->document()); | 509 RefPtrWillBeRawPtr<Document> ownerDocument(m_frame->document()); |
| 510 | 510 |
| 511 const int javascriptSchemeLength = sizeof("javascript:") - 1; | 511 const int javascriptSchemeLength = sizeof("javascript:") - 1; |
| 512 | 512 |
| 513 bool locationChangeBefore = m_frame->navigationScheduler().locationChangePen ding(); | 513 bool locationChangeBefore = m_frame->navigationScheduler().locationChangePen ding(); |
| 514 | 514 |
| 515 String decodedURL = decodeURLEscapeSequences(url.string()); | 515 String decodedURL = decodeURLEscapeSequences(url.string()); |
| 516 ScriptValue result = evaluateScriptInMainWorld(ScriptSourceCode(decodedURL.s ubstring(javascriptSchemeLength)), NotSharableCrossOrigin, DoNotExecuteScriptWhe nScriptsDisabled); | 516 v8::HandleScope handleScope(m_isolate); |
| 517 v8::Local<v8::Value> result = evaluateScriptInMainWorld(ScriptSourceCode(dec odedURL.substring(javascriptSchemeLength)), NotSharableCrossOrigin, DoNotExecute ScriptWhenScriptsDisabled); | |
| 517 | 518 |
| 518 // If executing script caused this frame to be removed from the page, we | 519 // If executing script caused this frame to be removed from the page, we |
| 519 // don't want to try to replace its document! | 520 // don't want to try to replace its document! |
| 520 if (!m_frame->page()) | 521 if (!m_frame->page()) |
| 521 return true; | 522 return true; |
| 522 | 523 |
| 523 String scriptResult; | 524 if (result.IsEmpty() || !result->IsString()) |
| 524 if (!result.toString(scriptResult)) | |
| 525 return true; | 525 return true; |
| 526 String scriptResult = toCoreString(v8::Handle<v8::String>::Cast(result)); | |
| 526 | 527 |
| 527 // We're still in a frame, so there should be a DocumentLoader. | 528 // We're still in a frame, so there should be a DocumentLoader. |
| 528 ASSERT(m_frame->document()->loader()); | 529 ASSERT(m_frame->document()->loader()); |
| 529 | |
| 530 if (!locationChangeBefore && m_frame->navigationScheduler().locationChangePe nding()) | 530 if (!locationChangeBefore && m_frame->navigationScheduler().locationChangePe nding()) |
| 531 return true; | 531 return true; |
| 532 | 532 |
| 533 // DocumentWriter::replaceDocument can cause the DocumentLoader to get deref 'ed and possible destroyed, | 533 // DocumentWriter::replaceDocument can cause the DocumentLoader to get deref 'ed and possible destroyed, |
| 534 // so protect it with a RefPtr. | 534 // so protect it with a RefPtr. |
| 535 if (RefPtr<DocumentLoader> loader = m_frame->document()->loader()) { | 535 if (RefPtr<DocumentLoader> loader = m_frame->document()->loader()) { |
| 536 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJa vaScriptURL); | 536 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJa vaScriptURL); |
| 537 loader->replaceDocument(scriptResult, ownerDocument.get()); | 537 loader->replaceDocument(scriptResult, ownerDocument.get()); |
| 538 } | 538 } |
| 539 return true; | 539 return true; |
| 540 } | 540 } |
| 541 | 541 |
| 542 void ScriptController::executeScriptInMainWorld(const String& script, ExecuteScr iptPolicy policy) | 542 void ScriptController::executeScriptInMainWorld(const String& script, ExecuteScr iptPolicy policy) |
| 543 { | 543 { |
| 544 v8::HandleScope handleScope(m_isolate); | |
| 544 evaluateScriptInMainWorld(ScriptSourceCode(script), NotSharableCrossOrigin, policy); | 545 evaluateScriptInMainWorld(ScriptSourceCode(script), NotSharableCrossOrigin, policy); |
| 545 } | 546 } |
| 546 | 547 |
| 547 void ScriptController::executeScriptInMainWorld(const ScriptSourceCode& sourceCo de, AccessControlStatus corsStatus) | 548 void ScriptController::executeScriptInMainWorld(const ScriptSourceCode& sourceCo de, AccessControlStatus corsStatus) |
| 548 { | 549 { |
| 550 v8::HandleScope handleScope(m_isolate); | |
| 549 evaluateScriptInMainWorld(sourceCode, corsStatus, DoNotExecuteScriptWhenScri ptsDisabled); | 551 evaluateScriptInMainWorld(sourceCode, corsStatus, DoNotExecuteScriptWhenScri ptsDisabled); |
| 550 } | 552 } |
| 551 | 553 |
| 552 ScriptValue ScriptController::executeScriptInMainWorldAndReturnValue(const Scrip tSourceCode& sourceCode) | 554 v8::Local<v8::Value> ScriptController::executeScriptInMainWorldAndReturnValue(co nst ScriptSourceCode& sourceCode) |
| 553 { | 555 { |
| 554 return evaluateScriptInMainWorld(sourceCode, NotSharableCrossOrigin, DoNotEx ecuteScriptWhenScriptsDisabled); | 556 return evaluateScriptInMainWorld(sourceCode, NotSharableCrossOrigin, DoNotEx ecuteScriptWhenScriptsDisabled); |
| 555 } | 557 } |
| 556 | 558 |
| 557 ScriptValue ScriptController::evaluateScriptInMainWorld(const ScriptSourceCode& sourceCode, AccessControlStatus corsStatus, ExecuteScriptPolicy policy) | 559 v8::Local<v8::Value> ScriptController::evaluateScriptInMainWorld(const ScriptSou rceCode& sourceCode, AccessControlStatus corsStatus, ExecuteScriptPolicy policy) |
| 558 { | 560 { |
| 559 if (policy == DoNotExecuteScriptWhenScriptsDisabled && !canExecuteScripts(Ab outToExecuteScript)) | 561 if (policy == DoNotExecuteScriptWhenScriptsDisabled && !canExecuteScripts(Ab outToExecuteScript)) |
| 560 return ScriptValue(); | 562 return v8::Local<v8::Value>(); |
| 561 | 563 |
| 562 String sourceURL = sourceCode.url(); | 564 String sourceURL = sourceCode.url(); |
| 563 const String* savedSourceURL = m_sourceURL; | 565 const String* savedSourceURL = m_sourceURL; |
| 564 m_sourceURL = &sourceURL; | 566 m_sourceURL = &sourceURL; |
| 565 | 567 |
| 566 ScriptState* scriptState = ScriptState::forMainWorld(m_frame); | 568 ScriptState* scriptState = ScriptState::forMainWorld(m_frame); |
| 567 if (scriptState->contextIsEmpty()) | 569 if (scriptState->contextIsEmpty()) |
| 568 return ScriptValue(); | 570 return v8::Local<v8::Value>(); |
| 569 | 571 |
| 572 v8::EscapableHandleScope handleScope(scriptState->isolate()); | |
| 570 ScriptState::Scope scope(scriptState); | 573 ScriptState::Scope scope(scriptState); |
| 571 | 574 |
| 572 RefPtr<LocalFrame> protect(m_frame); | 575 RefPtr<LocalFrame> protect(m_frame); |
| 573 if (m_frame->loader().stateMachine()->isDisplayingInitialEmptyDocument()) | 576 if (m_frame->loader().stateMachine()->isDisplayingInitialEmptyDocument()) |
| 574 m_frame->loader().didAccessInitialDocument(); | 577 m_frame->loader().didAccessInitialDocument(); |
| 575 | 578 |
| 576 OwnPtr<ScriptSourceCode> maybeProcessedSourceCode = InspectorInstrumentatio n::preprocess(m_frame, sourceCode); | 579 OwnPtr<ScriptSourceCode> maybeProcessedSourceCode = InspectorInstrumentatio n::preprocess(m_frame, sourceCode); |
| 577 const ScriptSourceCode& sourceCodeToCompile = maybeProcessedSourceCode ? *ma ybeProcessedSourceCode : sourceCode; | 580 const ScriptSourceCode& sourceCodeToCompile = maybeProcessedSourceCode ? *ma ybeProcessedSourceCode : sourceCode; |
| 578 | 581 |
| 579 v8::Local<v8::Value> object = executeScriptAndReturnValue(scriptState->conte xt(), sourceCodeToCompile, corsStatus); | 582 v8::Local<v8::Value> object = executeScriptAndReturnValue(scriptState->conte xt(), sourceCodeToCompile, corsStatus); |
| 580 m_sourceURL = savedSourceURL; | 583 m_sourceURL = savedSourceURL; |
| 581 | 584 |
| 582 if (object.IsEmpty()) | 585 if (object.IsEmpty()) |
| 583 return ScriptValue(); | 586 return v8::Local<v8::Value>(); |
| 584 | 587 |
| 585 return ScriptValue(scriptState, object); | 588 return handleScope.Escape(object); |
| 586 } | 589 } |
| 587 | 590 |
| 588 void ScriptController::executeScriptInIsolatedWorld(int worldID, const Vector<Sc riptSourceCode>& sources, int extensionGroup, Vector<ScriptValue>* results) | 591 void ScriptController::executeScriptInIsolatedWorld(int worldID, const Vector<Sc riptSourceCode>& sources, int extensionGroup, Vector<v8::Local<v8::Value> >* res ults) |
| 589 { | 592 { |
| 590 ASSERT(worldID > 0); | 593 ASSERT(worldID > 0); |
| 591 | 594 |
| 592 RefPtr<DOMWrapperWorld> world = DOMWrapperWorld::ensureIsolatedWorld(worldID , extensionGroup); | 595 RefPtr<DOMWrapperWorld> world = DOMWrapperWorld::ensureIsolatedWorld(worldID , extensionGroup); |
| 593 V8WindowShell* isolatedWorldShell = windowShell(*world); | 596 V8WindowShell* isolatedWorldShell = windowShell(*world); |
| 594 if (!isolatedWorldShell->isContextInitialized()) | 597 if (!isolatedWorldShell->isContextInitialized()) |
| 595 return; | 598 return; |
| 596 | 599 |
| 597 ScriptState* scriptState = isolatedWorldShell->scriptState(); | 600 ScriptState* scriptState = isolatedWorldShell->scriptState(); |
| 601 v8::EscapableHandleScope handleScope(scriptState->isolate()); | |
| 598 ScriptState::Scope scope(scriptState); | 602 ScriptState::Scope scope(scriptState); |
| 599 v8::Local<v8::Array> resultArray = v8::Array::New(m_isolate, sources.size()) ; | 603 v8::Local<v8::Array> resultArray = v8::Array::New(m_isolate, sources.size()) ; |
| 600 | 604 |
| 601 for (size_t i = 0; i < sources.size(); ++i) { | 605 for (size_t i = 0; i < sources.size(); ++i) { |
| 602 v8::Local<v8::Value> evaluationResult = executeScriptAndReturnValue(scri ptState->context(), sources[i]); | 606 v8::Local<v8::Value> evaluationResult = executeScriptAndReturnValue(scri ptState->context(), sources[i]); |
| 603 if (evaluationResult.IsEmpty()) | 607 if (evaluationResult.IsEmpty()) |
| 604 evaluationResult = v8::Local<v8::Value>::New(m_isolate, v8::Undefine d(m_isolate)); | 608 evaluationResult = v8::Local<v8::Value>::New(m_isolate, v8::Undefine d(m_isolate)); |
| 605 resultArray->Set(i, evaluationResult); | 609 resultArray->Set(i, evaluationResult); |
| 606 } | 610 } |
| 607 | 611 |
| 608 if (results) { | 612 if (results) { |
| 609 for (size_t i = 0; i < resultArray->Length(); ++i) | 613 for (size_t i = 0; i < resultArray->Length(); ++i) |
| 610 results->append(ScriptValue(scriptState, resultArray->Get(i))); | 614 results->append(handleScope.Escape(resultArray->Get(i))); |
|
pguyot
2014/11/08 19:28:39
EscapableHandleScope::Escape is supposed to be cal
| |
| 611 } | 615 } |
| 612 } | 616 } |
| 613 | 617 |
| 614 } // namespace WebCore | 618 } // namespace WebCore |
| OLD | NEW |
