OLD | NEW |
1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdlib.h> | 5 #include <stdlib.h> |
6 #include <limits> | 6 #include <limits> |
7 | 7 |
8 #include "src/v8.h" | 8 #include "src/v8.h" |
9 | 9 |
10 #include "src/accessors.h" | 10 #include "src/accessors.h" |
(...skipping 9803 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9814 // No callback set and code generation disallowed. | 9814 // No callback set and code generation disallowed. |
9815 return false; | 9815 return false; |
9816 } else { | 9816 } else { |
9817 // Callback set. Let it decide if code generation is allowed. | 9817 // Callback set. Let it decide if code generation is allowed. |
9818 VMState<EXTERNAL> state(isolate); | 9818 VMState<EXTERNAL> state(isolate); |
9819 return callback(v8::Utils::ToLocal(context)); | 9819 return callback(v8::Utils::ToLocal(context)); |
9820 } | 9820 } |
9821 } | 9821 } |
9822 | 9822 |
9823 | 9823 |
9824 // Walk up the stack expecting: | |
9825 // - Runtime_CompileString | |
9826 // - JSFunction callee (eval, Function constructor, etc) | |
9827 // - call() (maybe) | |
9828 // - apply() (maybe) | |
9829 // - bind() (maybe) | |
9830 // - JSFunction caller (maybe) | |
9831 // | |
9832 // return true if the caller has the same security token as the callee | |
9833 // or if an exit frame was hit, in which case allow it through, as it could | |
9834 // have come through the api. | |
9835 static bool TokensMatchForCompileString(Isolate* isolate) { | |
9836 MaybeHandle<JSFunction> callee; | |
9837 bool exit_handled = true; | |
9838 bool tokens_match = true; | |
9839 bool done = false; | |
9840 for (StackFrameIterator it(isolate); !it.done() && !done; it.Advance()) { | |
9841 StackFrame* raw_frame = it.frame(); | |
9842 if (!raw_frame->is_java_script()) { | |
9843 if (raw_frame->is_exit()) exit_handled = false; | |
9844 continue; | |
9845 } | |
9846 JavaScriptFrame* outer_frame = JavaScriptFrame::cast(raw_frame); | |
9847 List<FrameSummary> frames(FLAG_max_inlining_levels + 1); | |
9848 outer_frame->Summarize(&frames); | |
9849 for (int i = frames.length() - 1; i >= 0 && !done; --i) { | |
9850 FrameSummary& frame = frames[i]; | |
9851 Handle<JSFunction> fun = frame.function(); | |
9852 // Capture the callee function. | |
9853 if (callee.is_null()) { | |
9854 callee = fun; | |
9855 exit_handled = true; | |
9856 continue; | |
9857 } | |
9858 // Exit condition. | |
9859 Handle<Context> context(callee.ToHandleChecked()->context()); | |
9860 if (!fun->context()->HasSameSecurityTokenAs(*context)) { | |
9861 tokens_match = false; | |
9862 done = true; | |
9863 continue; | |
9864 } | |
9865 // Skip bound functions in correct origin. | |
9866 if (fun->shared()->bound()) { | |
9867 exit_handled = true; | |
9868 continue; | |
9869 } | |
9870 done = true; | |
9871 } | |
9872 } | |
9873 return !exit_handled || tokens_match; | |
9874 } | |
9875 | |
9876 | |
9877 RUNTIME_FUNCTION(Runtime_CompileString) { | 9824 RUNTIME_FUNCTION(Runtime_CompileString) { |
9878 HandleScope scope(isolate); | 9825 HandleScope scope(isolate); |
9879 DCHECK(args.length() == 2); | 9826 DCHECK(args.length() == 2); |
9880 CONVERT_ARG_HANDLE_CHECKED(String, source, 0); | 9827 CONVERT_ARG_HANDLE_CHECKED(String, source, 0); |
9881 CONVERT_BOOLEAN_ARG_CHECKED(function_literal_only, 1); | 9828 CONVERT_BOOLEAN_ARG_CHECKED(function_literal_only, 1); |
9882 | 9829 |
9883 // Extract native context. | 9830 // Extract native context. |
9884 Handle<Context> context(isolate->native_context()); | 9831 Handle<Context> context(isolate->native_context()); |
9885 | 9832 |
9886 // Filter cross security context calls. | |
9887 if (!TokensMatchForCompileString(isolate)) { | |
9888 return isolate->heap()->undefined_value(); | |
9889 } | |
9890 | |
9891 // Check if native context allows code generation from | 9833 // Check if native context allows code generation from |
9892 // strings. Throw an exception if it doesn't. | 9834 // strings. Throw an exception if it doesn't. |
9893 if (context->allow_code_gen_from_strings()->IsFalse() && | 9835 if (context->allow_code_gen_from_strings()->IsFalse() && |
9894 !CodeGenerationFromStringsAllowed(isolate, context)) { | 9836 !CodeGenerationFromStringsAllowed(isolate, context)) { |
9895 Handle<Object> error_message = | 9837 Handle<Object> error_message = |
9896 context->ErrorMessageForCodeGenerationFromStrings(); | 9838 context->ErrorMessageForCodeGenerationFromStrings(); |
9897 THROW_NEW_ERROR_RETURN_FAILURE( | 9839 THROW_NEW_ERROR_RETURN_FAILURE( |
9898 isolate, NewEvalError("code_gen_from_strings", | 9840 isolate, NewEvalError("code_gen_from_strings", |
9899 HandleVector<Object>(&error_message, 1))); | 9841 HandleVector<Object>(&error_message, 1))); |
9900 } | 9842 } |
(...skipping 5847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
15748 } | 15690 } |
15749 return NULL; | 15691 return NULL; |
15750 } | 15692 } |
15751 | 15693 |
15752 | 15694 |
15753 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { | 15695 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { |
15754 return &(kIntrinsicFunctions[static_cast<int>(id)]); | 15696 return &(kIntrinsicFunctions[static_cast<int>(id)]); |
15755 } | 15697 } |
15756 | 15698 |
15757 } } // namespace v8::internal | 15699 } } // namespace v8::internal |
OLD | NEW |