Revert "filter cross context eval"

src/runtime.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdlib.h>
 #include <limits>
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
@@ skipping 9803 matching lines @@
     // No callback set and code generation disallowed.
     return false;
   } else {
     // Callback set. Let it decide if code generation is allowed.
     VMState<EXTERNAL> state(isolate);
     return callback(v8::Utils::ToLocal(context));
   }
 }
 
 
-// Walk up the stack expecting:
-//  - Runtime_CompileString
-//  - JSFunction callee (eval, Function constructor, etc)
-//  - call() (maybe)
-//  - apply() (maybe)
-//  - bind() (maybe)
-// - JSFunction caller (maybe)
-//
-// return true if the caller has the same security token as the callee
-// or if an exit frame was hit, in which case allow it through, as it could
-// have come through the api.
-static bool TokensMatchForCompileString(Isolate* isolate) {
-  MaybeHandle<JSFunction> callee;
-  bool exit_handled = true;
-  bool tokens_match = true;
-  bool done = false;
-  for (StackFrameIterator it(isolate); !it.done() && !done; it.Advance()) {
-    StackFrame* raw_frame = it.frame();
-    if (!raw_frame->is_java_script()) {
-      if (raw_frame->is_exit()) exit_handled = false;
-      continue;
-    }
-    JavaScriptFrame* outer_frame = JavaScriptFrame::cast(raw_frame);
-    List<FrameSummary> frames(FLAG_max_inlining_levels + 1);
-    outer_frame->Summarize(&frames);
-    for (int i = frames.length() - 1; i >= 0 && !done; --i) {
-      FrameSummary& frame = frames[i];
-      Handle<JSFunction> fun = frame.function();
-      // Capture the callee function.
-      if (callee.is_null()) {
-        callee = fun;
-        exit_handled = true;
-        continue;
-      }
-      // Exit condition.
-      Handle<Context> context(callee.ToHandleChecked()->context());
-      if (!fun->context()->HasSameSecurityTokenAs(*context)) {
-        tokens_match = false;
-        done = true;
-        continue;
-      }
-      // Skip bound functions in correct origin.
-      if (fun->shared()->bound()) {
-        exit_handled = true;
-        continue;
-      }
-      done = true;
-    }
-  }
-  return !exit_handled || tokens_match;
-}
-
-
 RUNTIME_FUNCTION(Runtime_CompileString) {
   HandleScope scope(isolate);
   DCHECK(args.length() == 2);
   CONVERT_ARG_HANDLE_CHECKED(String, source, 0);
   CONVERT_BOOLEAN_ARG_CHECKED(function_literal_only, 1);
 
   // Extract native context.
   Handle<Context> context(isolate->native_context());
 
-  // Filter cross security context calls.
-  if (!TokensMatchForCompileString(isolate)) {
-    return isolate->heap()->undefined_value();
-  }
-
   // Check if native context allows code generation from
   // strings. Throw an exception if it doesn't.
   if (context->allow_code_gen_from_strings()->IsFalse() &&
       !CodeGenerationFromStringsAllowed(isolate, context)) {
     Handle<Object> error_message =
         context->ErrorMessageForCodeGenerationFromStrings();
     THROW_NEW_ERROR_RETURN_FAILURE(
         isolate, NewEvalError("code_gen_from_strings",
                               HandleVector<Object>(&error_message, 1)));
   }
@@ skipping 5847 matching lines @@
   }
   return NULL;
 }
 
 
 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
   return &(kIntrinsicFunctions[static_cast<int>(id)]);
 }
 
 } }  // namespace v8::internal