Implement WindowTimers.set{Timeout,Interval} without [Custom]

Source/core/frame/DOMWindowTimers.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved.
  * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) 2013 Samsung Electronics. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
@@ skipping 15 matching lines @@
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "core/frame/DOMWindowTimers.h"
 
+#include "core/dom/Document.h"
+#include "core/dom/ExecutionContext.h"
 #include "core/events/EventTarget.h"
 #include "core/frame/DOMTimer.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
+#include "core/workers/WorkerGlobalScope.h"
 
 namespace blink {
 
 namespace DOMWindowTimers {
 
-int setTimeout(EventTarget& eventTarget, PassOwnPtr<ScheduledAction> action, int timeout)
+static bool isAllowed(ExecutionContext* executionContext, bool isEval)
 {
-    return DOMTimer::install(eventTarget.executionContext(), action, timeout, true);
+    if (executionContext->isDocument()) {
+        Document* document = static_cast<Document*>(executionContext);
+        if (isEval && !document->contentSecurityPolicy()->allowEval())
+            return false;
+        return true;
+    }
+    if (executionContext->isWorkerGlobalScope()) {
+        WorkerGlobalScope* workerGlobalScope = static_cast<WorkerGlobalScope*>(executionContext);
+        if (!workerGlobalScope->script())
+            return false;
+        ContentSecurityPolicy* policy = workerGlobalScope->contentSecurityPolicy();
+        if (isEval && policy && !policy->allowEval())
+            return false;
+        return true;
+    }
+    ASSERT_NOT_REACHED();
+    return false;
 }
 
-int setInterval(EventTarget& eventTarget, PassOwnPtr<ScheduledAction> action, int timeout)
+int setTimeout(ScriptState* scriptState, EventTarget& eventTarget, const ScriptValue& handler, int timeout, const Vector<ScriptValue>& arguments)
 {
-    return DOMTimer::install(eventTarget.executionContext(), action, timeout, false);
+    ExecutionContext* executionContext = eventTarget.executionContext();
+    if (!isAllowed(executionContext, false))
+        return 0;
+    OwnPtr<ScheduledAction> action = ScheduledAction::create(scriptState, handler, arguments);
+    return DOMTimer::install(executionContext, action.release(), timeout, true);
+}
+
+int setTimeout(ScriptState* scriptState, EventTarget& eventTarget, String handler, int timeout, const Vector<ScriptValue>&)
+{
+    ExecutionContext* executionContext = eventTarget.executionContext();
+    if (!isAllowed(executionContext, true))
+        return 0;
+    // Don't allow setting timeouts to run empty functions!
+    // (Bug 1009597)

[Yuta Kitamura, 2014/11/14 08:24:06]

I know that's not something you wrote, but I had initially no
idea about where the number came from ;)

This actually came from Google's internal bug tracker, and
the bug was essentially about some sites taking 40-50% CPU for
empty handlers.

[BTW, this should not be the case with our current implementation,
because we now align the tasks in 4ms granurality, IIRC. However,
there's no strong reason to drop this early return, so I think we
can just keep this optimization.]

So, to summarize, you can simply drop the bug number, and possibly
add some comments mentioning that some empty hander was a CPU hog
in the past.

[Jens Widell, 2014/11/14 10:19:27]

Thanks for the information! I did wonder what kind of bug number it was, but
since I just copied the code, I didn't wonder enough to take any action. :-)

Comment(s) modified slightly.

+    if (handler.isEmpty())
+        return 0;
+    OwnPtr<ScheduledAction> action = ScheduledAction::create(scriptState, handler);
+    return DOMTimer::install(executionContext, action.release(), timeout, true);
+}
+
+int setInterval(ScriptState* scriptState, EventTarget& eventTarget, const ScriptValue& handler, int timeout, const Vector<ScriptValue>& arguments)
+{
+    ExecutionContext* executionContext = eventTarget.executionContext();
+    if (!isAllowed(executionContext, false))
+        return 0;
+    OwnPtr<ScheduledAction> action = ScheduledAction::create(scriptState, handler, arguments);
+    return DOMTimer::install(executionContext, action.release(), timeout, false);
+}
+
+int setInterval(ScriptState* scriptState, EventTarget& eventTarget, String handler, int timeout, const Vector<ScriptValue>&)
+{
+    ExecutionContext* executionContext = eventTarget.executionContext();
+    if (!isAllowed(executionContext, true))
+        return 0;
+    // Don't allow setting timeouts to run empty functions!
+    // (Bug 1009597)

[Yuta Kitamura, 2014/11/14 08:24:06]

Ditto.

+    if (handler.isEmpty())
+        return 0;
+    OwnPtr<ScheduledAction> action = ScheduledAction::create(scriptState, handler);
+    return DOMTimer::install(executionContext, action.release(), timeout, false);
 }
 
 void clearTimeout(EventTarget& eventTarget, int timeoutID)
 {
     if (ExecutionContext* context = eventTarget.executionContext())
         DOMTimer::removeByID(context, timeoutID);
 }
 
 void clearInterval(EventTarget& eventTarget, int timeoutID)
 {
     if (ExecutionContext* context = eventTarget.executionContext())
         DOMTimer::removeByID(context, timeoutID);
 }
 
 } // namespace DOMWindowTimers
 
 } // namespace blink