IDL compiler: [CheckSecurity=Frame] interface + [DoNotCheckSecurity] members

Source/bindings/templates/interface.cpp

Index: Source/bindings/templates/interface.cpp
diff --git a/Source/bindings/templates/interface.cpp b/Source/bindings/templates/interface.cpp
index c398adde5d3e88bd9c1c4b3a4379337a24753b3e..bfbf95c87a9df1fcfa273ef2720447c32e44674a 100644
--- a/Source/bindings/templates/interface.cpp
+++ b/Source/bindings/templates/interface.cpp
@@ -98,6 +98,35 @@ bool namedSecurityCheck(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8
 
 
 {##############################################################################}
+{% block domain_safe_method_setter %}

[haraken, 2013/11/21 10:13:05]

domain_safe_method_setter => origin_safe_method_setter

+{% if has_domain_safe_method_setter %}
+static void {{cpp_class_name}}OriginSafeMethodSetter(v8::Local<v8::String> name, v8::Local<v8::Value> jsValue, const v8::PropertyCallbackInfo<void>& info)
+{
+    v8::Handle<v8::Object> holder = info.This()->FindInstanceInPrototypeChain({{v8_class_name}}::GetTemplate(info.GetIsolate(), worldType(info.GetIsolate())));
+    if (holder.IsEmpty())
+        return;
+    {{cpp_class_name}}* imp = {{v8_class_name}}::toNative(holder);
+    ExceptionState exceptionState(info.Holder(), info.GetIsolate());

[haraken, 2013/11/21 10:13:05]

Nit: You want to avoid calling info.GetIsolate() three times.

[Nils Barth (inactive), 2013/11/22 03:17:52]

Can I just add:
v8::Isolate isolate = info.GetIsolate();
...and use |isolate|?
(Is so, I'll do in followup.)

[haraken, 2013/11/22 05:53:26]

Yes. We're doing it in a lot of places.

[Nils Barth (inactive), 2013/11/22 06:04:05]

Got it; will throughout in one followup.

+    if (!BindingSecurity::shouldAllowAccessToFrame(imp->frame(), exceptionState)) {
+        exceptionState.throwIfNeeded();
+        return;
+    }
+
+    info.This()->SetHiddenValue(name, jsValue);
+}
+
+static void {{cpp_class_name}}OriginSafeMethodSetterCallback(v8::Local<v8::String> name, v8::Local<v8::Value> jsValue, const v8::PropertyCallbackInfo<void>& info)
+{
+    TRACE_EVENT_SET_SAMPLING_STATE("Blink", "DOMSetter");
+    {{cpp_class_name}}V8Internal::{{cpp_class_name}}OriginSafeMethodSetter(name, jsValue, info);
+    TRACE_EVENT_SET_SAMPLING_STATE("V8", "Execution");
+}
+
+{% endif %}
+{% endblock %}
+
+
+{##############################################################################}
 {% block class_attributes %}
 {# FIXME: rename to install_attributes and put into configure_class_template #}
 {% if attributes %}
@@ -204,6 +233,17 @@ static v8::Handle<v8::FunctionTemplate> Configure{{v8_class_name}}Template(v8::H
     {% if not method.overload_index or method.overload_index == 1 %}
     {# For overloaded methods, only generate one accessor #}
     {% filter conditional(method.conditional_string) %}
+    {% if method.is_do_not_check_security %}
+    {% if method.is_per_world_bindings %}
+    if (currentWorldType == MainWorld) {
+        {{install_do_not_check_security_signature(method, 'ForMainWorld')}}
+    } else {
+        {{install_do_not_check_security_signature(method)}}
+    }
+    {% else %}
+    {{install_do_not_check_security_signature(method)}}
+    {% endif %}
+    {% else %}{# is_do_not_check_security #}
     {% if method.is_per_world_bindings %}
     if (currentWorldType == MainWorld) {
         {% filter runtime_enabled(method.runtime_enabled_function_name) %}
@@ -219,6 +259,7 @@ static v8::Handle<v8::FunctionTemplate> Configure{{v8_class_name}}Template(v8::H
     {{install_custom_signature(method)}}
     {% endfilter %}
     {% endif %}
+    {% endif %}{# is_do_not_check_security #}
     {% endfilter %}
     {% endif %}{# install_custom_signature #}
     {% endfor %}
@@ -240,6 +281,25 @@ static v8::Handle<v8::FunctionTemplate> Configure{{v8_class_name}}Template(v8::H
 
 
 {######################################}
+{% macro install_do_not_check_security_signature(method, world_suffix) %}
+{# FIXME: move to V8DOMConfiguration::installDOMCallbacksWithDoNotCheckSecuritySignature #}
+{# Methods that are [DoNotCheckSecurity] are always readable, but if they are
+   changed and then accessed on a different domain, we do not return the

[haraken, 2013/11/21 10:13:05]

domain => origin

+   underlying value, but instead return a new copy of the original function.
+   This is achieved by storing the changed value as a hidden property. #}
+{% set callback_name = '%sV8Internal::%sOriginSafeMethodGetterCallback%s' %

[haraken, 2013/11/21 10:13:05]

callback_name => getter_callback

[Nils Barth (inactive), 2013/11/22 03:17:52]

Done.
Also renamed callback_name => callback throughout.

Question:
There are 2 other uses of _name which seem unnecessary:
runtime_enabled_function_name / per_context_enabled_function_name
...which is used a couple places, and is a bit long, and
cpp_class_name and v8_class_name
...which are used everywhere.
(It's clearly a name, since it's in the template!)

Should I remove _name (in a followup CL)?

[haraken, 2013/11/22 05:53:26]

Either is fine with me as long as it's consistent through the compiler :)

[Nils Barth (inactive), 2013/11/22 06:04:05]

Got it; will do in followup.

+                       (cpp_class_name, method.name, world_suffix) %}
+{% set setter =

[haraken, 2013/11/21 10:13:05]

setter => setter_callback

[Nils Barth (inactive), 2013/11/22 03:17:52]

Done.

+    '{0}V8Internal::{0}OriginSafeMethodSetterCallback'.format(cpp_class_name)
+    if not method.is_read_only else '0' %}
+{% set property_attribute =
+    'static_cast<v8::PropertyAttribute>(%s)' %
+    ' | '.join(method.property_attributes or ['v8::DontDelete']) %}
+{{method.function_template}}->SetAccessor(v8::String::NewSymbol("{{method.name}}"), {{callback_name}}, {{setter}}, v8Undefined(), v8::ALL_CAN_READ, {{property_attribute}});
+{%- endmacro %}
+
+
+{######################################}
 {% macro install_custom_signature(method, world_suffix) %}
 {# FIXME: move to V8DOMConfiguration::installDOMCallbacksWithCustomSignature #}
 {% set callback_name = '%sV8Internal::%sMethodCallback%s' %