Remove hack to create lazy event listeners

Source/bindings/core/v8/V8LazyEventListener.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 114 matching lines @@
     if (!toDocument(executionContext)->allowInlineEventHandlers(m_node, this, m_sourceURL, m_position.m_line)) {
         clearListenerObject();
         return;
     }
 
     if (hasExistingListenerObject())
         return;
 
     ScriptState::Scope scope(scriptState);
 
-    // FIXME: Remove the following 'with' hack.
-    //
     // Nodes other than the document object, when executing inline event
     // handlers push document, form owner, and the target node on the scope chain.
     // We do this by using 'with' statement.
-    // See chrome/fast/forms/form-action.html
-    //     chrome/fast/forms/selected-index-value.html
-    //     base/fast/overflow/onscroll-layer-self-destruct.html
-    //
-    // Don't use new lines so that lines in the modified handler
-    // have the same numbers as in the original code.
-    // FIXME: V8 does not allow us to programmatically create object environments so
-    //        we have to do this hack! What if m_code escapes to run arbitrary script?
-    //
-    // Call with 4 arguments instead of 3, pass additional null as the last parameter.
-    // By calling the function with 4 arguments, we create a setter on arguments object
-    // which would shadow property "3" on the prototype.
-    String code = "(function() {"
-        "with (this[2]) {"
-        "with (this[1]) {"
-        "with (this[0]) {"
-            "return function(" + m_eventParameterName + ") {" +
-                m_code + "\n" // Insert '\n' otherwise //-style comments could break the handler.
-            "};"
-        "}}}})";
-
-    v8::Handle<v8::String> codeExternalString = v8String(isolate(), code);
-
-    v8::Local<v8::Value> result = V8ScriptRunner::compileAndRunInternalScript(codeExternalString, isolate(), m_sourceURL, m_position);
-    if (result.IsEmpty())
-        return;
-
-    // Call the outer function to get the inner function.
-    if (!result->IsFunction())
-        return;
-    v8::Local<v8::Function> intermediateFunction = result.As<v8::Function>();
-
+    // See fast/forms/form-action.html
+    //     fast/forms/selected-index-value.html
+    //     fast/overflow/onscroll-layer-self-destruct.html
     HTMLFormElement* formElement = 0;
     if (m_node && m_node->isHTMLElement())
         formElement = toHTMLElement(m_node)->formOwner();
 
-    v8::Handle<v8::Object> nodeWrapper = toObjectWrapper<Node>(m_node, scriptState);
-    v8::Handle<v8::Object> formWrapper = toObjectWrapper<HTMLFormElement>(formElement, scriptState);
-    v8::Handle<v8::Object> documentWrapper = toObjectWrapper<Document>(m_node ? m_node->ownerDocument() : 0, scriptState);
+    v8::Local<v8::Object> scopes[3];
+    scopes[2] = toObjectWrapper<Node>(m_node, scriptState);
+    scopes[1] = toObjectWrapper<HTMLFormElement>(formElement, scriptState);
+    scopes[0] = toObjectWrapper<Document>(m_node ? m_node->ownerDocument() : 0, scriptState);
 
-    v8::Local<v8::Object> thisObject = v8::Object::New(isolate());
-    if (thisObject.IsEmpty())
+    v8::Local<v8::String> parameterName = v8String(isolate(), m_eventParameterName);
+    v8::ScriptCompiler::Source source(v8String(isolate(), m_code));
+
+    v8::Local<v8::Function> wrappedFunction = v8::ScriptCompiler::CompileFunctionInContext(isolate(), &source, v8Context, 1, &parameterName, 3, scopes);
+
+    if (wrappedFunction.IsEmpty())
         return;
-    if (!thisObject->ForceSet(v8::Integer::New(isolate(), 0), nodeWrapper))
-        return;
-    if (!thisObject->ForceSet(v8::Integer::New(isolate(), 1), formWrapper))
-        return;
-    if (!thisObject->ForceSet(v8::Integer::New(isolate(), 2), documentWrapper))
-        return;
-
-    // FIXME: Remove this code when we stop doing the 'with' hack above.
-    v8::Local<v8::Value> innerValue = V8ScriptRunner::callInternalFunction(intermediateFunction, thisObject, 0, 0, isolate());
-    if (innerValue.IsEmpty() || !innerValue->IsFunction())
-        return;
-
-    v8::Local<v8::Function> wrappedFunction = innerValue.As<v8::Function>();
 
     // Change the toString function on the wrapper function to avoid it
     // returning the source for the actual wrapper function. Instead it
     // returns source for a clean wrapper function with the event
     // argument wrapping the event source code. The reason for this is
     // that some web sites use toString on event functions and eval the
     // source returned (sometimes a RegExp is applied as well) for some
     // other use. That fails miserably if the actual wrapper source is
     // returned.
     v8::Local<v8::Function> toStringFunction = v8::Function::New(isolate(), V8LazyEventListenerToString);
@@ skipping 12 matching lines @@
     // // Since we only parse once, there's no need to keep data used for parsing around anymore.
     // m_functionName = String();
     // m_code = String();
     // m_eventParameterName = String();
     // m_sourceURL = String();
 
     setListenerObject(wrappedFunction);
 }
 
 } // namespace blink