2 * Copyright (C) 2009 Google Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include "PlatformBridge.h"
35 #include "ScriptSourceCode.h" // for WebCore::ScriptSourceCode
36 #include "SecurityOrigin.h" // for WebCore::SecurityOrigin
37 #include "SharedPersistent.h"
38 #include "V8AbstractEventListener.h"
39 #include "V8DOMWindowShell.h"
40 #include "V8DOMWrapper.h"
41 #include "V8GCController.h"
42 #include "V8Utilities.h"
43 #include "WrapperTypeInfo.h"
45 #include <wtf/Forward.h>
46 #include <wtf/PassRefPtr.h> // so generated bindings don't have to
47 #include <wtf/Vector.h>
49 #if defined(ENABLE_DOM_STATS_COUNTERS) && PLATFORM(CHROMIUM)
50 #define INC_STATS(name) PlatformBridge::incrementStatsCounter(name)
52 #define INC_STATS(name)
62 class ScriptExecutionContext;
63 class V8EventListener;
64 class V8IsolatedContext;
65 class WorldContextHandle;
67 // FIXME: use standard logging facilities in WebCore.
68 void logInfo(Frame*, const String& message, const String& url);
70 // The following Batch structs and methods are used for setting multiple
71 // properties on an ObjectTemplate, used from the generated bindings
72 // initialization (ConfigureXXXTemplate). This greatly reduces the binary
73 // size by moving from code driven setup to data table driven setup.
75 // BatchedAttribute translates into calls to SetAccessor() on either the
76 // instance or the prototype ObjectTemplate, based on |onProto|.
77 struct BatchedAttribute {
78 const char* const name;
79 v8::AccessorGetter getter;
80 v8::AccessorSetter setter;
81 WrapperTypeInfo* data;
82 v8::AccessControl settings;
83 v8::PropertyAttribute attribute;
87 void batchConfigureAttributes(v8::Handle<v8::ObjectTemplate>, v8::Handle<v8::ObjectTemplate>, const BatchedAttribute*, size_t attributeCount);
89 inline void configureAttribute(v8::Handle<v8::ObjectTemplate> instance, v8::Handle<v8::ObjectTemplate> proto, const BatchedAttribute& attribute)
91 (attribute.onProto ? proto : instance)->SetAccessor(v8::String::New(attribute.name),
94 v8::External::Wrap(attribute.data),
99 // BatchedConstant translates into calls to Set() for setting up an object's
100 // constants. It sets the constant on both the FunctionTemplate and the
101 // ObjectTemplate. PropertyAttributes is always ReadOnly.
102 struct BatchedConstant {
103 const char* const name;
107 void batchConfigureConstants(v8::Handle<v8::FunctionTemplate>, v8::Handle<v8::ObjectTemplate>, const BatchedConstant*, size_t constantCount);
109 struct BatchedCallback {
110 const char* const name;
111 v8::InvocationCallback callback;
114 void batchConfigureCallbacks(v8::Handle<v8::ObjectTemplate>,
115 v8::Handle<v8::Signature>,
116 v8::PropertyAttribute,
117 const BatchedCallback*,
118 size_t callbackCount);
120 const int kMaxRecursionDepth = 20;
122 // Information about an extension that is registered for use with V8. If
123 // scheme is non-empty, it contains the URL scheme the extension should be
124 // used with. If group is non-zero, the extension will only be loaded into
125 // script contexts that belong to that group. Otherwise, the extension is
126 // used with all schemes and contexts.
127 struct V8ExtensionInfo {
130 v8::Extension* extension;
131 bool useCallback; // FIXME: remove
133 typedef WTF::Vector<V8ExtensionInfo> V8Extensions;
137 // The types of javascript errors that can be thrown.
146 // When to report errors.
147 enum DelayReporting {
152 explicit V8Proxy(Frame*);
156 Frame* frame() { return m_frame; }
158 void clearForNavigation();
159 void clearForClose();
161 // FIXME: Need comment. User Gesture related.
162 bool inlineCode() const { return m_inlineCode; }
163 void setInlineCode(bool value) { m_inlineCode = value; }
165 bool timerCallback() const { return m_timerCallback; }
166 void setTimerCallback(bool value) { m_timerCallback = value; }
168 // Disconnects the proxy from its owner frame,
169 // and clears all timeouts on the DOM window.
170 void disconnectFrame();
173 static void setSVGContext(void*, SVGElement*);
174 static SVGElement* svgContext(void*);
176 // These helper functions are required in case we are given a PassRefPtr
177 // to a (possibly) newly created object and must prevent its reference
178 // count from dropping to zero as would happen in code like
180 // V8Proxy::setSVGContext(imp->getNewlyCreatedObject().get(), context);
181 // foo(imp->getNewlyCreatedObject().get());
183 // In the above two lines each time getNewlyCreatedObject() is called it
184 // creates a new object because we don't ref() it. (So our attemts to
185 // associate a context with it fail.) Such code should be rewritten to
187 // foo(V8Proxy::withSVGContext(imp->getNewlyCreatedObject(), context).get());
189 // where PassRefPtr::~PassRefPtr() is invoked only after foo() is
191 template <typename T>
192 static PassRefPtr<T> withSVGContext(PassRefPtr<T> object, SVGElement* context)
194 setSVGContext(object.get(), context);
198 template <typename T>
199 static T* withSVGContext(T* object, SVGElement* context)
201 setSVGContext(object, context);
206 void finishedWithEvent(Event*) { }
208 // Evaluate JavaScript in a new isolated world. The script gets its own
209 // global scope, its own prototypes for intrinsic JavaScript objects (String,
210 // Array, and so-on), and its own wrappers for all DOM nodes and DOM
212 void evaluateInIsolatedWorld(int worldId, const Vector<ScriptSourceCode>& sources, int extensionGroup);
214 // Returns true if the proxy is currently executing a script in V8.
215 bool executingScript() const;
217 // Evaluate a script file in the current execution environment.
218 // The caller must hold an execution context.
219 // If cannot evalute the script, it returns an error.
220 v8::Local<v8::Value> evaluate(const ScriptSourceCode&, Node*);
222 // Run an already compiled script.
223 v8::Local<v8::Value> runScript(v8::Handle<v8::Script>, bool isInlineCode);
225 #ifdef ANDROID_INSTRUMENT
226 v8::Local<v8::Value> runScriptInternal(v8::Handle<v8::Script> script, bool inline_code);
229 // Call the function with the given receiver and arguments.
230 v8::Local<v8::Value> callFunction(v8::Handle<v8::Function>, v8::Handle<v8::Object>, int argc, v8::Handle<v8::Value> argv[]);
232 // Call the function with the given receiver and arguments.
233 static v8::Local<v8::Value> callFunctionWithoutFrame(v8::Handle<v8::Function>, v8::Handle<v8::Object>, int argc, v8::Handle<v8::Value> argv[]);
235 // Call the function as constructor with the given arguments.
236 v8::Local<v8::Value> newInstance(v8::Handle<v8::Function>, int argc, v8::Handle<v8::Value> argv[]);
238 // Returns the window object associated with a context.
239 static DOMWindow* retrieveWindow(v8::Handle<v8::Context>);
240 // Returns V8Proxy object of the currently executing context.
241 static V8Proxy* retrieve();
242 // Returns V8Proxy object associated with a frame.
243 static V8Proxy* retrieve(Frame*);
244 // Returns V8Proxy object associated with a script execution context.
245 static V8Proxy* retrieve(ScriptExecutionContext*);
247 // Returns the frame object of the window object associated with
249 static Frame* retrieveFrame(v8::Handle<v8::Context>);
252 // The three functions below retrieve WebFrame instances relating the
253 // currently executing JavaScript. Since JavaScript can make function calls
254 // across frames, though, we need to be more precise.
256 // For example, imagine that a JS function in frame A calls a function in
257 // frame B, which calls native code, which wants to know what the 'active'
260 // The 'entered context' is the context where execution first entered the
261 // script engine; the context that is at the bottom of the JS function stack.
262 // RetrieveFrameForEnteredContext() would return Frame A in our example.
263 // This frame is often referred to as the "dynamic global object."
265 // The 'current context' is the context the JS engine is currently inside of;
266 // the context that is at the top of the JS function stack.
267 // RetrieveFrameForCurrentContext() would return Frame B in our example.
268 // This frame is often referred to as the "lexical global object."
270 // Finally, the 'calling context' is the context one below the current
271 // context on the JS function stack. For example, if function f calls
272 // function g, then the calling context will be the context associated with
273 // f. This context is commonly used by DOM security checks because they want
274 // to know who called them.
276 // If you are unsure which of these functions to use, ask abarth.
278 // NOTE: These cannot be declared as inline function, because VS complains at
280 static Frame* retrieveFrameForEnteredContext();
281 static Frame* retrieveFrameForCurrentContext();
282 static Frame* retrieveFrameForCallingContext();
284 // Returns V8 Context of a frame. If none exists, creates
285 // a new context. It is potentially slow and consumes memory.
286 static v8::Local<v8::Context> context(Frame*);
287 static v8::Local<v8::Context> mainWorldContext(Frame*);
288 static v8::Local<v8::Context> currentContext();
290 // If the current context causes out of memory, JavaScript setting
291 // is disabled and it returns true.
292 static bool handleOutOfMemory();
294 static v8::Handle<v8::Value> checkNewLegal(const v8::Arguments&);
296 static v8::Handle<v8::Script> compileScript(v8::Handle<v8::String> code, const String& fileName, int baseLine, v8::ScriptData* = 0);
298 #ifdef ANDROID_INSTRUMENT
299 static v8::Handle<v8::Script> compileScriptInternal(v8::Handle<v8::String> code, const String& fileName, int baseLine, v8::ScriptData* scriptData);
302 // If the exception code is different from zero, a DOM exception is
303 // schedule to be thrown.
304 static void setDOMException(int exceptionCode);
306 // Schedule an error object to be thrown.
307 static v8::Handle<v8::Value> throwError(ErrorType, const char* message);
309 // Helpers for throwing syntax and type errors with predefined messages.
310 static v8::Handle<v8::Value> throwTypeError();
311 static v8::Handle<v8::Value> throwSyntaxError();
313 template <typename T>
314 static v8::Handle<v8::Value> constructDOMObject(const v8::Arguments&, WrapperTypeInfo*);
316 template <typename T>
317 static v8::Handle<v8::Value> constructDOMObjectWithScriptExecutionContext(const v8::Arguments&, WrapperTypeInfo*);
319 // Process any pending JavaScript console messages.
320 static void processConsoleMessages();
322 v8::Local<v8::Context> context();
323 v8::Local<v8::Context> mainWorldContext();
325 // FIXME: This should eventually take DOMWrapperWorld argument!
326 V8DOMWindowShell* windowShell() const { return m_windowShell.get(); }
328 bool setContextDebugId(int id);
329 static int contextDebugId(v8::Handle<v8::Context>);
331 // Registers a v8 extension to be available on webpages. The two forms
332 // offer various restrictions on what types of contexts the extension is
333 // loaded into. If a scheme is provided, only pages whose URL has the given
334 // scheme will match. If extensionGroup is provided, the extension will
335 // only be loaded into scripts run via evaluateInNewWorld with the
336 // matching group. Will only affect v8 contexts initialized after this
337 // call. Takes ownership of the v8::Extension object passed.
338 static void registerExtension(v8::Extension*, const String& schemeRestriction);
339 static void registerExtension(v8::Extension*, int extensionGroup);
341 // Same as above, but new version.
342 // FIXME: remove the other 2 versions in phase 3 of multipart checkin:
343 // https://bugs.webkit.org/show_bug.cgi?id=45721
344 static void registerExtension(v8::Extension*);
346 static void registerExtensionWithV8(v8::Extension*);
347 static bool registeredExtensionWithV8(v8::Extension*);
349 static const V8Extensions& extensions() { return m_extensions; }
351 // Report an unsafe attempt to access the given frame on the console.
352 static void reportUnsafeAccessTo(Frame* target, DelayReporting delay);
355 void didLeaveScriptContext();
357 void resetIsolatedWorlds();
359 PassOwnPtr<v8::ScriptData> precompileScript(v8::Handle<v8::String>, CachedScript*);
361 // Returns false when we're out of memory in V8.
362 bool setInjectedScriptContextDebugId(v8::Handle<v8::Context> targetContext);
364 static const char* rangeExceptionName(int exceptionCode);
365 static const char* eventExceptionName(int exceptionCode);
366 static const char* xmlHttpRequestExceptionName(int exceptionCode);
367 static const char* domExceptionName(int exceptionCode);
370 static const char* xpathExceptionName(int exceptionCode);
374 static const char* svgExceptionName(int exceptionCode);
378 static const char* sqlExceptionName(int exceptionCode);
383 // For the moment, we have one of these. Soon we will have one per DOMWrapperWorld.
384 RefPtr<V8DOMWindowShell> m_windowShell;
386 // True for <a href="javascript:foo()"> and false for <script>foo()</script>.
387 // Only valid during execution.
390 // True when executing from within a timer callback. Only valid during
392 bool m_timerCallback;
394 // Track the recursion depth to be able to avoid too deep recursion. The V8
395 // engine allows much more recursion than KJS does so we need to guard against
396 // excessive recursion in the binding layer.
399 // All of the extensions registered with the context.
400 static V8Extensions m_extensions;
402 // The isolated worlds we are tracking for this frame. We hold them alive
403 // here so that they can be used again by future calls to
404 // evaluateInIsolatedWorld().
406 // Note: although the pointer is raw, the instance is kept alive by a strong
407 // reference to the v8 context it contains, which is not made weak until we
408 // call world->destroy().
410 // FIXME: We want to eventually be holding window shells instead of the
411 // IsolatedContext directly.
412 typedef HashMap<int, V8IsolatedContext*> IsolatedWorldMap;
413 IsolatedWorldMap m_isolatedWorlds;
416 template <typename T>
417 v8::Handle<v8::Value> V8Proxy::constructDOMObject(const v8::Arguments& args, WrapperTypeInfo* type)
419 if (!args.IsConstructCall())
420 return throwError(V8Proxy::TypeError, "DOM object constructor cannot be called as a function.");
422 // Note: it's OK to let this RefPtr go out of scope because we also call
423 // SetDOMWrapper(), which effectively holds a reference to obj.
424 RefPtr<T> obj = T::create();
425 V8DOMWrapper::setDOMWrapper(args.Holder(), type, obj.get());
427 V8DOMWrapper::setJSWrapperForDOMObject(obj.get(), v8::Persistent<v8::Object>::New(args.Holder()));
428 return args.Holder();
431 template <typename T>
432 v8::Handle<v8::Value> V8Proxy::constructDOMObjectWithScriptExecutionContext(const v8::Arguments& args, WrapperTypeInfo* type)
434 if (!args.IsConstructCall())
435 return throwError(V8Proxy::TypeError, "");
437 ScriptExecutionContext* context = getScriptExecutionContext();
439 return throwError(V8Proxy::ReferenceError, "");
441 // Note: it's OK to let this RefPtr go out of scope because we also call
442 // SetDOMWrapper(), which effectively holds a reference to obj.
443 RefPtr<T> obj = T::create(context);
444 V8DOMWrapper::setDOMWrapper(args.Holder(), type, obj.get());
446 V8DOMWrapper::setJSWrapperForDOMObject(obj.get(), v8::Persistent<v8::Object>::New(args.Holder()));
447 return args.Holder();
451 v8::Local<v8::Context> toV8Context(ScriptExecutionContext*, const WorldContextHandle& worldContext);
453 // Used by an interceptor callback that it hasn't found anything to
455 inline static v8::Local<v8::Object> notHandledByInterceptor()
457 return v8::Local<v8::Object>();
460 inline static v8::Local<v8::Boolean> deletionNotHandledByInterceptor()
462 return v8::Local<v8::Boolean>();
464 inline v8::Handle<v8::Primitive> throwError(const char* message, V8Proxy::ErrorType type = V8Proxy::TypeError)
466 if (!v8::V8::IsExecutionTerminating())
467 V8Proxy::throwError(type, message);
468 return v8::Undefined();
471 inline v8::Handle<v8::Primitive> throwError(ExceptionCode ec)
473 if (!v8::V8::IsExecutionTerminating())
474 V8Proxy::setDOMException(ec);
475 return v8::Undefined();
478 inline v8::Handle<v8::Primitive> throwError(v8::Local<v8::Value> exception)
480 if (!v8::V8::IsExecutionTerminating())
481 v8::ThrowException(exception);
482 return v8::Undefined();
485 template <class T> inline v8::Handle<v8::Object> toV8(PassRefPtr<T> object, v8::Local<v8::Object> holder)
488 V8DOMWrapper::setJSWrapperForDOMObject(object.get(), v8::Persistent<v8::Object>::New(holder));