2009-09-16 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Sep 2009 06:25:14 +0000 (06:25 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Sep 2009 06:25:14 +0000 (06:25 +0000)
        Reviewed by Dimitri Glazkov.

        [V8] Teach ScheduledAction::execute about isolated worlds
        https://bugs.webkit.org/show_bug.cgi?id=27703

        We now save a handle to the original context.  We use that handle to
        call the timeout in the right context / world.

        Tests: http/tests/security/isolatedWorld/window-setTimeout-function.html
               http/tests/security/isolatedWorld/window-setTimeout-string.html

        * bindings/v8/ScheduledAction.cpp:
        (WebCore::ScheduledAction::ScheduledAction):
        (WebCore::ScheduledAction::execute):
        * bindings/v8/ScheduledAction.h:
        (WebCore::ScheduledAction::ScheduledAction):
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::V8Custom::WindowSetTimeoutImpl):
        * bindings/v8/custom/V8WorkerContextCustom.cpp:
        (WebCore::SetTimeoutOrInterval):
2009-09-16  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        [V8] Teach ScheduledAction::execute about isolated worlds
        https://bugs.webkit.org/show_bug.cgi?id=27703

        Add test coverage for the interaction between setTimeout and isolated
        worlds.

        * http/tests/security/isolatedWorld/window-setTimeout-function-expected.txt: Added.
        * http/tests/security/isolatedWorld/window-setTimeout-function.html: Added.
        * http/tests/security/isolatedWorld/window-setTimeout-string-expected.txt: Added.
        * http/tests/security/isolatedWorld/window-setTimeout-string.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@48455 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-function-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-function.html [new file with mode: 0644]
LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-string-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-string.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/bindings/v8/ScheduledAction.cpp
WebCore/bindings/v8/ScheduledAction.h
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp

index e79f44132508e99b152a7294121805116d8118c8..6b728970577db16f212a532739136fe615b52a15 100644 (file)
@@ -1,3 +1,18 @@
+2009-09-16  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [V8] Teach ScheduledAction::execute about isolated worlds
+        https://bugs.webkit.org/show_bug.cgi?id=27703
+
+        Add test coverage for the interaction between setTimeout and isolated
+        worlds.
+
+        * http/tests/security/isolatedWorld/window-setTimeout-function-expected.txt: Added.
+        * http/tests/security/isolatedWorld/window-setTimeout-function.html: Added.
+        * http/tests/security/isolatedWorld/window-setTimeout-string-expected.txt: Added.
+        * http/tests/security/isolatedWorld/window-setTimeout-string.html: Added.
+
 2009-09-15  Kent Tamura  <tkent@chromium.org>
 
         Reviewed by Eric Seidel.
diff --git a/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-function-expected.txt b/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-function-expected.txt
new file mode 100644 (file)
index 0000000..9c70321
--- /dev/null
@@ -0,0 +1,2 @@
+ALERT: PASS
+
diff --git a/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-function.html b/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-function.html
new file mode 100644 (file)
index 0000000..40e95ce
--- /dev/null
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<body>
+<div id="console"></div>
+<script>
+function done() {
+  if (window.layoutTestController)
+    layoutTestController.notifyDone();
+}
+window.func = function () {
+  alert("FAIL: Wrong function.");
+  done();
+};
+document.foo = "FAIL: Wrong wrappers.";
+if (window.layoutTestController) {
+  layoutTestController.dumpAsText();
+  layoutTestController.waitUntilDone();
+  layoutTestController.evaluateScriptInIsolatedWorld(
+    "document.foo = 'PASS';\n" +
+    "window.func = function () {\n" +
+    "  alert(document.foo);\n" +
+    "  window.location = 'javascript:done()';\n" +
+    "};\n" +
+    "window.setTimeout(func, 0);");
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-string-expected.txt b/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-string-expected.txt
new file mode 100644 (file)
index 0000000..9c70321
--- /dev/null
@@ -0,0 +1,2 @@
+ALERT: PASS
+
diff --git a/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-string.html b/LayoutTests/http/tests/security/isolatedWorld/window-setTimeout-string.html
new file mode 100644 (file)
index 0000000..772a715
--- /dev/null
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<body>
+<div id="console"></div>
+<script>
+function done() {
+  if (window.layoutTestController)
+    layoutTestController.notifyDone();
+}
+window.func = function () {
+  alert("FAIL: Wrong function.");
+  done();
+};
+document.foo = "FAIL: Wrong wrappers.";
+if (window.layoutTestController) {
+  layoutTestController.dumpAsText();
+  layoutTestController.waitUntilDone();
+  layoutTestController.evaluateScriptInIsolatedWorld(
+    "document.foo = 'PASS';\n" +
+    "window.func = function () {\n" +
+    "  alert(document.foo);\n" +
+    "  window.location = 'javascript:done()';\n" +
+    "};\n" +
+    "window.setTimeout('func()', 0);");
+}
+</script>
+</body>
+</html>
index ed31f706fae7c0d481a99441222384076942fba6..fd01aeb8bcddfc2c4ee32549a518e9a9ad228ab5 100644 (file)
@@ -1,3 +1,49 @@
+2009-09-16  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [V8] Teach ScheduledAction::execute about isolated worlds
+        https://bugs.webkit.org/show_bug.cgi?id=27703
+
+        We now save a handle to the original context.  We use that handle to
+        call the timeout in the right context / world.
+
+        Tests: http/tests/security/isolatedWorld/window-setTimeout-function.html
+               http/tests/security/isolatedWorld/window-setTimeout-string.html
+
+        * bindings/v8/ScheduledAction.cpp:
+        (WebCore::ScheduledAction::ScheduledAction):
+        (WebCore::ScheduledAction::execute):
+        * bindings/v8/ScheduledAction.h:
+        (WebCore::ScheduledAction::ScheduledAction):
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::V8Custom::WindowSetTimeoutImpl):
+        * bindings/v8/custom/V8WorkerContextCustom.cpp:
+        (WebCore::SetTimeoutOrInterval):
+
+2009-09-16  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        [V8] Teach ScheduledAction::execute about isolated worlds
+        https://bugs.webkit.org/show_bug.cgi?id=27703
+
+        We now save a handle to the original context.  We use that handle to
+        call the timeout in the right context / world.
+
+        Tests: http/tests/security/isolatedWorld/window-setTimeout-function.html
+               http/tests/security/isolatedWorld/window-setTimeout-string.html
+
+        * bindings/v8/ScheduledAction.cpp:
+        (WebCore::ScheduledAction::ScheduledAction):
+        (WebCore::ScheduledAction::execute):
+        * bindings/v8/ScheduledAction.h:
+        (WebCore::ScheduledAction::ScheduledAction):
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::V8Custom::WindowSetTimeoutImpl):
+        * bindings/v8/custom/V8WorkerContextCustom.cpp:
+        (WebCore::SetTimeoutOrInterval):
+
 2009-09-16  Sam Weinig  <sam@webkit.org>
 
         Reviewed by Anders Carlsson.
index 70c655b9df4a76a044196c7aab0d3e2623ce5c2b..c8cbe70b4d6ecfe1491612090abdcd3aa6aee4c4 100644 (file)
@@ -44,8 +44,9 @@
 
 namespace WebCore {
 
-ScheduledAction::ScheduledAction(v8::Handle<v8::Function> func, int argc, v8::Handle<v8::Value> argv[])
-    : m_code(String(), KURL(), 0)
+ScheduledAction::ScheduledAction(v8::Handle<v8::Context> context, v8::Handle<v8::Function> func, int argc, v8::Handle<v8::Value> argv[])
+    : m_context(context)
+    , m_code(String(), KURL(), 0)
 {
     m_function = v8::Persistent<v8::Function>::New(func);
 
@@ -106,7 +107,7 @@ void ScheduledAction::execute(V8Proxy* proxy)
     ASSERT(proxy);
 
     v8::HandleScope handleScope;
-    v8::Handle<v8::Context> v8Context = proxy->context();
+    v8::Handle<v8::Context> v8Context = m_context.get();
     if (v8Context.IsEmpty())
         return; // JS may not be enabled.
 
@@ -134,7 +135,7 @@ void ScheduledAction::execute(WorkerContext* workerContext)
 
     if (!m_function.IsEmpty() && m_function->IsFunction()) {
         v8::HandleScope handleScope;
-        v8::Local<v8::Context> v8Context = scriptController->proxy()->context();
+        v8::Handle<v8::Context> v8Context = m_context.get();
         ASSERT(!v8Context.IsEmpty());
         v8::Context::Scope scope(v8Context);
         m_function->Call(v8Context->Global(), m_argc, m_argv);
index 53694c779dca1d870b61902077e3d2fb85941e4a..003885fc22f67d3a17a47ef3887092ae6f1d47bf 100644 (file)
@@ -31,7 +31,9 @@
 #ifndef ScheduledAction_h
 #define ScheduledAction_h
 
+#include "OwnHandle.h"
 #include "ScriptSourceCode.h"
+#include "V8GCController.h"
 
 #include <v8.h>
 
@@ -44,9 +46,10 @@ namespace WebCore {
 
     class ScheduledAction {
     public:
-        ScheduledAction(v8::Handle<v8::Function>, int argc, v8::Handle<v8::Value> argv[]);
-        explicit ScheduledAction(const WebCore::String& code, const KURL& url = KURL())
-            : m_argc(0)
+        ScheduledAction(v8::Handle<v8::Context>, v8::Handle<v8::Function>, int argc, v8::Handle<v8::Value> argv[]);
+        explicit ScheduledAction(v8::Handle<v8::Context> context, const WebCore::String& code, const KURL& url = KURL())
+            : m_context(context)
+            , m_argc(0)
             , m_argv(0)
             , m_code(code, url)
         {
@@ -61,6 +64,7 @@ namespace WebCore {
         void execute(WorkerContext*);
 #endif
 
+        OwnHandle<v8::Context> m_context;
         v8::Persistent<v8::Function> m_function;
         int m_argc;
         v8::Persistent<v8::Value>* m_argv;
index be0a048722eb045f22a6c40e7faa3d3d7eb76fe4..8a92e0aa703702b8e91a5bb4bbc9d69d86651b14 100644 (file)
@@ -93,7 +93,7 @@ v8::Handle<v8::Value> V8Custom::WindowSetTimeoutImpl(const v8::Arguments& args,
         }
 
         // params is passed to action, and released in action's destructor
-        ScheduledAction* action = new ScheduledAction(v8::Handle<v8::Function>::Cast(function), paramCount, params);
+        ScheduledAction* action = new ScheduledAction(V8Proxy::context(imp->frame()), v8::Handle<v8::Function>::Cast(function), paramCount, params);
 
         delete[] params;
 
@@ -113,7 +113,7 @@ v8::Handle<v8::Value> V8Custom::WindowSetTimeoutImpl(const v8::Arguments& args,
         if (functionString.length() == 0)
             return v8::Undefined();
 
-        id = DOMTimer::install(scriptContext, new ScheduledAction(functionString), timeout, singleShot);
+        id = DOMTimer::install(scriptContext, new ScheduledAction(V8Proxy::context(imp->frame()), functionString), timeout, singleShot);
     }
 
     return v8::Integer::New(id);
index b526040689d53ab854de46ef99c23e4ee8d84dff..4934f0d9976199ef9c1da504dd299b33cd6107ff 100644 (file)
@@ -103,9 +103,10 @@ v8::Handle<v8::Value> SetTimeoutOrInterval(const v8::Arguments& args, bool singl
     int32_t timeout = argumentCount >= 2 ? args[1]->Int32Value() : 0;
     int timerId;
 
+    v8::Handle<v8::Context> v8Context = workerContext->script()->proxy()->context();
     if (function->IsString()) {
         WebCore::String stringFunction = toWebCoreString(function);
-        timerId = DOMTimer::install(workerContext, new ScheduledAction(stringFunction, workerContext->url()), timeout, singleShot);
+        timerId = DOMTimer::install(workerContext, new ScheduledAction(v8Context, stringFunction, workerContext->url()), timeout, singleShot);
     } else if (function->IsFunction()) {
         size_t paramCount = argumentCount >= 2 ? argumentCount - 2 : 0;
         v8::Local<v8::Value>* params = 0;
@@ -115,7 +116,7 @@ v8::Handle<v8::Value> SetTimeoutOrInterval(const v8::Arguments& args, bool singl
                 params[i] = args[i+2];
         }
         // ScheduledAction takes ownership of actual params and releases them in its destructor.
-        ScheduledAction* action = new ScheduledAction(v8::Handle<v8::Function>::Cast(function), paramCount, params);
+        ScheduledAction* action = new ScheduledAction(v8Context, v8::Handle<v8::Function>::Cast(function), paramCount, params);
         delete [] params;
         timerId = DOMTimer::install(workerContext, action, timeout, singleShot);
     } else