1 /* 2 * Copyright (C) 2007-2011 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include "config.h" 32 #include "InjectedScriptManager.h" 33 34 #include "DOMWindow.h" 35 #include "InjectedScript.h" 36 #include "InjectedScriptHost.h" 37 #include "ScriptValue.h" 38 #include "V8Binding.h" 39 #include "V8BindingState.h" 40 #include "V8DOMWindow.h" 41 #include "V8HiddenPropertyName.h" 42 #include "V8InjectedScriptHost.h" 43 #include "V8Proxy.h" 44 #include <wtf/RefPtr.h> 45 46 namespace WebCore { 47 48 static void WeakReferenceCallback(v8::Persistent<v8::Value> object, void* parameter) 49 { 50 InjectedScriptHost* nativeObject = static_cast<InjectedScriptHost*>(parameter); 51 nativeObject->deref(); 52 object.Dispose(); 53 } 54 55 static v8::Local<v8::Object> createInjectedScriptHostV8Wrapper(InjectedScriptHost* host) 56 { 57 v8::Local<v8::Function> function = V8InjectedScriptHost::GetTemplate()->GetFunction(); 58 if (function.IsEmpty()) { 59 // Return if allocation failed. 60 return v8::Local<v8::Object>(); 61 } 62 v8::Local<v8::Object> instance = SafeAllocation::newInstance(function); 63 if (instance.IsEmpty()) { 64 // Avoid setting the wrapper if allocation failed. 65 return v8::Local<v8::Object>(); 66 } 67 V8DOMWrapper::setDOMWrapper(instance, &V8InjectedScriptHost::info, host); 68 // Create a weak reference to the v8 wrapper of InspectorBackend to deref 69 // InspectorBackend when the wrapper is garbage collected. 70 host->ref(); 71 v8::Persistent<v8::Object> weakHandle = v8::Persistent<v8::Object>::New(instance); 72 weakHandle.MakeWeak(host, &WeakReferenceCallback); 73 return instance; 74 } 75 76 ScriptObject InjectedScriptManager::createInjectedScript(const String& scriptSource, ScriptState* inspectedScriptState, long id) 77 { 78 v8::HandleScope scope; 79 80 v8::Local<v8::Context> inspectedContext = inspectedScriptState->context(); 81 v8::Context::Scope contextScope(inspectedContext); 82 83 // Call custom code to create InjectedScripHost wrapper specific for the context 84 // instead of calling toV8() that would create the 85 // wrapper in the current context. 86 // FIXME: make it possible to use generic bindings factory for InjectedScriptHost. 87 v8::Local<v8::Object> scriptHostWrapper = createInjectedScriptHostV8Wrapper(m_injectedScriptHost.get()); 88 if (scriptHostWrapper.IsEmpty()) 89 return ScriptObject(); 90 91 v8::Local<v8::Object> windowGlobal = inspectedContext->Global(); 92 93 // Inject javascript into the context. The compiled script is supposed to evaluate into 94 // a single anonymous function(it's anonymous to avoid cluttering the global object with 95 // inspector's stuff) the function is called a few lines below with InjectedScriptHost wrapper, 96 // injected script id and explicit reference to the inspected global object. The function is expected 97 // to create and configure InjectedScript instance that is going to be used by the inspector. 98 v8::Local<v8::Script> script = v8::Script::Compile(v8String(scriptSource)); 99 v8::Local<v8::Value> v = script->Run(); 100 ASSERT(!v.IsEmpty()); 101 ASSERT(v->IsFunction()); 102 103 v8::Handle<v8::Value> args[] = { 104 scriptHostWrapper, 105 windowGlobal, 106 v8::Number::New(id), 107 }; 108 v8::Local<v8::Value> injectedScriptValue = v8::Function::Cast(*v)->Call(windowGlobal, 3, args); 109 v8::Local<v8::Object> injectedScript(v8::Object::Cast(*injectedScriptValue)); 110 return ScriptObject(inspectedScriptState, injectedScript); 111 } 112 113 void InjectedScriptManager::discardInjectedScript(ScriptState* inspectedScriptState) 114 { 115 v8::HandleScope handleScope; 116 v8::Local<v8::Context> context = inspectedScriptState->context(); 117 v8::Context::Scope contextScope(context); 118 119 v8::Local<v8::Object> global = context->Global(); 120 // Skip proxy object. The proxy object will survive page navigation while we need 121 // an object whose lifetime consides with that of the inspected context. 122 global = v8::Local<v8::Object>::Cast(global->GetPrototype()); 123 124 v8::Handle<v8::String> key = V8HiddenPropertyName::devtoolsInjectedScript(); 125 global->DeleteHiddenValue(key); 126 } 127 128 InjectedScript InjectedScriptManager::injectedScriptFor(ScriptState* inspectedScriptState) 129 { 130 v8::HandleScope handleScope; 131 v8::Local<v8::Context> context = inspectedScriptState->context(); 132 v8::Context::Scope contextScope(context); 133 134 v8::Local<v8::Object> global = context->Global(); 135 // Skip proxy object. The proxy object will survive page navigation while we need 136 // an object whose lifetime consides with that of the inspected context. 137 global = v8::Local<v8::Object>::Cast(global->GetPrototype()); 138 139 v8::Handle<v8::String> key = V8HiddenPropertyName::devtoolsInjectedScript(); 140 v8::Local<v8::Value> val = global->GetHiddenValue(key); 141 if (!val.IsEmpty() && val->IsObject()) 142 return InjectedScript(ScriptObject(inspectedScriptState, v8::Local<v8::Object>::Cast(val)), m_inspectedStateAccessCheck); 143 144 if (!m_inspectedStateAccessCheck(inspectedScriptState)) 145 return InjectedScript(); 146 147 pair<long, ScriptObject> injectedScript = injectScript(injectedScriptSource(), inspectedScriptState); 148 InjectedScript result(injectedScript.second, m_inspectedStateAccessCheck); 149 m_idToInjectedScript.set(injectedScript.first, result); 150 global->SetHiddenValue(key, injectedScript.second.v8Object()); 151 return result; 152 } 153 154 bool InjectedScriptManager::canAccessInspectedWindow(ScriptState* scriptState) 155 { 156 v8::HandleScope handleScope; 157 v8::Local<v8::Context> context = scriptState->context(); 158 v8::Local<v8::Object> global = context->Global(); 159 if (global.IsEmpty()) 160 return false; 161 v8::Handle<v8::Object> holder = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), global); 162 if (holder.IsEmpty()) 163 return false; 164 Frame* frame = V8DOMWindow::toNative(holder)->frame(); 165 166 v8::Context::Scope contextScope(context); 167 return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, false); 168 } 169 170 } // namespace WebCore 171
