1 /* 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. 3 * Copyright (C) 2009 Apple Inc. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are 7 * met: 8 * 9 * * Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * * Redistributions in binary form must reproduce the above 12 * copyright notice, this list of conditions and the following disclaimer 13 * in the documentation and/or other materials provided with the 14 * distribution. 15 * * Neither the name of Google Inc. nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "config.h" 33 #include "ScriptController.h" 34 35 #include "PlatformBridge.h" 36 #include "Document.h" 37 #include "ScriptCallStack.h" 38 #include "ScriptCallStackFactory.h" 39 #include "ScriptableDocumentParser.h" 40 #include "DOMWindow.h" 41 #include "Event.h" 42 #include "EventListener.h" 43 #include "EventNames.h" 44 #include "Frame.h" 45 #include "FrameLoaderClient.h" 46 #include "Node.h" 47 #include "NotImplemented.h" 48 #include "npruntime_impl.h" 49 #include "npruntime_priv.h" 50 #include "NPV8Object.h" 51 #include "ScriptSourceCode.h" 52 #include "Settings.h" 53 #include "UserGestureIndicator.h" 54 #include "V8Binding.h" 55 #include "V8BindingState.h" 56 #include "V8DOMWindow.h" 57 #include "V8Event.h" 58 #include "V8HiddenPropertyName.h" 59 #include "V8HTMLEmbedElement.h" 60 #include "V8IsolatedContext.h" 61 #include "V8NPObject.h" 62 #include "V8Proxy.h" 63 #include "Widget.h" 64 #include <wtf/StdLibExtras.h> 65 #include <wtf/text/CString.h> 66 67 #if PLATFORM(QT) 68 #include <QScriptEngine> 69 #endif 70 71 namespace WebCore { 72 73 void ScriptController::initializeThreading() 74 { 75 static bool initializedThreading = false; 76 if (!initializedThreading) { 77 WTF::initializeThreading(); 78 WTF::initializeMainThread(); 79 initializedThreading = true; 80 } 81 } 82 83 void ScriptController::setFlags(const char* string, int length) 84 { 85 v8::V8::SetFlagsFromString(string, length); 86 } 87 88 Frame* ScriptController::retrieveFrameForEnteredContext() 89 { 90 return V8Proxy::retrieveFrameForEnteredContext(); 91 } 92 93 Frame* ScriptController::retrieveFrameForCurrentContext() 94 { 95 return V8Proxy::retrieveFrameForCurrentContext(); 96 } 97 98 bool ScriptController::canAccessFromCurrentOrigin(Frame *frame) 99 { 100 return !v8::Context::InContext() || V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true); 101 } 102 103 bool ScriptController::isSafeScript(Frame* target) 104 { 105 return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, true); 106 } 107 108 ScriptController::ScriptController(Frame* frame) 109 : m_frame(frame) 110 , m_sourceURL(0) 111 , m_inExecuteScript(false) 112 , m_processingTimerCallback(false) 113 , m_paused(false) 114 , m_allowPopupsFromPlugin(false) 115 , m_proxy(new V8Proxy(frame)) 116 #if ENABLE(NETSCAPE_PLUGIN_API) 117 , m_windowScriptNPObject(0) 118 #endif 119 { 120 } 121 122 ScriptController::~ScriptController() 123 { 124 m_proxy->disconnectFrame(); 125 } 126 127 void ScriptController::clearScriptObjects() 128 { 129 PluginObjectMap::iterator it = m_pluginObjects.begin(); 130 for (; it != m_pluginObjects.end(); ++it) { 131 _NPN_UnregisterObject(it->second); 132 _NPN_ReleaseObject(it->second); 133 } 134 m_pluginObjects.clear(); 135 136 #if ENABLE(NETSCAPE_PLUGIN_API) 137 if (m_windowScriptNPObject) { 138 // Call _NPN_DeallocateObject() instead of _NPN_ReleaseObject() so that we don't leak if a plugin fails to release the window 139 // script object properly. 140 // This shouldn't cause any problems for plugins since they should have already been stopped and destroyed at this point. 141 _NPN_DeallocateObject(m_windowScriptNPObject); 142 m_windowScriptNPObject = 0; 143 } 144 #endif 145 } 146 147 void ScriptController::updateSecurityOrigin() 148 { 149 m_proxy->windowShell()->updateSecurityOrigin(); 150 } 151 152 void ScriptController::updatePlatformScriptObjects() 153 { 154 notImplemented(); 155 } 156 157 bool ScriptController::processingUserGesture() 158 { 159 Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext(); 160 // No script is running, so it is user-initiated unless the gesture stack 161 // explicitly says it is not. 162 if (!activeFrame) 163 return UserGestureIndicator::getUserGestureState() != DefinitelyNotProcessingUserGesture; 164 165 V8Proxy* activeProxy = activeFrame->script()->proxy(); 166 167 v8::HandleScope handleScope; 168 v8::Handle<v8::Context> v8Context = V8Proxy::mainWorldContext(activeFrame); 169 // FIXME: find all cases context can be empty: 170 // 1) JS is disabled; 171 // 2) page is NULL; 172 if (v8Context.IsEmpty()) 173 return true; 174 175 v8::Context::Scope scope(v8Context); 176 177 v8::Handle<v8::Object> global = v8Context->Global(); 178 v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(); 179 v8::Handle<v8::Value> jsEvent = global->GetHiddenValue(eventSymbol); 180 Event* event = V8DOMWrapper::isValidDOMObject(jsEvent) ? V8Event::toNative(v8::Handle<v8::Object>::Cast(jsEvent)) : 0; 181 182 // Based on code from JSC's ScriptController::processingUserGesture. 183 // Note: This is more liberal than Firefox's implementation. 184 if (event) { 185 // Event::fromUserGesture will return false when UserGestureIndicator::processingUserGesture() returns false. 186 return event->fromUserGesture(); 187 } 188 // FIXME: We check the javascript anchor navigation from the last entered 189 // frame becuase it should only be initiated on the last entered frame in 190 // which execution began if it does happen. 191 const String* sourceURL = activeFrame->script()->sourceURL(); 192 if (sourceURL && sourceURL->isNull() && !activeProxy->timerCallback()) { 193 // This is the <a href="javascript:window.open('...')> case -> we let it through. 194 return true; 195 } 196 if (activeFrame->script()->allowPopupsFromPlugin()) 197 return true; 198 // This is the <script>window.open(...)</script> case or a timer callback -> block it. 199 // Based on JSC version, use returned value of UserGestureIndicator::processingUserGesture for all other situations. 200 return UserGestureIndicator::processingUserGesture(); 201 } 202 203 bool ScriptController::anyPageIsProcessingUserGesture() const 204 { 205 // FIXME: is this right? 206 return ScriptController::processingUserGesture(); 207 } 208 209 void ScriptController::evaluateInIsolatedWorld(unsigned worldID, const Vector<ScriptSourceCode>& sources) 210 { 211 m_proxy->evaluateInIsolatedWorld(worldID, sources, 0); 212 } 213 214 void ScriptController::evaluateInIsolatedWorld(unsigned worldID, const Vector<ScriptSourceCode>& sources, int extensionGroup) 215 { 216 m_proxy->evaluateInIsolatedWorld(worldID, sources, extensionGroup); 217 } 218 219 // Evaluate a script file in the environment of this proxy. 220 ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode) 221 { 222 String sourceURL = sourceCode.url(); 223 const String* savedSourceURL = m_sourceURL; 224 m_sourceURL = &sourceURL; 225 226 v8::HandleScope handleScope; 227 v8::Handle<v8::Context> v8Context = V8Proxy::mainWorldContext(m_proxy->frame()); 228 if (v8Context.IsEmpty()) 229 return ScriptValue(); 230 231 v8::Context::Scope scope(v8Context); 232 233 RefPtr<Frame> protect(m_frame); 234 235 v8::Local<v8::Value> object = m_proxy->evaluate(sourceCode, 0); 236 237 // Evaluating the JavaScript could cause the frame to be deallocated 238 // so we start the keep alive timer here. 239 m_frame->keepAlive(); 240 241 m_sourceURL = savedSourceURL; 242 243 if (object.IsEmpty()) 244 return ScriptValue(); 245 246 return ScriptValue(object); 247 } 248 249 TextPosition0 ScriptController::eventHandlerPosition() const 250 { 251 ScriptableDocumentParser* parser = m_frame->document()->scriptableDocumentParser(); 252 if (parser) 253 return parser->textPosition(); 254 return TextPosition0::minimumPosition(); 255 } 256 257 void ScriptController::finishedWithEvent(Event* event) 258 { 259 m_proxy->finishedWithEvent(event); 260 } 261 262 // Create a V8 object with an interceptor of NPObjectPropertyGetter. 263 void ScriptController::bindToWindowObject(Frame* frame, const String& key, NPObject* object) 264 { 265 v8::HandleScope handleScope; 266 267 v8::Handle<v8::Context> v8Context = V8Proxy::mainWorldContext(frame); 268 if (v8Context.IsEmpty()) 269 return; 270 271 v8::Context::Scope scope(v8Context); 272 273 v8::Handle<v8::Object> value = createV8ObjectForNPObject(object, 0); 274 275 // Attach to the global object. 276 v8::Handle<v8::Object> global = v8Context->Global(); 277 global->Set(v8String(key), value); 278 } 279 280 void ScriptController::collectGarbage() 281 { 282 v8::HandleScope handleScope; 283 284 v8::Persistent<v8::Context> v8Context = v8::Context::New(); 285 if (v8Context.IsEmpty()) 286 return; 287 { 288 v8::Context::Scope scope(v8Context); 289 v8::Local<v8::String> source = v8::String::New("if (gc) gc();"); 290 v8::Local<v8::String> name = v8::String::New("gc"); 291 v8::Handle<v8::Script> script = v8::Script::Compile(source, name); 292 if (!script.IsEmpty()) 293 script->Run(); 294 } 295 v8Context.Dispose(); 296 } 297 298 void ScriptController::lowMemoryNotification() 299 { 300 v8::V8::LowMemoryNotification(); 301 } 302 303 bool ScriptController::haveInterpreter() const 304 { 305 return m_proxy->windowShell()->isContextInitialized(); 306 } 307 308 PassScriptInstance ScriptController::createScriptInstanceForWidget(Widget* widget) 309 { 310 ASSERT(widget); 311 312 if (widget->isFrameView()) 313 return 0; 314 315 NPObject* npObject = PlatformBridge::pluginScriptableObject(widget); 316 317 if (!npObject) 318 return 0; 319 320 // Frame Memory Management for NPObjects 321 // ------------------------------------- 322 // NPObjects are treated differently than other objects wrapped by JS. 323 // NPObjects can be created either by the browser (e.g. the main 324 // window object) or by the plugin (the main plugin object 325 // for a HTMLEmbedElement). Further, unlike most DOM Objects, the frame 326 // is especially careful to ensure NPObjects terminate at frame teardown because 327 // if a plugin leaks a reference, it could leak its objects (or the browser's objects). 328 // 329 // The Frame maintains a list of plugin objects (m_pluginObjects) 330 // which it can use to quickly find the wrapped embed object. 331 // 332 // Inside the NPRuntime, we've added a few methods for registering 333 // wrapped NPObjects. The purpose of the registration is because 334 // javascript garbage collection is non-deterministic, yet we need to 335 // be able to tear down the plugin objects immediately. When an object 336 // is registered, javascript can use it. When the object is destroyed, 337 // or when the object's "owning" object is destroyed, the object will 338 // be un-registered, and the javascript engine must not use it. 339 // 340 // Inside the javascript engine, the engine can keep a reference to the 341 // NPObject as part of its wrapper. However, before accessing the object 342 // it must consult the _NPN_Registry. 343 344 v8::Local<v8::Object> wrapper = createV8ObjectForNPObject(npObject, 0); 345 346 #ifdef ANDROID_FIX 347 // TODO: this should be up streamed. 348 // HTMLEmbedElement::getInstance() will call this function with its closest 349 // ancestor who has the objectTag. So this "widget" may be already in the 350 // HashMap. If it does, even m_pluginObjects.set() is a no-op, we do need to 351 // call _NPN_ReleaseObject on the npObject to balance the reference count. 352 PluginObjectMap::iterator it = m_pluginObjects.find(widget); 353 if (it != m_pluginObjects.end()) { 354 ASSERT(it->second == npObject); 355 _NPN_ReleaseObject(it->second); 356 } 357 #endif 358 359 // Track the plugin object. We've been given a reference to the object. 360 m_pluginObjects.set(widget, npObject); 361 362 return V8ScriptInstance::create(wrapper); 363 } 364 365 void ScriptController::cleanupScriptObjectsForPlugin(Widget* nativeHandle) 366 { 367 PluginObjectMap::iterator it = m_pluginObjects.find(nativeHandle); 368 if (it == m_pluginObjects.end()) 369 return; 370 _NPN_UnregisterObject(it->second); 371 _NPN_ReleaseObject(it->second); 372 m_pluginObjects.remove(it); 373 } 374 375 void ScriptController::getAllWorlds(Vector<DOMWrapperWorld*>& worlds) 376 { 377 worlds.append(mainThreadNormalWorld()); 378 } 379 380 void ScriptController::evaluateInWorld(const ScriptSourceCode& source, 381 DOMWrapperWorld* world) 382 { 383 Vector<ScriptSourceCode> sources; 384 sources.append(source); 385 // FIXME: Get an ID from the world param. 386 evaluateInIsolatedWorld(0, sources); 387 } 388 389 static NPObject* createNoScriptObject() 390 { 391 notImplemented(); 392 return 0; 393 } 394 395 static NPObject* createScriptObject(Frame* frame) 396 { 397 v8::HandleScope handleScope; 398 v8::Handle<v8::Context> v8Context = V8Proxy::mainWorldContext(frame); 399 if (v8Context.IsEmpty()) 400 return createNoScriptObject(); 401 402 v8::Context::Scope scope(v8Context); 403 DOMWindow* window = frame->domWindow(); 404 v8::Handle<v8::Value> global = toV8(window); 405 ASSERT(global->IsObject()); 406 return npCreateV8ScriptObject(0, v8::Handle<v8::Object>::Cast(global), window); 407 } 408 409 NPObject* ScriptController::windowScriptNPObject() 410 { 411 if (m_windowScriptNPObject) 412 return m_windowScriptNPObject; 413 414 if (canExecuteScripts(NotAboutToExecuteScript)) { 415 // JavaScript is enabled, so there is a JavaScript window object. 416 // Return an NPObject bound to the window object. 417 m_windowScriptNPObject = createScriptObject(m_frame); 418 _NPN_RegisterObject(m_windowScriptNPObject, 0); 419 } else { 420 // JavaScript is not enabled, so we cannot bind the NPObject to the 421 // JavaScript window object. Instead, we create an NPObject of a 422 // different class, one which is not bound to a JavaScript object. 423 m_windowScriptNPObject = createNoScriptObject(); 424 } 425 return m_windowScriptNPObject; 426 } 427 428 NPObject* ScriptController::createScriptObjectForPluginElement(HTMLPlugInElement* plugin) 429 { 430 // Can't create NPObjects when JavaScript is disabled. 431 if (!canExecuteScripts(NotAboutToExecuteScript)) 432 return createNoScriptObject(); 433 434 v8::HandleScope handleScope; 435 v8::Handle<v8::Context> v8Context = V8Proxy::mainWorldContext(m_frame); 436 if (v8Context.IsEmpty()) 437 return createNoScriptObject(); 438 v8::Context::Scope scope(v8Context); 439 440 DOMWindow* window = m_frame->domWindow(); 441 v8::Handle<v8::Value> v8plugin = toV8(static_cast<HTMLEmbedElement*>(plugin)); 442 if (!v8plugin->IsObject()) 443 return createNoScriptObject(); 444 445 return npCreateV8ScriptObject(0, v8::Handle<v8::Object>::Cast(v8plugin), window); 446 } 447 448 449 void ScriptController::clearWindowShell(bool) 450 { 451 // V8 binding expects ScriptController::clearWindowShell only be called 452 // when a frame is loading a new page. V8Proxy::clearForNavigation 453 // creates a new context for the new page. 454 m_proxy->clearForNavigation(); 455 } 456 457 #if ENABLE(INSPECTOR) 458 void ScriptController::setCaptureCallStackForUncaughtExceptions(bool value) 459 { 460 v8::V8::SetCaptureStackTraceForUncaughtExceptions(value, ScriptCallStack::maxCallStackSizeToCapture, stackTraceOptions); 461 } 462 #endif 463 464 void ScriptController::attachDebugger(void*) 465 { 466 notImplemented(); 467 } 468 469 void ScriptController::updateDocument() 470 { 471 m_proxy->windowShell()->updateDocument(); 472 } 473 474 void ScriptController::namedItemAdded(HTMLDocument* doc, const AtomicString& name) 475 { 476 m_proxy->windowShell()->namedItemAdded(doc, name); 477 } 478 479 void ScriptController::namedItemRemoved(HTMLDocument* doc, const AtomicString& name) 480 { 481 m_proxy->windowShell()->namedItemRemoved(doc, name); 482 } 483 484 } // namespace WebCore 485
