1 /* 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. 3 * Copyright (C) 2009 Apple Inc. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are 7 * met: 8 * 9 * * Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * * Redistributions in binary form must reproduce the above 12 * copyright notice, this list of conditions and the following disclaimer 13 * in the documentation and/or other materials provided with the 14 * distribution. 15 * * Neither the name of Google Inc. nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "config.h" 33 #include "bindings/v8/ScriptController.h" 34 35 #include "bindings/core/v8/V8Event.h" 36 #include "bindings/core/v8/V8HTMLElement.h" 37 #include "bindings/core/v8/V8Window.h" 38 #include "bindings/v8/BindingSecurity.h" 39 #include "bindings/v8/NPV8Object.h" 40 #include "bindings/v8/ScriptCallStackFactory.h" 41 #include "bindings/v8/ScriptSourceCode.h" 42 #include "bindings/v8/ScriptValue.h" 43 #include "bindings/v8/V8Binding.h" 44 #include "bindings/v8/V8GCController.h" 45 #include "bindings/v8/V8NPObject.h" 46 #include "bindings/v8/V8PerContextData.h" 47 #include "bindings/v8/V8ScriptRunner.h" 48 #include "bindings/v8/V8WindowShell.h" 49 #include "bindings/v8/npruntime_impl.h" 50 #include "bindings/v8/npruntime_priv.h" 51 #include "core/dom/Document.h" 52 #include "core/dom/Node.h" 53 #include "core/dom/ScriptableDocumentParser.h" 54 #include "core/events/Event.h" 55 #include "core/events/EventListener.h" 56 #include "core/frame/LocalDOMWindow.h" 57 #include "core/frame/LocalFrame.h" 58 #include "core/frame/Settings.h" 59 #include "core/frame/csp/ContentSecurityPolicy.h" 60 #include "core/html/HTMLPlugInElement.h" 61 #include "core/inspector/InspectorInstrumentation.h" 62 #include "core/inspector/InspectorTraceEvents.h" 63 #include "core/inspector/ScriptCallStack.h" 64 #include "core/loader/DocumentLoader.h" 65 #include "core/loader/FrameLoader.h" 66 #include "core/loader/FrameLoaderClient.h" 67 #include "core/plugins/PluginView.h" 68 #include "platform/NotImplemented.h" 69 #include "platform/TraceEvent.h" 70 #include "platform/UserGestureIndicator.h" 71 #include "platform/Widget.h" 72 #include "platform/weborigin/SecurityOrigin.h" 73 #include "public/platform/Platform.h" 74 #include "wtf/CurrentTime.h" 75 #include "wtf/StdLibExtras.h" 76 #include "wtf/StringExtras.h" 77 #include "wtf/text/CString.h" 78 #include "wtf/text/StringBuilder.h" 79 #include "wtf/text/TextPosition.h" 80 81 namespace WebCore { 82 83 bool ScriptController::canAccessFromCurrentOrigin(LocalFrame *frame) 84 { 85 if (!frame) 86 return false; 87 v8::Isolate* isolate = toIsolate(frame); 88 return !isolate->InContext() || BindingSecurity::shouldAllowAccessToFrame(isolate, frame); 89 } 90 91 ScriptController::ScriptController(LocalFrame* frame) 92 : m_frame(frame) 93 , m_sourceURL(0) 94 , m_isolate(v8::Isolate::GetCurrent()) 95 , m_windowShell(V8WindowShell::create(frame, DOMWrapperWorld::mainWorld(), m_isolate)) 96 , m_windowScriptNPObject(0) 97 { 98 } 99 100 ScriptController::~ScriptController() 101 { 102 // V8WindowShell::clearForClose() must be invoked before destruction starts. 103 ASSERT(!m_windowShell->isContextInitialized()); 104 } 105 106 void ScriptController::clearScriptObjects() 107 { 108 PluginObjectMap::iterator it = m_pluginObjects.begin(); 109 for (; it != m_pluginObjects.end(); ++it) { 110 _NPN_UnregisterObject(it->value); 111 _NPN_ReleaseObject(it->value); 112 } 113 m_pluginObjects.clear(); 114 115 if (m_windowScriptNPObject) { 116 // Dispose of the underlying V8 object before releasing our reference 117 // to it, so that if a plugin fails to release it properly we will 118 // only leak the NPObject wrapper, not the object, its document, or 119 // anything else they reference. 120 disposeUnderlyingV8Object(m_windowScriptNPObject, m_isolate); 121 _NPN_ReleaseObject(m_windowScriptNPObject); 122 m_windowScriptNPObject = 0; 123 } 124 } 125 126 void ScriptController::clearForClose() 127 { 128 double start = currentTime(); 129 m_windowShell->clearForClose(); 130 for (IsolatedWorldMap::iterator iter = m_isolatedWorlds.begin(); iter != m_isolatedWorlds.end(); ++iter) 131 iter->value->clearForClose(); 132 blink::Platform::current()->histogramCustomCounts("WebCore.ScriptController.clearForClose", (currentTime() - start) * 1000, 0, 10000, 50); 133 } 134 135 void ScriptController::updateSecurityOrigin(SecurityOrigin* origin) 136 { 137 m_windowShell->updateSecurityOrigin(origin); 138 } 139 140 v8::Local<v8::Value> ScriptController::callFunction(v8::Handle<v8::Function> function, v8::Handle<v8::Value> receiver, int argc, v8::Handle<v8::Value> info[]) 141 { 142 // Keep LocalFrame (and therefore ScriptController) alive. 143 RefPtr<LocalFrame> protect(m_frame); 144 return ScriptController::callFunction(m_frame->document(), function, receiver, argc, info, m_isolate); 145 } 146 147 v8::Local<v8::Value> ScriptController::callFunction(ExecutionContext* context, v8::Handle<v8::Function> function, v8::Handle<v8::Value> receiver, int argc, v8::Handle<v8::Value> info[], v8::Isolate* isolate) 148 { 149 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "FunctionCall", "data", devToolsTraceEventData(context, function, isolate)); 150 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline.stack"), "CallStack", "stack", InspectorCallStackEvent::currentCallStack()); 151 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Timeline migrates to tracing. 152 InspectorInstrumentationCookie cookie; 153 if (InspectorInstrumentation::timelineAgentEnabled(context)) { 154 int scriptId = 0; 155 String resourceName; 156 int lineNumber = 1; 157 GetDevToolsFunctionInfo(function, isolate, scriptId, resourceName, lineNumber); 158 cookie = InspectorInstrumentation::willCallFunction(context, scriptId, resourceName, lineNumber); 159 } 160 161 v8::Local<v8::Value> result = V8ScriptRunner::callFunction(function, context, receiver, argc, info, isolate); 162 163 InspectorInstrumentation::didCallFunction(cookie); 164 return result; 165 } 166 167 v8::Local<v8::Value> ScriptController::executeScriptAndReturnValue(v8::Handle<v8::Context> context, const ScriptSourceCode& source, AccessControlStatus corsStatus) 168 { 169 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "EvaluateScript", "data", InspectorEvaluateScriptEvent::data(m_frame, source.url().string(), source.startLine())); 170 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline.stack"), "CallStack", "stack", InspectorCallStackEvent::currentCallStack()); 171 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Timeline migrates to tracing. 172 InspectorInstrumentationCookie cookie = InspectorInstrumentation::willEvaluateScript(m_frame, source.url().string(), source.startLine()); 173 174 v8::Local<v8::Value> result; 175 { 176 // Isolate exceptions that occur when compiling and executing 177 // the code. These exceptions should not interfere with 178 // javascript code we might evaluate from C++ when returning 179 // from here. 180 v8::TryCatch tryCatch; 181 tryCatch.SetVerbose(true); 182 183 v8::Handle<v8::Script> script = V8ScriptRunner::compileScript(source, m_isolate, corsStatus); 184 185 // Keep LocalFrame (and therefore ScriptController) alive. 186 RefPtr<LocalFrame> protect(m_frame); 187 result = V8ScriptRunner::runCompiledScript(script, m_frame->document(), m_isolate); 188 ASSERT(!tryCatch.HasCaught() || result.IsEmpty()); 189 } 190 191 InspectorInstrumentation::didEvaluateScript(cookie); 192 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "UpdateCounters", "data", InspectorUpdateCountersEvent::data()); 193 194 return result; 195 } 196 197 bool ScriptController::initializeMainWorld() 198 { 199 if (m_windowShell->isContextInitialized()) 200 return false; 201 return windowShell(DOMWrapperWorld::mainWorld())->isContextInitialized(); 202 } 203 204 V8WindowShell* ScriptController::existingWindowShell(DOMWrapperWorld& world) 205 { 206 if (world.isMainWorld()) 207 return m_windowShell->isContextInitialized() ? m_windowShell.get() : 0; 208 209 IsolatedWorldMap::iterator iter = m_isolatedWorlds.find(world.worldId()); 210 if (iter == m_isolatedWorlds.end()) 211 return 0; 212 return iter->value->isContextInitialized() ? iter->value.get() : 0; 213 } 214 215 V8WindowShell* ScriptController::windowShell(DOMWrapperWorld& world) 216 { 217 V8WindowShell* shell = 0; 218 if (world.isMainWorld()) 219 shell = m_windowShell.get(); 220 else { 221 IsolatedWorldMap::iterator iter = m_isolatedWorlds.find(world.worldId()); 222 if (iter != m_isolatedWorlds.end()) 223 shell = iter->value.get(); 224 else { 225 OwnPtr<V8WindowShell> isolatedWorldShell = V8WindowShell::create(m_frame, world, m_isolate); 226 shell = isolatedWorldShell.get(); 227 m_isolatedWorlds.set(world.worldId(), isolatedWorldShell.release()); 228 } 229 } 230 if (!shell->isContextInitialized() && shell->initializeIfNeeded() && world.isMainWorld()) 231 m_frame->loader().dispatchDidClearWindowObjectInMainWorld(); 232 return shell; 233 } 234 235 bool ScriptController::shouldBypassMainWorldContentSecurityPolicy() 236 { 237 v8::Handle<v8::Context> context = m_isolate->GetCurrentContext(); 238 if (context.IsEmpty() || !toDOMWindow(context)) 239 return false; 240 DOMWrapperWorld& world = DOMWrapperWorld::current(m_isolate); 241 return world.isIsolatedWorld() ? world.isolatedWorldHasContentSecurityPolicy() : false; 242 } 243 244 TextPosition ScriptController::eventHandlerPosition() const 245 { 246 ScriptableDocumentParser* parser = m_frame->document()->scriptableDocumentParser(); 247 if (parser) 248 return parser->textPosition(); 249 return TextPosition::minimumPosition(); 250 } 251 252 // Create a V8 object with an interceptor of NPObjectPropertyGetter. 253 void ScriptController::bindToWindowObject(LocalFrame* frame, const String& key, NPObject* object) 254 { 255 ScriptState* scriptState = ScriptState::forMainWorld(frame); 256 if (scriptState->contextIsEmpty()) 257 return; 258 259 ScriptState::Scope scope(scriptState); 260 v8::Handle<v8::Object> value = createV8ObjectForNPObject(object, 0, m_isolate); 261 262 // Attach to the global object. 263 scriptState->context()->Global()->Set(v8String(m_isolate, key), value); 264 } 265 266 void ScriptController::enableEval() 267 { 268 if (!m_windowShell->isContextInitialized()) 269 return; 270 v8::HandleScope handleScope(m_isolate); 271 m_windowShell->context()->AllowCodeGenerationFromStrings(true); 272 } 273 274 void ScriptController::disableEval(const String& errorMessage) 275 { 276 if (!m_windowShell->isContextInitialized()) 277 return; 278 v8::HandleScope handleScope(m_isolate); 279 v8::Local<v8::Context> v8Context = m_windowShell->context(); 280 v8Context->AllowCodeGenerationFromStrings(false); 281 v8Context->SetErrorMessageForCodeGenerationFromStrings(v8String(m_isolate, errorMessage)); 282 } 283 284 PassRefPtr<SharedPersistent<v8::Object> > ScriptController::createPluginWrapper(Widget* widget) 285 { 286 ASSERT(widget); 287 288 if (!widget->isPluginView()) 289 return nullptr; 290 291 NPObject* npObject = toPluginView(widget)->scriptableObject(); 292 if (!npObject) 293 return nullptr; 294 295 // LocalFrame Memory Management for NPObjects 296 // ------------------------------------- 297 // NPObjects are treated differently than other objects wrapped by JS. 298 // NPObjects can be created either by the browser (e.g. the main 299 // window object) or by the plugin (the main plugin object 300 // for a HTMLEmbedElement). Further, unlike most DOM Objects, the frame 301 // is especially careful to ensure NPObjects terminate at frame teardown because 302 // if a plugin leaks a reference, it could leak its objects (or the browser's objects). 303 // 304 // The LocalFrame maintains a list of plugin objects (m_pluginObjects) 305 // which it can use to quickly find the wrapped embed object. 306 // 307 // Inside the NPRuntime, we've added a few methods for registering 308 // wrapped NPObjects. The purpose of the registration is because 309 // javascript garbage collection is non-deterministic, yet we need to 310 // be able to tear down the plugin objects immediately. When an object 311 // is registered, javascript can use it. When the object is destroyed, 312 // or when the object's "owning" object is destroyed, the object will 313 // be un-registered, and the javascript engine must not use it. 314 // 315 // Inside the javascript engine, the engine can keep a reference to the 316 // NPObject as part of its wrapper. However, before accessing the object 317 // it must consult the _NPN_Registry. 318 319 v8::Local<v8::Object> wrapper = createV8ObjectForNPObject(npObject, 0, m_isolate); 320 321 // Track the plugin object. We've been given a reference to the object. 322 m_pluginObjects.set(widget, npObject); 323 324 return SharedPersistent<v8::Object>::create(wrapper, m_isolate); 325 } 326 327 void ScriptController::cleanupScriptObjectsForPlugin(Widget* nativeHandle) 328 { 329 PluginObjectMap::iterator it = m_pluginObjects.find(nativeHandle); 330 if (it == m_pluginObjects.end()) 331 return; 332 _NPN_UnregisterObject(it->value); 333 _NPN_ReleaseObject(it->value); 334 m_pluginObjects.remove(it); 335 } 336 337 V8Extensions& ScriptController::registeredExtensions() 338 { 339 DEFINE_STATIC_LOCAL(V8Extensions, extensions, ()); 340 return extensions; 341 } 342 343 void ScriptController::registerExtensionIfNeeded(v8::Extension* extension) 344 { 345 const V8Extensions& extensions = registeredExtensions(); 346 for (size_t i = 0; i < extensions.size(); ++i) { 347 if (extensions[i] == extension) 348 return; 349 } 350 v8::RegisterExtension(extension); 351 registeredExtensions().append(extension); 352 } 353 354 static NPObject* createNoScriptObject() 355 { 356 notImplemented(); 357 return 0; 358 } 359 360 static NPObject* createScriptObject(LocalFrame* frame, v8::Isolate* isolate) 361 { 362 ScriptState* scriptState = ScriptState::forMainWorld(frame); 363 if (scriptState->contextIsEmpty()) 364 return createNoScriptObject(); 365 366 ScriptState::Scope scope(scriptState); 367 LocalDOMWindow* window = frame->domWindow(); 368 v8::Handle<v8::Value> global = toV8(window, scriptState->context()->Global(), scriptState->isolate()); 369 ASSERT(global->IsObject()); 370 return npCreateV8ScriptObject(0, v8::Handle<v8::Object>::Cast(global), window, isolate); 371 } 372 373 NPObject* ScriptController::windowScriptNPObject() 374 { 375 if (m_windowScriptNPObject) 376 return m_windowScriptNPObject; 377 378 if (canExecuteScripts(NotAboutToExecuteScript)) { 379 // JavaScript is enabled, so there is a JavaScript window object. 380 // Return an NPObject bound to the window object. 381 m_windowScriptNPObject = createScriptObject(m_frame, m_isolate); 382 _NPN_RegisterObject(m_windowScriptNPObject, 0); 383 } else { 384 // JavaScript is not enabled, so we cannot bind the NPObject to the 385 // JavaScript window object. Instead, we create an NPObject of a 386 // different class, one which is not bound to a JavaScript object. 387 m_windowScriptNPObject = createNoScriptObject(); 388 } 389 return m_windowScriptNPObject; 390 } 391 392 NPObject* ScriptController::createScriptObjectForPluginElement(HTMLPlugInElement* plugin) 393 { 394 // Can't create NPObjects when JavaScript is disabled. 395 if (!canExecuteScripts(NotAboutToExecuteScript)) 396 return createNoScriptObject(); 397 398 ScriptState* scriptState = ScriptState::forMainWorld(m_frame); 399 if (scriptState->contextIsEmpty()) 400 return createNoScriptObject(); 401 402 ScriptState::Scope scope(scriptState); 403 LocalDOMWindow* window = m_frame->domWindow(); 404 v8::Handle<v8::Value> v8plugin = toV8(plugin, scriptState->context()->Global(), scriptState->isolate()); 405 if (!v8plugin->IsObject()) 406 return createNoScriptObject(); 407 408 return npCreateV8ScriptObject(0, v8::Handle<v8::Object>::Cast(v8plugin), window, scriptState->isolate()); 409 } 410 411 void ScriptController::clearWindowShell() 412 { 413 double start = currentTime(); 414 // V8 binding expects ScriptController::clearWindowShell only be called 415 // when a frame is loading a new page. This creates a new context for the new page. 416 m_windowShell->clearForNavigation(); 417 for (IsolatedWorldMap::iterator iter = m_isolatedWorlds.begin(); iter != m_isolatedWorlds.end(); ++iter) 418 iter->value->clearForNavigation(); 419 clearScriptObjects(); 420 blink::Platform::current()->histogramCustomCounts("WebCore.ScriptController.clearWindowShell", (currentTime() - start) * 1000, 0, 10000, 50); 421 } 422 423 void ScriptController::setCaptureCallStackForUncaughtExceptions(bool value) 424 { 425 v8::V8::SetCaptureStackTraceForUncaughtExceptions(value, ScriptCallStack::maxCallStackSizeToCapture, stackTraceOptions); 426 } 427 428 void ScriptController::collectIsolatedContexts(Vector<std::pair<ScriptState*, SecurityOrigin*> >& result) 429 { 430 for (IsolatedWorldMap::iterator it = m_isolatedWorlds.begin(); it != m_isolatedWorlds.end(); ++it) { 431 V8WindowShell* isolatedWorldShell = it->value.get(); 432 SecurityOrigin* origin = isolatedWorldShell->world().isolatedWorldSecurityOrigin(); 433 if (!origin) 434 continue; 435 if (!isolatedWorldShell->isContextInitialized()) 436 continue; 437 result.append(std::pair<ScriptState*, SecurityOrigin*>(isolatedWorldShell->scriptState(), origin)); 438 } 439 } 440 441 bool ScriptController::setContextDebugId(int debugId) 442 { 443 ASSERT(debugId > 0); 444 if (!m_windowShell->isContextInitialized()) 445 return false; 446 v8::HandleScope scope(m_isolate); 447 v8::Local<v8::Context> context = m_windowShell->context(); 448 return V8PerContextDebugData::setContextDebugData(context, "page", debugId); 449 } 450 451 int ScriptController::contextDebugId(v8::Handle<v8::Context> context) 452 { 453 return V8PerContextDebugData::contextDebugId(context); 454 } 455 456 void ScriptController::updateDocument() 457 { 458 // For an uninitialized main window shell, do not incur the cost of context initialization. 459 if (!m_windowShell->isGlobalInitialized()) 460 return; 461 462 if (!initializeMainWorld()) 463 windowShell(DOMWrapperWorld::mainWorld())->updateDocument(); 464 } 465 466 void ScriptController::namedItemAdded(HTMLDocument* doc, const AtomicString& name) 467 { 468 windowShell(DOMWrapperWorld::mainWorld())->namedItemAdded(doc, name); 469 } 470 471 void ScriptController::namedItemRemoved(HTMLDocument* doc, const AtomicString& name) 472 { 473 windowShell(DOMWrapperWorld::mainWorld())->namedItemRemoved(doc, name); 474 } 475 476 bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason) 477 { 478 if (m_frame->document() && m_frame->document()->isSandboxed(SandboxScripts)) { 479 // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. 480 if (reason == AboutToExecuteScript) 481 m_frame->document()->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Blocked script execution in '" + m_frame->document()->url().elidedString() + "' because the document's frame is sandboxed and the 'allow-scripts' permission is not set."); 482 return false; 483 } 484 485 if (m_frame->document() && m_frame->document()->isViewSource()) { 486 ASSERT(m_frame->document()->securityOrigin()->isUnique()); 487 return true; 488 } 489 490 Settings* settings = m_frame->settings(); 491 const bool allowed = m_frame->loader().client()->allowScript(settings && settings->scriptEnabled()); 492 if (!allowed && reason == AboutToExecuteScript) 493 m_frame->loader().client()->didNotAllowScript(); 494 return allowed; 495 } 496 497 bool ScriptController::executeScriptIfJavaScriptURL(const KURL& url) 498 { 499 if (!protocolIsJavaScript(url)) 500 return false; 501 502 if (!m_frame->page() 503 || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line)) 504 return true; 505 506 // We need to hold onto the LocalFrame here because executing script can 507 // destroy the frame. 508 RefPtr<LocalFrame> protector(m_frame); 509 RefPtrWillBeRawPtr<Document> ownerDocument(m_frame->document()); 510 511 const int javascriptSchemeLength = sizeof("javascript:") - 1; 512 513 bool locationChangeBefore = m_frame->navigationScheduler().locationChangePending(); 514 515 String decodedURL = decodeURLEscapeSequences(url.string()); 516 v8::HandleScope handleScope(m_isolate); 517 v8::Local<v8::Value> result = evaluateScriptInMainWorld(ScriptSourceCode(decodedURL.substring(javascriptSchemeLength)), NotSharableCrossOrigin, DoNotExecuteScriptWhenScriptsDisabled); 518 519 // If executing script caused this frame to be removed from the page, we 520 // don't want to try to replace its document! 521 if (!m_frame->page()) 522 return true; 523 524 if (result.IsEmpty() || !result->IsString()) 525 return true; 526 String scriptResult = toCoreString(v8::Handle<v8::String>::Cast(result)); 527 528 // We're still in a frame, so there should be a DocumentLoader. 529 ASSERT(m_frame->document()->loader()); 530 if (!locationChangeBefore && m_frame->navigationScheduler().locationChangePending()) 531 return true; 532 533 // DocumentWriter::replaceDocument can cause the DocumentLoader to get deref'ed and possible destroyed, 534 // so protect it with a RefPtr. 535 if (RefPtr<DocumentLoader> loader = m_frame->document()->loader()) { 536 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJavaScriptURL); 537 loader->replaceDocument(scriptResult, ownerDocument.get()); 538 } 539 return true; 540 } 541 542 void ScriptController::executeScriptInMainWorld(const String& script, ExecuteScriptPolicy policy) 543 { 544 v8::HandleScope handleScope(m_isolate); 545 evaluateScriptInMainWorld(ScriptSourceCode(script), NotSharableCrossOrigin, policy); 546 } 547 548 void ScriptController::executeScriptInMainWorld(const ScriptSourceCode& sourceCode, AccessControlStatus corsStatus) 549 { 550 v8::HandleScope handleScope(m_isolate); 551 evaluateScriptInMainWorld(sourceCode, corsStatus, DoNotExecuteScriptWhenScriptsDisabled); 552 } 553 554 v8::Local<v8::Value> ScriptController::executeScriptInMainWorldAndReturnValue(const ScriptSourceCode& sourceCode) 555 { 556 return evaluateScriptInMainWorld(sourceCode, NotSharableCrossOrigin, DoNotExecuteScriptWhenScriptsDisabled); 557 } 558 559 v8::Local<v8::Value> ScriptController::evaluateScriptInMainWorld(const ScriptSourceCode& sourceCode, AccessControlStatus corsStatus, ExecuteScriptPolicy policy) 560 { 561 if (policy == DoNotExecuteScriptWhenScriptsDisabled && !canExecuteScripts(AboutToExecuteScript)) 562 return v8::Local<v8::Value>(); 563 564 String sourceURL = sourceCode.url(); 565 const String* savedSourceURL = m_sourceURL; 566 m_sourceURL = &sourceURL; 567 568 ScriptState* scriptState = ScriptState::forMainWorld(m_frame); 569 if (scriptState->contextIsEmpty()) 570 return v8::Local<v8::Value>(); 571 572 v8::EscapableHandleScope handleScope(scriptState->isolate()); 573 ScriptState::Scope scope(scriptState); 574 575 RefPtr<LocalFrame> protect(m_frame); 576 if (m_frame->loader().stateMachine()->isDisplayingInitialEmptyDocument()) 577 m_frame->loader().didAccessInitialDocument(); 578 579 OwnPtr<ScriptSourceCode> maybeProcessedSourceCode = InspectorInstrumentation::preprocess(m_frame, sourceCode); 580 const ScriptSourceCode& sourceCodeToCompile = maybeProcessedSourceCode ? *maybeProcessedSourceCode : sourceCode; 581 582 v8::Local<v8::Value> object = executeScriptAndReturnValue(scriptState->context(), sourceCodeToCompile, corsStatus); 583 m_sourceURL = savedSourceURL; 584 585 if (object.IsEmpty()) 586 return v8::Local<v8::Value>(); 587 588 return handleScope.Escape(object); 589 } 590 591 void ScriptController::executeScriptInIsolatedWorld(int worldID, const Vector<ScriptSourceCode>& sources, int extensionGroup, Vector<v8::Local<v8::Value> >* results) 592 { 593 ASSERT(worldID > 0); 594 595 RefPtr<DOMWrapperWorld> world = DOMWrapperWorld::ensureIsolatedWorld(worldID, extensionGroup); 596 V8WindowShell* isolatedWorldShell = windowShell(*world); 597 if (!isolatedWorldShell->isContextInitialized()) 598 return; 599 600 ScriptState* scriptState = isolatedWorldShell->scriptState(); 601 v8::EscapableHandleScope handleScope(scriptState->isolate()); 602 ScriptState::Scope scope(scriptState); 603 v8::Local<v8::Array> resultArray = v8::Array::New(m_isolate, sources.size()); 604 605 for (size_t i = 0; i < sources.size(); ++i) { 606 v8::Local<v8::Value> evaluationResult = executeScriptAndReturnValue(scriptState->context(), sources[i]); 607 if (evaluationResult.IsEmpty()) 608 evaluationResult = v8::Local<v8::Value>::New(m_isolate, v8::Undefined(m_isolate)); 609 resultArray->Set(i, evaluationResult); 610 } 611 612 if (results) { 613 for (size_t i = 0; i < resultArray->Length(); ++i) 614 results->append(handleScope.Escape(resultArray->Get(i))); 615 } 616 } 617 618 } // namespace WebCore 619