1 /* 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. 3 * Copyright (C) 2009 Apple Inc. All rights reserved. 4 * Copyright (C) 2014 Opera Software ASA. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are 8 * met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * * Redistributions in binary form must reproduce the above 13 * copyright notice, this list of conditions and the following disclaimer 14 * in the documentation and/or other materials provided with the 15 * distribution. 16 * * Neither the name of Google Inc. nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "config.h" 34 #include "bindings/core/v8/ScriptController.h" 35 36 #include "bindings/core/v8/BindingSecurity.h" 37 #include "bindings/core/v8/NPV8Object.h" 38 #include "bindings/core/v8/ScriptCallStackFactory.h" 39 #include "bindings/core/v8/ScriptSourceCode.h" 40 #include "bindings/core/v8/ScriptValue.h" 41 #include "bindings/core/v8/V8Binding.h" 42 #include "bindings/core/v8/V8Event.h" 43 #include "bindings/core/v8/V8GCController.h" 44 #include "bindings/core/v8/V8HTMLElement.h" 45 #include "bindings/core/v8/V8NPObject.h" 46 #include "bindings/core/v8/V8PerContextData.h" 47 #include "bindings/core/v8/V8ScriptRunner.h" 48 #include "bindings/core/v8/V8Window.h" 49 #include "bindings/core/v8/WindowProxy.h" 50 #include "bindings/core/v8/npruntime_impl.h" 51 #include "bindings/core/v8/npruntime_priv.h" 52 #include "core/dom/Document.h" 53 #include "core/dom/Node.h" 54 #include "core/dom/ScriptableDocumentParser.h" 55 #include "core/events/Event.h" 56 #include "core/events/EventListener.h" 57 #include "core/frame/LocalDOMWindow.h" 58 #include "core/frame/LocalFrame.h" 59 #include "core/frame/Settings.h" 60 #include "core/frame/UseCounter.h" 61 #include "core/frame/csp/ContentSecurityPolicy.h" 62 #include "core/html/HTMLPlugInElement.h" 63 #include "core/inspector/InspectorInstrumentation.h" 64 #include "core/inspector/InspectorTraceEvents.h" 65 #include "core/inspector/ScriptCallStack.h" 66 #include "core/loader/DocumentLoader.h" 67 #include "core/loader/FrameLoader.h" 68 #include "core/loader/FrameLoaderClient.h" 69 #include "core/plugins/PluginView.h" 70 #include "platform/NotImplemented.h" 71 #include "platform/TraceEvent.h" 72 #include "platform/UserGestureIndicator.h" 73 #include "platform/Widget.h" 74 #include "platform/weborigin/SecurityOrigin.h" 75 #include "public/platform/Platform.h" 76 #include "wtf/CurrentTime.h" 77 #include "wtf/StdLibExtras.h" 78 #include "wtf/StringExtras.h" 79 #include "wtf/text/CString.h" 80 #include "wtf/text/StringBuilder.h" 81 #include "wtf/text/TextPosition.h" 82 83 namespace blink { 84 85 bool ScriptController::canAccessFromCurrentOrigin(LocalFrame *frame) 86 { 87 if (!frame) 88 return false; 89 v8::Isolate* isolate = toIsolate(frame); 90 return !isolate->InContext() || BindingSecurity::shouldAllowAccessToFrame(isolate, frame); 91 } 92 93 ScriptController::ScriptController(LocalFrame* frame) 94 : m_frame(frame) 95 , m_sourceURL(0) 96 , m_isolate(v8::Isolate::GetCurrent()) 97 , m_windowProxy(WindowProxy::create(frame, DOMWrapperWorld::mainWorld(), m_isolate)) 98 , m_windowScriptNPObject(0) 99 { 100 } 101 102 ScriptController::~ScriptController() 103 { 104 // WindowProxy::clearForClose() must be invoked before destruction starts. 105 ASSERT(!m_windowProxy->isContextInitialized()); 106 } 107 108 void ScriptController::clearScriptObjects() 109 { 110 PluginObjectMap::iterator it = m_pluginObjects.begin(); 111 for (; it != m_pluginObjects.end(); ++it) { 112 _NPN_UnregisterObject(it->value); 113 _NPN_ReleaseObject(it->value); 114 } 115 m_pluginObjects.clear(); 116 117 if (m_windowScriptNPObject) { 118 // Dispose of the underlying V8 object before releasing our reference 119 // to it, so that if a plugin fails to release it properly we will 120 // only leak the NPObject wrapper, not the object, its document, or 121 // anything else they reference. 122 disposeUnderlyingV8Object(m_windowScriptNPObject, m_isolate); 123 _NPN_ReleaseObject(m_windowScriptNPObject); 124 m_windowScriptNPObject = 0; 125 } 126 } 127 128 void ScriptController::clearForClose() 129 { 130 double start = currentTime(); 131 m_windowProxy->clearForClose(); 132 for (IsolatedWorldMap::iterator iter = m_isolatedWorlds.begin(); iter != m_isolatedWorlds.end(); ++iter) 133 iter->value->clearForClose(); 134 blink::Platform::current()->histogramCustomCounts("WebCore.ScriptController.clearForClose", (currentTime() - start) * 1000, 0, 10000, 50); 135 } 136 137 void ScriptController::updateSecurityOrigin(SecurityOrigin* origin) 138 { 139 m_windowProxy->updateSecurityOrigin(origin); 140 } 141 142 v8::Local<v8::Value> ScriptController::callFunction(v8::Handle<v8::Function> function, v8::Handle<v8::Value> receiver, int argc, v8::Handle<v8::Value> info[]) 143 { 144 // Keep LocalFrame (and therefore ScriptController) alive. 145 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame); 146 return ScriptController::callFunction(m_frame->document(), function, receiver, argc, info, m_isolate); 147 } 148 149 v8::Local<v8::Value> ScriptController::callFunction(ExecutionContext* context, v8::Handle<v8::Function> function, v8::Handle<v8::Value> receiver, int argc, v8::Handle<v8::Value> info[], v8::Isolate* isolate) 150 { 151 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "FunctionCall", "data", devToolsTraceEventData(context, function, isolate)); 152 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline.stack"), "CallStack", "stack", InspectorCallStackEvent::currentCallStack()); 153 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Timeline migrates to tracing. 154 InspectorInstrumentationCookie cookie; 155 if (InspectorInstrumentation::timelineAgentEnabled(context)) { 156 int scriptId = 0; 157 String resourceName; 158 int lineNumber = 1; 159 GetDevToolsFunctionInfo(function, isolate, scriptId, resourceName, lineNumber); 160 cookie = InspectorInstrumentation::willCallFunction(context, scriptId, resourceName, lineNumber); 161 } 162 163 v8::Local<v8::Value> result = V8ScriptRunner::callFunction(function, context, receiver, argc, info, isolate); 164 165 InspectorInstrumentation::didCallFunction(cookie); 166 return result; 167 } 168 169 v8::Local<v8::Value> ScriptController::executeScriptAndReturnValue(v8::Handle<v8::Context> context, const ScriptSourceCode& source, AccessControlStatus corsStatus, double* compilationFinishTime) 170 { 171 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "EvaluateScript", "data", InspectorEvaluateScriptEvent::data(m_frame, source.url().string(), source.startLine())); 172 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline.stack"), "CallStack", "stack", InspectorCallStackEvent::currentCallStack()); 173 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Timeline migrates to tracing. 174 InspectorInstrumentationCookie cookie = InspectorInstrumentation::willEvaluateScript(m_frame, source.url().string(), source.startLine()); 175 176 v8::Local<v8::Value> result; 177 { 178 V8CacheOptions v8CacheOptions(V8CacheOptionsOff); 179 if (m_frame->settings()) 180 v8CacheOptions = m_frame->settings()->v8CacheOptions(); 181 182 // Isolate exceptions that occur when compiling and executing 183 // the code. These exceptions should not interfere with 184 // javascript code we might evaluate from C++ when returning 185 // from here. 186 v8::TryCatch tryCatch; 187 tryCatch.SetVerbose(true); 188 189 v8::Handle<v8::Script> script = V8ScriptRunner::compileScript(source, m_isolate, corsStatus, v8CacheOptions); 190 191 if (compilationFinishTime) { 192 *compilationFinishTime = WTF::monotonicallyIncreasingTime(); 193 } 194 // Keep LocalFrame (and therefore ScriptController) alive. 195 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame); 196 result = V8ScriptRunner::runCompiledScript(script, m_frame->document(), m_isolate); 197 ASSERT(!tryCatch.HasCaught() || result.IsEmpty()); 198 } 199 200 InspectorInstrumentation::didEvaluateScript(cookie); 201 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "UpdateCounters", "data", InspectorUpdateCountersEvent::data()); 202 203 return result; 204 } 205 206 bool ScriptController::initializeMainWorld() 207 { 208 if (m_windowProxy->isContextInitialized()) 209 return false; 210 return windowProxy(DOMWrapperWorld::mainWorld())->isContextInitialized(); 211 } 212 213 WindowProxy* ScriptController::existingWindowProxy(DOMWrapperWorld& world) 214 { 215 if (world.isMainWorld()) 216 return m_windowProxy->isContextInitialized() ? m_windowProxy.get() : 0; 217 218 IsolatedWorldMap::iterator iter = m_isolatedWorlds.find(world.worldId()); 219 if (iter == m_isolatedWorlds.end()) 220 return 0; 221 return iter->value->isContextInitialized() ? iter->value.get() : 0; 222 } 223 224 WindowProxy* ScriptController::windowProxy(DOMWrapperWorld& world) 225 { 226 WindowProxy* windowProxy = 0; 227 if (world.isMainWorld()) { 228 windowProxy = m_windowProxy.get(); 229 } else { 230 IsolatedWorldMap::iterator iter = m_isolatedWorlds.find(world.worldId()); 231 if (iter != m_isolatedWorlds.end()) { 232 windowProxy = iter->value.get(); 233 } else { 234 OwnPtr<WindowProxy> isolatedWorldWindowProxy = WindowProxy::create(m_frame, world, m_isolate); 235 windowProxy = isolatedWorldWindowProxy.get(); 236 m_isolatedWorlds.set(world.worldId(), isolatedWorldWindowProxy.release()); 237 } 238 } 239 if (!windowProxy->isContextInitialized() && windowProxy->initializeIfNeeded() && world.isMainWorld()) 240 m_frame->loader().dispatchDidClearWindowObjectInMainWorld(); 241 return windowProxy; 242 } 243 244 bool ScriptController::shouldBypassMainWorldCSP() 245 { 246 v8::HandleScope handleScope(m_isolate); 247 v8::Handle<v8::Context> context = m_isolate->GetCurrentContext(); 248 if (context.IsEmpty() || !toDOMWindow(context)) 249 return false; 250 DOMWrapperWorld& world = DOMWrapperWorld::current(m_isolate); 251 return world.isIsolatedWorld() ? world.isolatedWorldHasContentSecurityPolicy() : false; 252 } 253 254 TextPosition ScriptController::eventHandlerPosition() const 255 { 256 ScriptableDocumentParser* parser = m_frame->document()->scriptableDocumentParser(); 257 if (parser) 258 return parser->textPosition(); 259 return TextPosition::minimumPosition(); 260 } 261 262 // Create a V8 object with an interceptor of NPObjectPropertyGetter. 263 void ScriptController::bindToWindowObject(LocalFrame* frame, const String& key, NPObject* object) 264 { 265 ScriptState* scriptState = ScriptState::forMainWorld(frame); 266 if (scriptState->contextIsValid()) 267 return; 268 269 ScriptState::Scope scope(scriptState); 270 v8::Handle<v8::Object> value = createV8ObjectForNPObject(object, 0, m_isolate); 271 272 // Attach to the global object. 273 scriptState->context()->Global()->Set(v8String(m_isolate, key), value); 274 } 275 276 void ScriptController::enableEval() 277 { 278 if (!m_windowProxy->isContextInitialized()) 279 return; 280 v8::HandleScope handleScope(m_isolate); 281 m_windowProxy->context()->AllowCodeGenerationFromStrings(true); 282 } 283 284 void ScriptController::disableEval(const String& errorMessage) 285 { 286 if (!m_windowProxy->isContextInitialized()) 287 return; 288 v8::HandleScope handleScope(m_isolate); 289 v8::Local<v8::Context> v8Context = m_windowProxy->context(); 290 v8Context->AllowCodeGenerationFromStrings(false); 291 v8Context->SetErrorMessageForCodeGenerationFromStrings(v8String(m_isolate, errorMessage)); 292 } 293 294 PassRefPtr<SharedPersistent<v8::Object> > ScriptController::createPluginWrapper(Widget* widget) 295 { 296 ASSERT(widget); 297 298 if (!widget->isPluginView()) 299 return nullptr; 300 301 v8::HandleScope handleScope(m_isolate); 302 v8::Local<v8::Object> scriptableObject = toPluginView(widget)->scriptableObject(m_isolate); 303 304 if (scriptableObject.IsEmpty()) 305 return nullptr; 306 307 // LocalFrame Memory Management for NPObjects 308 // ------------------------------------- 309 // NPObjects are treated differently than other objects wrapped by JS. 310 // NPObjects can be created either by the browser (e.g. the main 311 // window object) or by the plugin (the main plugin object 312 // for a HTMLEmbedElement). Further, unlike most DOM Objects, the frame 313 // is especially careful to ensure NPObjects terminate at frame teardown because 314 // if a plugin leaks a reference, it could leak its objects (or the browser's objects). 315 // 316 // The LocalFrame maintains a list of plugin objects (m_pluginObjects) 317 // which it can use to quickly find the wrapped embed object. 318 // 319 // Inside the NPRuntime, we've added a few methods for registering 320 // wrapped NPObjects. The purpose of the registration is because 321 // javascript garbage collection is non-deterministic, yet we need to 322 // be able to tear down the plugin objects immediately. When an object 323 // is registered, javascript can use it. When the object is destroyed, 324 // or when the object's "owning" object is destroyed, the object will 325 // be un-registered, and the javascript engine must not use it. 326 // 327 // Inside the javascript engine, the engine can keep a reference to the 328 // NPObject as part of its wrapper. However, before accessing the object 329 // it must consult the _NPN_Registry. 330 331 if (isWrappedNPObject(scriptableObject)) { 332 // Track the plugin object. We've been given a reference to the object. 333 m_pluginObjects.set(widget, v8ObjectToNPObject(scriptableObject)); 334 } 335 336 return SharedPersistent<v8::Object>::create(scriptableObject, m_isolate); 337 } 338 339 void ScriptController::cleanupScriptObjectsForPlugin(Widget* nativeHandle) 340 { 341 PluginObjectMap::iterator it = m_pluginObjects.find(nativeHandle); 342 if (it == m_pluginObjects.end()) 343 return; 344 _NPN_UnregisterObject(it->value); 345 _NPN_ReleaseObject(it->value); 346 m_pluginObjects.remove(it); 347 } 348 349 V8Extensions& ScriptController::registeredExtensions() 350 { 351 DEFINE_STATIC_LOCAL(V8Extensions, extensions, ()); 352 return extensions; 353 } 354 355 void ScriptController::registerExtensionIfNeeded(v8::Extension* extension) 356 { 357 const V8Extensions& extensions = registeredExtensions(); 358 for (size_t i = 0; i < extensions.size(); ++i) { 359 if (extensions[i] == extension) 360 return; 361 } 362 v8::RegisterExtension(extension); 363 registeredExtensions().append(extension); 364 } 365 366 static NPObject* createNoScriptObject() 367 { 368 notImplemented(); 369 return 0; 370 } 371 372 static NPObject* createScriptObject(LocalFrame* frame, v8::Isolate* isolate) 373 { 374 ScriptState* scriptState = ScriptState::forMainWorld(frame); 375 if (scriptState->contextIsValid()) 376 return createNoScriptObject(); 377 378 ScriptState::Scope scope(scriptState); 379 LocalDOMWindow* window = frame->domWindow(); 380 v8::Handle<v8::Value> global = toV8(window, scriptState->context()->Global(), scriptState->isolate()); 381 ASSERT(global->IsObject()); 382 return npCreateV8ScriptObject(0, v8::Handle<v8::Object>::Cast(global), window, isolate); 383 } 384 385 NPObject* ScriptController::windowScriptNPObject() 386 { 387 if (m_windowScriptNPObject) 388 return m_windowScriptNPObject; 389 390 if (canExecuteScripts(NotAboutToExecuteScript)) { 391 // JavaScript is enabled, so there is a JavaScript window object. 392 // Return an NPObject bound to the window object. 393 m_windowScriptNPObject = createScriptObject(m_frame, m_isolate); 394 _NPN_RegisterObject(m_windowScriptNPObject, 0); 395 } else { 396 // JavaScript is not enabled, so we cannot bind the NPObject to the 397 // JavaScript window object. Instead, we create an NPObject of a 398 // different class, one which is not bound to a JavaScript object. 399 m_windowScriptNPObject = createNoScriptObject(); 400 } 401 return m_windowScriptNPObject; 402 } 403 404 NPObject* ScriptController::createScriptObjectForPluginElement(HTMLPlugInElement* plugin) 405 { 406 // Can't create NPObjects when JavaScript is disabled. 407 if (!canExecuteScripts(NotAboutToExecuteScript)) 408 return createNoScriptObject(); 409 410 ScriptState* scriptState = ScriptState::forMainWorld(m_frame); 411 if (scriptState->contextIsValid()) 412 return createNoScriptObject(); 413 414 ScriptState::Scope scope(scriptState); 415 LocalDOMWindow* window = m_frame->domWindow(); 416 v8::Handle<v8::Value> v8plugin = toV8(plugin, scriptState->context()->Global(), scriptState->isolate()); 417 if (!v8plugin->IsObject()) 418 return createNoScriptObject(); 419 420 return npCreateV8ScriptObject(0, v8::Handle<v8::Object>::Cast(v8plugin), window, scriptState->isolate()); 421 } 422 423 void ScriptController::clearWindowProxy() 424 { 425 double start = currentTime(); 426 // V8 binding expects ScriptController::clearWindowProxy only be called 427 // when a frame is loading a new page. This creates a new context for the new page. 428 429 // The V8 context must be available for |clearScriptObjects()|. 430 // The below call must be before |clearForNavigation()| which disposes the V8 context. 431 clearScriptObjects(); 432 m_windowProxy->clearForNavigation(); 433 for (IsolatedWorldMap::iterator iter = m_isolatedWorlds.begin(); iter != m_isolatedWorlds.end(); ++iter) 434 iter->value->clearForNavigation(); 435 blink::Platform::current()->histogramCustomCounts("WebCore.ScriptController.clearWindowProxy", (currentTime() - start) * 1000, 0, 10000, 50); 436 } 437 438 void ScriptController::setCaptureCallStackForUncaughtExceptions(bool value) 439 { 440 v8::V8::SetCaptureStackTraceForUncaughtExceptions(value, ScriptCallStack::maxCallStackSizeToCapture, stackTraceOptions); 441 } 442 443 void ScriptController::collectIsolatedContexts(Vector<std::pair<ScriptState*, SecurityOrigin*> >& result) 444 { 445 for (IsolatedWorldMap::iterator it = m_isolatedWorlds.begin(); it != m_isolatedWorlds.end(); ++it) { 446 WindowProxy* isolatedWorldWindowProxy = it->value.get(); 447 SecurityOrigin* origin = isolatedWorldWindowProxy->world().isolatedWorldSecurityOrigin(); 448 if (!origin) 449 continue; 450 if (!isolatedWorldWindowProxy->isContextInitialized()) 451 continue; 452 result.append(std::pair<ScriptState*, SecurityOrigin*>(isolatedWorldWindowProxy->scriptState(), origin)); 453 } 454 } 455 456 void ScriptController::setWorldDebugId(int worldId, int debuggerId) 457 { 458 ASSERT(debuggerId > 0); 459 bool isMainWorld = worldId == MainWorldId; 460 WindowProxy* windowProxy = 0; 461 if (isMainWorld) { 462 windowProxy = m_windowProxy.get(); 463 } else { 464 IsolatedWorldMap::iterator iter = m_isolatedWorlds.find(worldId); 465 if (iter != m_isolatedWorlds.end()) 466 windowProxy = iter->value.get(); 467 } 468 if (!windowProxy || !windowProxy->isContextInitialized()) 469 return; 470 v8::HandleScope scope(m_isolate); 471 v8::Local<v8::Context> context = windowProxy->context(); 472 const char* worldName = isMainWorld ? "page" : "injected"; 473 V8PerContextDebugData::setContextDebugData(context, worldName, debuggerId); 474 } 475 476 void ScriptController::updateDocument() 477 { 478 // For an uninitialized main window windowProxy, do not incur the cost of context initialization. 479 if (!m_windowProxy->isGlobalInitialized()) 480 return; 481 482 if (!initializeMainWorld()) 483 windowProxy(DOMWrapperWorld::mainWorld())->updateDocument(); 484 } 485 486 void ScriptController::namedItemAdded(HTMLDocument* doc, const AtomicString& name) 487 { 488 windowProxy(DOMWrapperWorld::mainWorld())->namedItemAdded(doc, name); 489 } 490 491 void ScriptController::namedItemRemoved(HTMLDocument* doc, const AtomicString& name) 492 { 493 windowProxy(DOMWrapperWorld::mainWorld())->namedItemRemoved(doc, name); 494 } 495 496 static bool isInPrivateScriptIsolateWorld(v8::Isolate* isolate) 497 { 498 v8::Handle<v8::Context> context = isolate->GetCurrentContext(); 499 return !context.IsEmpty() && toDOMWindow(context) && DOMWrapperWorld::current(isolate).isPrivateScriptIsolatedWorld(); 500 } 501 502 bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason) 503 { 504 // For performance reasons, we check isInPrivateScriptIsolateWorld() only if 505 // canExecuteScripts is going to return false. 506 507 if (m_frame->document() && m_frame->document()->isSandboxed(SandboxScripts)) { 508 if (isInPrivateScriptIsolateWorld(m_isolate)) 509 return true; 510 // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. 511 if (reason == AboutToExecuteScript) 512 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked script execution in '" + m_frame->document()->url().elidedString() + "' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.")); 513 return false; 514 } 515 516 if (m_frame->document() && m_frame->document()->isViewSource()) { 517 ASSERT(m_frame->document()->securityOrigin()->isUnique()); 518 return true; 519 } 520 521 Settings* settings = m_frame->settings(); 522 const bool allowed = m_frame->loader().client()->allowScript(settings && settings->scriptEnabled()) 523 || isInPrivateScriptIsolateWorld(m_isolate); 524 if (!allowed && reason == AboutToExecuteScript) 525 m_frame->loader().client()->didNotAllowScript(); 526 return allowed; 527 } 528 529 bool ScriptController::executeScriptIfJavaScriptURL(const KURL& url) 530 { 531 if (!protocolIsJavaScript(url)) 532 return false; 533 534 if (!m_frame->page() 535 || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line)) 536 return true; 537 538 // We need to hold onto the LocalFrame here because executing script can 539 // destroy the frame. 540 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame); 541 RefPtrWillBeRawPtr<Document> ownerDocument(m_frame->document()); 542 543 const int javascriptSchemeLength = sizeof("javascript:") - 1; 544 545 bool locationChangeBefore = m_frame->navigationScheduler().locationChangePending(); 546 547 String decodedURL = decodeURLEscapeSequences(url.string()); 548 v8::HandleScope handleScope(m_isolate); 549 v8::Local<v8::Value> result = evaluateScriptInMainWorld(ScriptSourceCode(decodedURL.substring(javascriptSchemeLength)), NotSharableCrossOrigin, DoNotExecuteScriptWhenScriptsDisabled); 550 551 // If executing script caused this frame to be removed from the page, we 552 // don't want to try to replace its document! 553 if (!m_frame->page()) 554 return true; 555 556 if (result.IsEmpty() || !result->IsString()) 557 return true; 558 String scriptResult = toCoreString(v8::Handle<v8::String>::Cast(result)); 559 560 // We're still in a frame, so there should be a DocumentLoader. 561 ASSERT(m_frame->document()->loader()); 562 if (!locationChangeBefore && m_frame->navigationScheduler().locationChangePending()) 563 return true; 564 565 m_frame->loader().replaceDocumentWhileExecutingJavaScriptURL(scriptResult, ownerDocument.get()); 566 return true; 567 } 568 569 void ScriptController::executeScriptInMainWorld(const String& script, ExecuteScriptPolicy policy) 570 { 571 v8::HandleScope handleScope(m_isolate); 572 evaluateScriptInMainWorld(ScriptSourceCode(script), NotSharableCrossOrigin, policy); 573 } 574 575 void ScriptController::executeScriptInMainWorld(const ScriptSourceCode& sourceCode, AccessControlStatus corsStatus, double* compilationFinishTime) 576 { 577 v8::HandleScope handleScope(m_isolate); 578 evaluateScriptInMainWorld(sourceCode, corsStatus, DoNotExecuteScriptWhenScriptsDisabled, compilationFinishTime); 579 } 580 581 v8::Local<v8::Value> ScriptController::executeScriptInMainWorldAndReturnValue(const ScriptSourceCode& sourceCode) 582 { 583 return evaluateScriptInMainWorld(sourceCode, NotSharableCrossOrigin, DoNotExecuteScriptWhenScriptsDisabled); 584 } 585 586 v8::Local<v8::Value> ScriptController::evaluateScriptInMainWorld(const ScriptSourceCode& sourceCode, AccessControlStatus corsStatus, ExecuteScriptPolicy policy, double* compilationFinishTime) 587 { 588 if (policy == DoNotExecuteScriptWhenScriptsDisabled && !canExecuteScripts(AboutToExecuteScript)) 589 return v8::Local<v8::Value>(); 590 591 String sourceURL = sourceCode.url(); 592 const String* savedSourceURL = m_sourceURL; 593 m_sourceURL = &sourceURL; 594 595 v8::EscapableHandleScope handleScope(m_isolate); 596 v8::Handle<v8::Context> context = toV8Context(m_frame, DOMWrapperWorld::mainWorld()); 597 if (context.IsEmpty()) 598 return v8::Local<v8::Value>(); 599 600 ScriptState* scriptState = ScriptState::from(context); 601 ScriptState::Scope scope(scriptState); 602 603 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame); 604 if (m_frame->loader().stateMachine()->isDisplayingInitialEmptyDocument()) 605 m_frame->loader().didAccessInitialDocument(); 606 607 OwnPtr<ScriptSourceCode> maybeProcessedSourceCode = InspectorInstrumentation::preprocess(m_frame, sourceCode); 608 const ScriptSourceCode& sourceCodeToCompile = maybeProcessedSourceCode ? *maybeProcessedSourceCode : sourceCode; 609 610 v8::Local<v8::Value> object = executeScriptAndReturnValue(scriptState->context(), sourceCodeToCompile, corsStatus, compilationFinishTime); 611 m_sourceURL = savedSourceURL; 612 613 if (object.IsEmpty()) 614 return v8::Local<v8::Value>(); 615 616 return handleScope.Escape(object); 617 } 618 619 void ScriptController::executeScriptInIsolatedWorld(int worldID, const Vector<ScriptSourceCode>& sources, int extensionGroup, Vector<v8::Local<v8::Value> >* results) 620 { 621 ASSERT(worldID > 0); 622 623 RefPtr<DOMWrapperWorld> world = DOMWrapperWorld::ensureIsolatedWorld(worldID, extensionGroup); 624 WindowProxy* isolatedWorldWindowProxy = windowProxy(*world); 625 if (!isolatedWorldWindowProxy->isContextInitialized()) 626 return; 627 628 ScriptState* scriptState = isolatedWorldWindowProxy->scriptState(); 629 v8::EscapableHandleScope handleScope(scriptState->isolate()); 630 ScriptState::Scope scope(scriptState); 631 v8::Local<v8::Array> resultArray = v8::Array::New(m_isolate, sources.size()); 632 633 for (size_t i = 0; i < sources.size(); ++i) { 634 v8::Local<v8::Value> evaluationResult = executeScriptAndReturnValue(scriptState->context(), sources[i]); 635 if (evaluationResult.IsEmpty()) 636 evaluationResult = v8::Local<v8::Value>::New(m_isolate, v8::Undefined(m_isolate)); 637 resultArray->Set(i, evaluationResult); 638 } 639 640 if (results) { 641 for (size_t i = 0; i < resultArray->Length(); ++i) 642 results->append(handleScope.Escape(resultArray->Get(i))); 643 } 644 } 645 646 } // namespace blink 647