1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include "config.h"
32 #include "V8DOMWrapper.h"
33
34 #include "CSSMutableStyleDeclaration.h"
35 #include "DOMDataStore.h"
36 #include "DocumentLoader.h"
37 #include "FrameLoaderClient.h"
38 #include "Notification.h"
39 #include "ScriptController.h"
40 #include "V8AbstractEventListener.h"
41 #include "V8Binding.h"
42 #include "V8Collection.h"
43 #include "V8DedicatedWorkerContext.h"
44 #include "V8DOMApplicationCache.h"
45 #include "V8DOMMap.h"
46 #include "V8DOMWindow.h"
47 #include "V8EventListener.h"
48 #include "V8EventListenerList.h"
49 #include "V8EventSource.h"
50 #include "V8FileReader.h"
51 #include "V8FileWriter.h"
52 #include "V8HTMLCollection.h"
53 #include "V8HTMLDocument.h"
54 #include "V8IDBDatabase.h"
55 #include "V8IDBRequest.h"
56 #include "V8IDBTransaction.h"
57 #include "V8IsolatedContext.h"
58 #include "V8Location.h"
59 #include "V8MessageChannel.h"
60 #include "V8NamedNodeMap.h"
61 #include "V8Node.h"
62 #include "V8NodeFilterCondition.h"
63 #include "V8NodeList.h"
64 #include "V8Notification.h"
65 #include "V8Proxy.h"
66 #include "V8SharedWorker.h"
67 #include "V8SharedWorkerContext.h"
68 #include "V8StyleSheet.h"
69 #include "V8WebSocket.h"
70 #include "V8Worker.h"
71 #include "V8WorkerContext.h"
72 #include "V8WorkerContextEventListener.h"
73 #include "V8XMLHttpRequest.h"
74 #include "ArrayBufferView.h"
75 #include "WebGLContextAttributes.h"
76 #include "WebGLUniformLocation.h"
77 #include "WorkerContextExecutionProxy.h"
78 #include "WrapperTypeInfo.h"
79
80 #if ENABLE(SVG)
81 #include "SVGElementInstance.h"
82 #include "SVGPathSeg.h"
83 #include "V8SVGElementInstance.h"
84 #endif
85
86 #if ENABLE(WEB_AUDIO)
87 #include "V8AudioContext.h"
88 #include "V8JavaScriptAudioNode.h"
89 #endif
90
91 #include <algorithm>
92 #include <utility>
93 #include <v8-debug.h>
94 #include <wtf/Assertions.h>
95 #include <wtf/OwnArrayPtr.h>
96 #include <wtf/StdLibExtras.h>
97 #include <wtf/UnusedParam.h>
98
99 namespace WebCore {
100
101 typedef HashMap<Node*, v8::Object*> DOMNodeMap;
102 typedef HashMap<void*, v8::Object*> DOMObjectMap;
103
104 // The caller must have increased obj's ref count.
setJSWrapperForDOMObject(void * object,v8::Persistent<v8::Object> wrapper)105 void V8DOMWrapper::setJSWrapperForDOMObject(void* object, v8::Persistent<v8::Object> wrapper)
106 {
107 ASSERT(V8DOMWrapper::maybeDOMWrapper(wrapper));
108 ASSERT(!domWrapperType(wrapper)->toActiveDOMObjectFunction);
109 getDOMObjectMap().set(object, wrapper);
110 }
111
112 // The caller must have increased obj's ref count.
setJSWrapperForActiveDOMObject(void * object,v8::Persistent<v8::Object> wrapper)113 void V8DOMWrapper::setJSWrapperForActiveDOMObject(void* object, v8::Persistent<v8::Object> wrapper)
114 {
115 ASSERT(V8DOMWrapper::maybeDOMWrapper(wrapper));
116 ASSERT(domWrapperType(wrapper)->toActiveDOMObjectFunction);
117 getActiveDOMObjectMap().set(object, wrapper);
118 }
119
120 // The caller must have increased node's ref count.
setJSWrapperForDOMNode(Node * node,v8::Persistent<v8::Object> wrapper)121 void V8DOMWrapper::setJSWrapperForDOMNode(Node* node, v8::Persistent<v8::Object> wrapper)
122 {
123 ASSERT(V8DOMWrapper::maybeDOMWrapper(wrapper));
124 getDOMNodeMap().set(node, wrapper);
125 }
126
getConstructor(WrapperTypeInfo * type,v8::Handle<v8::Value> objectPrototype)127 v8::Local<v8::Function> V8DOMWrapper::getConstructor(WrapperTypeInfo* type, v8::Handle<v8::Value> objectPrototype)
128 {
129 // A DOM constructor is a function instance created from a DOM constructor
130 // template. There is one instance per context. A DOM constructor is
131 // different from a normal function in two ways:
132 // 1) it cannot be called as constructor (aka, used to create a DOM object)
133 // 2) its __proto__ points to Object.prototype rather than
134 // Function.prototype.
135 // The reason for 2) is that, in Safari, a DOM constructor is a normal JS
136 // object, but not a function. Hotmail relies on the fact that, in Safari,
137 // HTMLElement.__proto__ == Object.prototype.
138 v8::Handle<v8::FunctionTemplate> functionTemplate = type->getTemplate();
139 // Getting the function might fail if we're running out of
140 // stack or memory.
141 v8::TryCatch tryCatch;
142 v8::Local<v8::Function> value = functionTemplate->GetFunction();
143 if (value.IsEmpty())
144 return v8::Local<v8::Function>();
145 // Hotmail fix, see comments above.
146 if (!objectPrototype.IsEmpty())
147 value->SetPrototype(objectPrototype);
148 return value;
149 }
150
getConstructorForContext(WrapperTypeInfo * type,v8::Handle<v8::Context> context)151 v8::Local<v8::Function> V8DOMWrapper::getConstructorForContext(WrapperTypeInfo* type, v8::Handle<v8::Context> context)
152 {
153 // Enter the scope for this context to get the correct constructor.
154 v8::Context::Scope scope(context);
155
156 return getConstructor(type, V8DOMWindowShell::getHiddenObjectPrototype(context));
157 }
158
getConstructor(WrapperTypeInfo * type,DOMWindow * window)159 v8::Local<v8::Function> V8DOMWrapper::getConstructor(WrapperTypeInfo* type, DOMWindow* window)
160 {
161 Frame* frame = window->frame();
162 if (!frame)
163 return v8::Local<v8::Function>();
164
165 v8::Handle<v8::Context> context = V8Proxy::context(frame);
166 if (context.IsEmpty())
167 return v8::Local<v8::Function>();
168
169 return getConstructorForContext(type, context);
170 }
171
172 #if ENABLE(WORKERS)
getConstructor(WrapperTypeInfo * type,WorkerContext *)173 v8::Local<v8::Function> V8DOMWrapper::getConstructor(WrapperTypeInfo* type, WorkerContext*)
174 {
175 WorkerScriptController* controller = WorkerScriptController::controllerForContext();
176 WorkerContextExecutionProxy* proxy = controller ? controller->proxy() : 0;
177 if (!proxy)
178 return v8::Local<v8::Function>();
179
180 v8::Handle<v8::Context> context = proxy->context();
181 if (context.IsEmpty())
182 return v8::Local<v8::Function>();
183
184 return getConstructorForContext(type, context);
185 }
186 #endif
187
setHiddenReference(v8::Handle<v8::Object> parent,v8::Handle<v8::Value> child)188 void V8DOMWrapper::setHiddenReference(v8::Handle<v8::Object> parent, v8::Handle<v8::Value> child)
189 {
190 v8::Local<v8::Value> hiddenReferenceObject = parent->GetInternalField(v8DOMHiddenReferenceArrayIndex);
191 if (hiddenReferenceObject->IsNull() || hiddenReferenceObject->IsUndefined()) {
192 hiddenReferenceObject = v8::Array::New();
193 parent->SetInternalField(v8DOMHiddenReferenceArrayIndex, hiddenReferenceObject);
194 }
195 v8::Local<v8::Array> hiddenReferenceArray = v8::Local<v8::Array>::Cast(hiddenReferenceObject);
196 hiddenReferenceArray->Set(v8::Integer::New(hiddenReferenceArray->Length()), child);
197 }
198
setHiddenWindowReference(Frame * frame,v8::Handle<v8::Value> jsObject)199 void V8DOMWrapper::setHiddenWindowReference(Frame* frame, v8::Handle<v8::Value> jsObject)
200 {
201 // Get DOMWindow
202 if (!frame)
203 return; // Object might be detached from window
204 v8::Handle<v8::Context> context = V8Proxy::context(frame);
205 if (context.IsEmpty())
206 return;
207
208 v8::Handle<v8::Object> global = context->Global();
209 // Look for real DOM wrapper.
210 global = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), global);
211 ASSERT(!global.IsEmpty());
212
213 setHiddenReference(global, jsObject);
214 }
215
domWrapperType(v8::Handle<v8::Object> object)216 WrapperTypeInfo* V8DOMWrapper::domWrapperType(v8::Handle<v8::Object> object)
217 {
218 ASSERT(V8DOMWrapper::maybeDOMWrapper(object));
219 return static_cast<WrapperTypeInfo*>(object->GetPointerFromInternalField(v8DOMWrapperTypeIndex));
220 }
221
wrapNativeNodeFilter(v8::Handle<v8::Value> filter)222 PassRefPtr<NodeFilter> V8DOMWrapper::wrapNativeNodeFilter(v8::Handle<v8::Value> filter)
223 {
224 // A NodeFilter is used when walking through a DOM tree or iterating tree
225 // nodes.
226 // FIXME: we may want to cache NodeFilterCondition and NodeFilter
227 // object, but it is minor.
228 // NodeFilter is passed to NodeIterator that has a ref counted pointer
229 // to NodeFilter. NodeFilter has a ref counted pointer to NodeFilterCondition.
230 // In NodeFilterCondition, filter object is persisted in its constructor,
231 // and disposed in its destructor.
232 return NodeFilter::create(V8NodeFilterCondition::create(filter));
233 }
234
globalObjectPrototypeIsDOMWindow(v8::Handle<v8::Object> objectPrototype)235 static bool globalObjectPrototypeIsDOMWindow(v8::Handle<v8::Object> objectPrototype)
236 {
237 // We can identify what type of context the global object is wrapping by looking at the
238 // internal field count of its prototype. This assumes WorkerContexts and DOMWindows have different numbers
239 // of internal fields, so a COMPILE_ASSERT is included to warn if this ever changes.
240 #if ENABLE(WORKERS)
241 COMPILE_ASSERT(V8DOMWindow::internalFieldCount != V8WorkerContext::internalFieldCount,
242 DOMWindowAndWorkerContextHaveUnequalFieldCounts);
243 COMPILE_ASSERT(V8DOMWindow::internalFieldCount != V8DedicatedWorkerContext::internalFieldCount,
244 DOMWindowAndDedicatedWorkerContextHaveUnequalFieldCounts);
245 #endif
246 #if ENABLE(SHARED_WORKERS)
247 COMPILE_ASSERT(V8DOMWindow::internalFieldCount != V8SharedWorkerContext::internalFieldCount,
248 DOMWindowAndSharedWorkerContextHaveUnequalFieldCounts);
249 #endif
250 return objectPrototype->InternalFieldCount() == V8DOMWindow::internalFieldCount;
251 }
252
instantiateV8Object(V8Proxy * proxy,WrapperTypeInfo * type,void * impl)253 v8::Local<v8::Object> V8DOMWrapper::instantiateV8Object(V8Proxy* proxy, WrapperTypeInfo* type, void* impl)
254 {
255 #if ENABLE(WORKERS)
256 WorkerContext* workerContext = 0;
257 #endif
258 if (V8IsolatedContext::getEntered()) {
259 // This effectively disables the wrapper cache for isolated worlds.
260 proxy = 0;
261 // FIXME: Do we need a wrapper cache for the isolated world? We should
262 // see if the performance gains are worth while.
263 // We'll get one once we give the isolated context a proper window shell.
264 } else if (!proxy) {
265 v8::Handle<v8::Context> context = v8::Context::GetCurrent();
266 if (!context.IsEmpty()) {
267 v8::Handle<v8::Object> globalPrototype = v8::Handle<v8::Object>::Cast(context->Global()->GetPrototype());
268 if (globalObjectPrototypeIsDOMWindow(globalPrototype))
269 proxy = V8Proxy::retrieve(V8DOMWindow::toNative(globalPrototype)->frame());
270 #if ENABLE(WORKERS)
271 else
272 workerContext = V8WorkerContext::toNative(lookupDOMWrapper(V8WorkerContext::GetTemplate(), context->Global()));
273 #endif
274 }
275 }
276
277 v8::Local<v8::Object> instance;
278 if (proxy)
279 // FIXME: Fix this to work properly with isolated worlds (see above).
280 instance = proxy->windowShell()->createWrapperFromCache(type);
281 else {
282 v8::Local<v8::Function> function;
283 #if ENABLE(WORKERS)
284 if (workerContext)
285 function = getConstructor(type, workerContext);
286 else
287 #endif
288 function = type->getTemplate()->GetFunction();
289 instance = SafeAllocation::newInstance(function);
290 }
291 if (!instance.IsEmpty()) {
292 // Avoid setting the DOM wrapper for failed allocations.
293 setDOMWrapper(instance, type, impl);
294 if (type == &V8HTMLDocument::info)
295 instance = V8HTMLDocument::WrapInShadowObject(instance, static_cast<Node*>(impl));
296 }
297 return instance;
298 }
299
300 #ifndef NDEBUG
maybeDOMWrapper(v8::Handle<v8::Value> value)301 bool V8DOMWrapper::maybeDOMWrapper(v8::Handle<v8::Value> value)
302 {
303 if (value.IsEmpty() || !value->IsObject())
304 return false;
305
306 v8::Handle<v8::Object> object = v8::Handle<v8::Object>::Cast(value);
307 if (!object->InternalFieldCount())
308 return false;
309
310 ASSERT(object->InternalFieldCount() >= v8DefaultWrapperInternalFieldCount);
311
312 v8::Handle<v8::Value> wrapper = object->GetInternalField(v8DOMWrapperObjectIndex);
313 ASSERT(wrapper->IsNumber() || wrapper->IsExternal());
314
315 return true;
316 }
317 #endif
318
isValidDOMObject(v8::Handle<v8::Value> value)319 bool V8DOMWrapper::isValidDOMObject(v8::Handle<v8::Value> value)
320 {
321 if (value.IsEmpty() || !value->IsObject())
322 return false;
323 return v8::Handle<v8::Object>::Cast(value)->InternalFieldCount();
324 }
325
isWrapperOfType(v8::Handle<v8::Value> value,WrapperTypeInfo * type)326 bool V8DOMWrapper::isWrapperOfType(v8::Handle<v8::Value> value, WrapperTypeInfo* type)
327 {
328 if (!isValidDOMObject(value))
329 return false;
330
331 v8::Handle<v8::Object> object = v8::Handle<v8::Object>::Cast(value);
332 ASSERT(object->InternalFieldCount() >= v8DefaultWrapperInternalFieldCount);
333
334 v8::Handle<v8::Value> wrapper = object->GetInternalField(v8DOMWrapperObjectIndex);
335 ASSERT(wrapper->IsNumber() || wrapper->IsExternal());
336
337 WrapperTypeInfo* typeInfo = static_cast<WrapperTypeInfo*>(object->GetPointerFromInternalField(v8DOMWrapperTypeIndex));
338 return typeInfo == type;
339 }
340
getWrapperSlow(Node * node)341 v8::Handle<v8::Object> V8DOMWrapper::getWrapperSlow(Node* node)
342 {
343 V8IsolatedContext* context = V8IsolatedContext::getEntered();
344 if (LIKELY(!context)) {
345 v8::Persistent<v8::Object>* wrapper = node->wrapper();
346 if (!wrapper)
347 return v8::Handle<v8::Object>();
348 return *wrapper;
349 }
350 DOMNodeMapping& domNodeMap = context->world()->domDataStore()->domNodeMap();
351 return domNodeMap.get(node);
352 }
353
354 // A JS object of type EventTarget is limited to a small number of possible classes.
355 // Check EventTarget.h for new type conversion methods
convertEventTargetToV8Object(EventTarget * target)356 v8::Handle<v8::Value> V8DOMWrapper::convertEventTargetToV8Object(EventTarget* target)
357 {
358 if (!target)
359 return v8::Null();
360
361 #if ENABLE(SVG)
362 if (SVGElementInstance* instance = target->toSVGElementInstance())
363 return toV8(instance);
364 #endif
365
366 #if ENABLE(WORKERS)
367 if (Worker* worker = target->toWorker())
368 return toV8(worker);
369
370 if (DedicatedWorkerContext* workerContext = target->toDedicatedWorkerContext())
371 return toV8(workerContext);
372 #endif // WORKERS
373
374 #if ENABLE(SHARED_WORKERS)
375 if (SharedWorker* sharedWorker = target->toSharedWorker())
376 return toV8(sharedWorker);
377
378 if (SharedWorkerContext* sharedWorkerContext = target->toSharedWorkerContext())
379 return toV8(sharedWorkerContext);
380 #endif // SHARED_WORKERS
381
382 #if ENABLE(NOTIFICATIONS)
383 if (Notification* notification = target->toNotification())
384 return toV8(notification);
385 #endif
386
387 #if ENABLE(INDEXED_DATABASE)
388 if (IDBDatabase* idbDatabase = target->toIDBDatabase())
389 return toV8(idbDatabase);
390 if (IDBRequest* idbRequest = target->toIDBRequest())
391 return toV8(idbRequest);
392 if (IDBTransaction* idbTransaction = target->toIDBTransaction())
393 return toV8(idbTransaction);
394 #endif
395
396 #if ENABLE(WEB_SOCKETS)
397 if (WebSocket* webSocket = target->toWebSocket())
398 return toV8(webSocket);
399 #endif
400
401 if (Node* node = target->toNode())
402 return toV8(node);
403
404 if (DOMWindow* domWindow = target->toDOMWindow())
405 return toV8(domWindow);
406
407 // XMLHttpRequest is created within its JS counterpart.
408 if (XMLHttpRequest* xmlHttpRequest = target->toXMLHttpRequest()) {
409 v8::Handle<v8::Object> wrapper = getActiveDOMObjectMap().get(xmlHttpRequest);
410 ASSERT(!wrapper.IsEmpty());
411 return wrapper;
412 }
413
414 // MessagePort is created within its JS counterpart
415 if (MessagePort* port = target->toMessagePort()) {
416 v8::Handle<v8::Object> wrapper = getActiveDOMObjectMap().get(port);
417 ASSERT(!wrapper.IsEmpty());
418 return wrapper;
419 }
420
421 if (XMLHttpRequestUpload* upload = target->toXMLHttpRequestUpload()) {
422 v8::Handle<v8::Object> wrapper = getDOMObjectMap().get(upload);
423 ASSERT(!wrapper.IsEmpty());
424 return wrapper;
425 }
426
427 #if ENABLE(OFFLINE_WEB_APPLICATIONS)
428 if (DOMApplicationCache* domAppCache = target->toDOMApplicationCache())
429 return toV8(domAppCache);
430 #endif
431
432 #if ENABLE(EVENTSOURCE)
433 if (EventSource* eventSource = target->toEventSource())
434 return toV8(eventSource);
435 #endif
436
437 #if ENABLE(BLOB)
438 if (FileReader* fileReader = target->toFileReader())
439 return toV8(fileReader);
440 #endif
441
442 #if ENABLE(FILE_SYSTEM)
443 if (FileWriter* fileWriter = target->toFileWriter())
444 return toV8(fileWriter);
445 #endif
446
447 #if ENABLE(WEB_AUDIO)
448 if (JavaScriptAudioNode* jsAudioNode = target->toJavaScriptAudioNode())
449 return toV8(jsAudioNode);
450 if (AudioContext* audioContext = target->toAudioContext())
451 return toV8(audioContext);
452 #endif
453
454 ASSERT(0);
455 return notHandledByInterceptor();
456 }
457
getEventListener(v8::Local<v8::Value> value,bool isAttribute,ListenerLookupType lookup)458 PassRefPtr<EventListener> V8DOMWrapper::getEventListener(v8::Local<v8::Value> value, bool isAttribute, ListenerLookupType lookup)
459 {
460 v8::Handle<v8::Context> context = v8::Context::GetCurrent();
461 if (context.IsEmpty())
462 return 0;
463 if (lookup == ListenerFindOnly)
464 return V8EventListenerList::findWrapper(value, isAttribute);
465 v8::Handle<v8::Object> globalPrototype = v8::Handle<v8::Object>::Cast(context->Global()->GetPrototype());
466 if (globalObjectPrototypeIsDOMWindow(globalPrototype))
467 return V8EventListenerList::findOrCreateWrapper<V8EventListener>(value, isAttribute);
468 #if ENABLE(WORKERS)
469 return V8EventListenerList::findOrCreateWrapper<V8WorkerContextEventListener>(value, isAttribute);
470 #else
471 return 0;
472 #endif
473 }
474
475 #if ENABLE(XPATH)
476 // XPath-related utilities
getXPathNSResolver(v8::Handle<v8::Value> value,V8Proxy * proxy)477 RefPtr<XPathNSResolver> V8DOMWrapper::getXPathNSResolver(v8::Handle<v8::Value> value, V8Proxy* proxy)
478 {
479 RefPtr<XPathNSResolver> resolver;
480 if (V8XPathNSResolver::HasInstance(value))
481 resolver = V8XPathNSResolver::toNative(v8::Handle<v8::Object>::Cast(value));
482 else if (value->IsObject())
483 resolver = V8CustomXPathNSResolver::create(value->ToObject());
484 return resolver;
485 }
486 #endif
487
488 } // namespace WebCore
489