diff options
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/port/bindings/v8/v8_proxy.cpp | 33 | ||||
| -rw-r--r-- | webkit/port/bindings/v8/v8_proxy.h | 6 |
2 files changed, 35 insertions, 4 deletions
diff --git a/webkit/port/bindings/v8/v8_proxy.cpp b/webkit/port/bindings/v8/v8_proxy.cpp index 85b963f..e5db30c 100644 --- a/webkit/port/bindings/v8/v8_proxy.cpp +++ b/webkit/port/bindings/v8/v8_proxy.cpp @@ -1791,6 +1791,24 @@ void V8Proxy::ClearDocumentWrapper() } +void V8Proxy::UpdateDocumentWrapperCache() +{ + v8::HandleScope handle_scope; + v8::Context::Scope context_scope(GetContext()); + v8::Handle<v8::Value> document_wrapper = NodeToV8Object(m_frame->document()); + m_context->Global()->ForceSet(v8::String::New("document"), + document_wrapper, + static_cast<v8::PropertyAttribute>(v8::ReadOnly | v8::DontDelete)); +} + + +void V8Proxy::ClearDocumentWrapperCache() +{ + ASSERT(!m_context.IsEmpty()); + m_context->Global()->ForceDelete(v8::String::New("document")); +} + + void V8Proxy::DisposeContextHandles() { if (!m_context.IsEmpty()) { m_context.Dispose(); @@ -1836,6 +1854,11 @@ void V8Proxy::clearForNavigation() v8::Context::Scope context_scope(m_context); + // Clear the document wrapper cache before turning on access checks on + // the old DOMWindow wrapper. This way, access to the document wrapper + // will be protected by the security checks on the DOMWindow wrapper. + ClearDocumentWrapperCache(); + // Turn on access check on the old DOMWindow wrapper. v8::Handle<v8::Object> wrapper = LookupDOMWrapper(V8ClassIndex::DOMWINDOW, m_global); @@ -1900,10 +1923,10 @@ void V8Proxy::updateDocument() return; } - { - v8::HandleScope scope; - SetSecurityToken(); - } + // We have a new document and we need to update the cache. + UpdateDocumentWrapperCache(); + + updateSecurityOrigin(); } void V8Proxy::updateSecurityOrigin() @@ -2181,6 +2204,8 @@ void V8Proxy::InitContextIfNeeded() v8::Handle<v8::Object> v8_global = context->Global(); v8_global->Set(implicit_proto_string, js_window); + updateDocument(); + SetSecurityToken(); m_frame->loader()->dispatchWindowObjectAvailable(); diff --git a/webkit/port/bindings/v8/v8_proxy.h b/webkit/port/bindings/v8/v8_proxy.h index a00c5f9..8538705 100644 --- a/webkit/port/bindings/v8/v8_proxy.h +++ b/webkit/port/bindings/v8/v8_proxy.h @@ -502,6 +502,12 @@ class V8Proxy { void SetSecurityToken(); void ClearDocumentWrapper(); void UpdateDocumentWrapper(v8::Handle<v8::Value> wrapper); + // The JavaScript wrapper for the document object is cached on the global + // object for fast access. UpdateDocumentWrapperCache sets the wrapper + // for the current document on the global object. ClearDocumentWrapperCache + // deletes the document wrapper from the global object. + void UpdateDocumentWrapperCache(); + void ClearDocumentWrapperCache(); // Dispose global handles of m_contexts and friends. void DisposeContextHandles(); |