1/*
2 * Copyright (C) 2007-2011 Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 *     * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *     * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 *     * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include "config.h"
32#include "InjectedScriptManager.h"
33
34#include "DOMWindow.h"
35#include "InjectedScript.h"
36#include "InjectedScriptHost.h"
37#include "ScriptValue.h"
38#include "V8Binding.h"
39#include "V8BindingState.h"
40#include "V8DOMWindow.h"
41#include "V8HiddenPropertyName.h"
42#include "V8InjectedScriptHost.h"
43#include "V8Proxy.h"
44#include <wtf/RefPtr.h>
45
46namespace WebCore {
47
48static void WeakReferenceCallback(v8::Persistent<v8::Value> object, void* parameter)
49{
50    InjectedScriptHost* nativeObject = static_cast<InjectedScriptHost*>(parameter);
51    nativeObject->deref();
52    object.Dispose();
53}
54
55static v8::Local<v8::Object> createInjectedScriptHostV8Wrapper(InjectedScriptHost* host)
56{
57    v8::Local<v8::Function> function = V8InjectedScriptHost::GetTemplate()->GetFunction();
58    if (function.IsEmpty()) {
59        // Return if allocation failed.
60        return v8::Local<v8::Object>();
61    }
62    v8::Local<v8::Object> instance = SafeAllocation::newInstance(function);
63    if (instance.IsEmpty()) {
64        // Avoid setting the wrapper if allocation failed.
65        return v8::Local<v8::Object>();
66    }
67    V8DOMWrapper::setDOMWrapper(instance, &V8InjectedScriptHost::info, host);
68    // Create a weak reference to the v8 wrapper of InspectorBackend to deref
69    // InspectorBackend when the wrapper is garbage collected.
70    host->ref();
71    v8::Persistent<v8::Object> weakHandle = v8::Persistent<v8::Object>::New(instance);
72    weakHandle.MakeWeak(host, &WeakReferenceCallback);
73    return instance;
74}
75
76ScriptObject InjectedScriptManager::createInjectedScript(const String& scriptSource, ScriptState* inspectedScriptState, long id)
77{
78    v8::HandleScope scope;
79
80    v8::Local<v8::Context> inspectedContext = inspectedScriptState->context();
81    v8::Context::Scope contextScope(inspectedContext);
82
83    // Call custom code to create InjectedScripHost wrapper specific for the context
84    // instead of calling toV8() that would create the
85    // wrapper in the current context.
86    // FIXME: make it possible to use generic bindings factory for InjectedScriptHost.
87    v8::Local<v8::Object> scriptHostWrapper = createInjectedScriptHostV8Wrapper(m_injectedScriptHost.get());
88    if (scriptHostWrapper.IsEmpty())
89        return ScriptObject();
90
91    v8::Local<v8::Object> windowGlobal = inspectedContext->Global();
92
93    // Inject javascript into the context. The compiled script is supposed to evaluate into
94    // a single anonymous function(it's anonymous to avoid cluttering the global object with
95    // inspector's stuff) the function is called a few lines below with InjectedScriptHost wrapper,
96    // injected script id and explicit reference to the inspected global object. The function is expected
97    // to create and configure InjectedScript instance that is going to be used by the inspector.
98    v8::Local<v8::Script> script = v8::Script::Compile(v8String(scriptSource));
99    v8::Local<v8::Value> v = script->Run();
100    ASSERT(!v.IsEmpty());
101    ASSERT(v->IsFunction());
102
103    v8::Handle<v8::Value> args[] = {
104      scriptHostWrapper,
105      windowGlobal,
106      v8::Number::New(id),
107    };
108    v8::Local<v8::Value> injectedScriptValue = v8::Function::Cast(*v)->Call(windowGlobal, 3, args);
109    v8::Local<v8::Object> injectedScript(v8::Object::Cast(*injectedScriptValue));
110    return ScriptObject(inspectedScriptState, injectedScript);
111}
112
113void InjectedScriptManager::discardInjectedScript(ScriptState* inspectedScriptState)
114{
115    v8::HandleScope handleScope;
116    v8::Local<v8::Context> context = inspectedScriptState->context();
117    v8::Context::Scope contextScope(context);
118
119    v8::Local<v8::Object> global = context->Global();
120    // Skip proxy object. The proxy object will survive page navigation while we need
121    // an object whose lifetime consides with that of the inspected context.
122    global = v8::Local<v8::Object>::Cast(global->GetPrototype());
123
124    v8::Handle<v8::String> key = V8HiddenPropertyName::devtoolsInjectedScript();
125    global->DeleteHiddenValue(key);
126}
127
128InjectedScript InjectedScriptManager::injectedScriptFor(ScriptState* inspectedScriptState)
129{
130    v8::HandleScope handleScope;
131    v8::Local<v8::Context> context = inspectedScriptState->context();
132    v8::Context::Scope contextScope(context);
133
134    v8::Local<v8::Object> global = context->Global();
135    // Skip proxy object. The proxy object will survive page navigation while we need
136    // an object whose lifetime consides with that of the inspected context.
137    global = v8::Local<v8::Object>::Cast(global->GetPrototype());
138
139    v8::Handle<v8::String> key = V8HiddenPropertyName::devtoolsInjectedScript();
140    v8::Local<v8::Value> val = global->GetHiddenValue(key);
141    if (!val.IsEmpty() && val->IsObject())
142        return InjectedScript(ScriptObject(inspectedScriptState, v8::Local<v8::Object>::Cast(val)), m_inspectedStateAccessCheck);
143
144    if (!m_inspectedStateAccessCheck(inspectedScriptState))
145        return InjectedScript();
146
147    pair<long, ScriptObject> injectedScript = injectScript(injectedScriptSource(), inspectedScriptState);
148    InjectedScript result(injectedScript.second, m_inspectedStateAccessCheck);
149    m_idToInjectedScript.set(injectedScript.first, result);
150    global->SetHiddenValue(key, injectedScript.second.v8Object());
151    return result;
152}
153
154bool InjectedScriptManager::canAccessInspectedWindow(ScriptState* scriptState)
155{
156    v8::HandleScope handleScope;
157    v8::Local<v8::Context> context = scriptState->context();
158    v8::Local<v8::Object> global = context->Global();
159    if (global.IsEmpty())
160        return false;
161    v8::Handle<v8::Object> holder = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), global);
162    if (holder.IsEmpty())
163        return false;
164    Frame* frame = V8DOMWindow::toNative(holder)->frame();
165
166    v8::Context::Scope contextScope(context);
167    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, false);
168}
169
170} // namespace WebCore
171