Remove the prototype from all V8 functions that aren't constructors

BUG=625823
R=haraken@chromium.org
TBR=eroman@chromium.org,yzshen@chromium.org

Review-Url: https://codereview.chromium.org/2126763002
Cr-Commit-Position: refs/heads/master@{#403888}

chrome/test/base/v8_unit_test.cc

@@ -169,13 +169,16 @@ void V8UnitTest::SetUp() {
   v8::Local<v8::String> log_string = v8::String::NewFromUtf8(isolate, "log");
   v8::Local<v8::FunctionTemplate> log_function =
       v8::FunctionTemplate::New(isolate, &V8UnitTest::Log);
+  log_function->RemovePrototype();
   global->Set(log_string, log_function);
 
   // Set up chrome object for chrome.send().
   v8::Local<v8::ObjectTemplate> chrome = v8::ObjectTemplate::New(isolate);
   global->Set(v8::String::NewFromUtf8(isolate, "chrome"), chrome);
-  chrome->Set(v8::String::NewFromUtf8(isolate, "send"),
-              v8::FunctionTemplate::New(isolate, &V8UnitTest::ChromeSend));
+  v8::Local<v8::FunctionTemplate> send_function =
+      v8::FunctionTemplate::New(isolate, &V8UnitTest::ChromeSend);
+  send_function->RemovePrototype();
+  chrome->Set(v8::String::NewFromUtf8(isolate, "send"), send_function);
 
   // Set up console object for console.log(), etc.
   v8::Local<v8::ObjectTemplate> console = v8::ObjectTemplate::New(isolate);
@@ -183,8 +186,10 @@ void V8UnitTest::SetUp() {
   console->Set(log_string, log_function);
   console->Set(v8::String::NewFromUtf8(isolate, "info"), log_function);
   console->Set(v8::String::NewFromUtf8(isolate, "warn"), log_function);
-  console->Set(v8::String::NewFromUtf8(isolate, "error"),
-               v8::FunctionTemplate::New(isolate, &V8UnitTest::Error));
+  v8::Local<v8::FunctionTemplate> error_function =
+      v8::FunctionTemplate::New(isolate, &V8UnitTest::Error);
+  error_function->RemovePrototype();
+  console->Set(v8::String::NewFromUtf8(isolate, "error"), error_function);
 
   context_.Reset(isolate, v8::Context::New(isolate, NULL, global));
 }

extensions/renderer/console.cc

@@ -73,6 +73,7 @@ void BindLogMethod(v8::Isolate* isolate,
       isolate,
       &BoundLogMethodCallback,
       v8::External::New(isolate, reinterpret_cast<void*>(log_method)));
+  tmpl->RemovePrototype();
   v8::Local<v8::Function> function;
   if (!tmpl->GetFunction(isolate->GetCurrentContext()).ToLocal(&function)) {
     LOG(FATAL) << "Could not create log function \"" << name << "\"";

extensions/renderer/module_system.cc

@@ -667,6 +667,7 @@ v8::Local<v8::Value> ModuleSystem::LoadModule(const std::string& module_name) {
   v8::Local<v8::FunctionTemplate> tmpl = v8::FunctionTemplate::New(
       GetIsolate(),
       &SetExportsProperty);
+  tmpl->RemovePrototype();
   v8::Local<v8::String> v8_key;
   if (!v8_helpers::ToV8String(GetIsolate(), "$set", &v8_key)) {
     NOTREACHED();

extensions/renderer/object_backed_native_handler.cc

@@ -125,6 +125,7 @@ void ObjectBackedNativeHandler::RouteFunction(
              v8_helpers::ToV8StringUnsafe(isolate, feature_name));
   v8::Local<v8::FunctionTemplate> function_template =
       v8::FunctionTemplate::New(isolate, Router, data);
+  function_template->RemovePrototype();
   v8::Local<v8::ObjectTemplate>::New(isolate, object_template_)
       ->Set(isolate, name.c_str(), function_template);
   router_data_.Append(data);

gin/function_template.h

@@ -237,11 +237,12 @@ v8::Local<v8::FunctionTemplate> CreateFunctionTemplate(
   typedef internal::CallbackHolder<Sig> HolderT;
   HolderT* holder = new HolderT(isolate, callback, callback_flags);
 
-  return v8::FunctionTemplate::New(
-      isolate,
-      &internal::Dispatcher<Sig>::DispatchToCallback,
-      ConvertToV8<v8::Local<v8::External> >(isolate,
+  v8::Local<v8::FunctionTemplate> tmpl = v8::FunctionTemplate::New(
+      isolate, &internal::Dispatcher<Sig>::DispatchToCallback,
+      ConvertToV8<v8::Local<v8::External>>(isolate,
                                            holder->GetHandle(isolate)));
+  tmpl->RemovePrototype();
+  return tmpl;
 }
 
 // CreateFunctionHandler installs a CallAsFunction handler on the given

gin/modules/module_registry.cc

@@ -94,6 +94,7 @@ Local<FunctionTemplate> GetDefineTemplate(Isolate* isolate) {
       &g_wrapper_info);
   if (templ.IsEmpty()) {
     templ = FunctionTemplate::New(isolate, Define);
+    templ->RemovePrototype();
     data->SetFunctionTemplate(&g_wrapper_info, templ);
   }
   return templ;

mojo/public/js/validation_unittests.js

@@ -282,7 +282,7 @@ define([
     var testFiles = getMessageTestFiles(testFilesPattern);
     expect(testFiles.length).toBeGreaterThan(0);
 
-    var testMessagePipe = new core.createMessagePipe();
+    var testMessagePipe = core.createMessagePipe();
     expect(testMessagePipe.result).toBe(core.RESULT_OK);
     var testConnection = new connection.TestConnection(
         testMessagePipe.handle1, localFactory, remoteFactory);

net/proxy/proxy_resolver_v8.cc

@@ -507,21 +507,25 @@ class ProxyResolverV8::Context {
     // Attach the javascript bindings.
     v8::Local<v8::FunctionTemplate> alert_template =
         v8::FunctionTemplate::New(isolate_, &AlertCallback, v8_this);
+    alert_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "alert"),
                          alert_template);
 
     v8::Local<v8::FunctionTemplate> my_ip_address_template =
         v8::FunctionTemplate::New(isolate_, &MyIpAddressCallback, v8_this);
+    my_ip_address_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "myIpAddress"),
                          my_ip_address_template);
 
     v8::Local<v8::FunctionTemplate> dns_resolve_template =
         v8::FunctionTemplate::New(isolate_, &DnsResolveCallback, v8_this);
+    dns_resolve_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "dnsResolve"),
                          dns_resolve_template);
 
     v8::Local<v8::FunctionTemplate> is_plain_host_name_template =
         v8::FunctionTemplate::New(isolate_, &IsPlainHostNameCallback, v8_this);
+    is_plain_host_name_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "isPlainHostName"),
                          is_plain_host_name_template);
 
@@ -529,11 +533,13 @@ class ProxyResolverV8::Context {
 
     v8::Local<v8::FunctionTemplate> dns_resolve_ex_template =
         v8::FunctionTemplate::New(isolate_, &DnsResolveExCallback, v8_this);
+    dns_resolve_ex_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "dnsResolveEx"),
                          dns_resolve_ex_template);
 
     v8::Local<v8::FunctionTemplate> my_ip_address_ex_template =
         v8::FunctionTemplate::New(isolate_, &MyIpAddressExCallback, v8_this);
+    my_ip_address_ex_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "myIpAddressEx"),
                          my_ip_address_ex_template);
 
@@ -541,11 +547,13 @@ class ProxyResolverV8::Context {
         v8::FunctionTemplate::New(isolate_,
                                   &SortIpAddressListCallback,
                                   v8_this);
+    sort_ip_address_list_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "sortIpAddressList"),
                          sort_ip_address_list_template);
 
     v8::Local<v8::FunctionTemplate> is_in_net_ex_template =
         v8::FunctionTemplate::New(isolate_, &IsInNetExCallback, v8_this);
+    is_in_net_ex_template->RemovePrototype();
     global_template->Set(ASCIILiteralToV8String(isolate_, "isInNetEx"),
                          is_in_net_ex_template);
 

third_party/WebKit/LayoutTests/fast/dom/Window/window-methods-construct.html

+<!DOCTYPE html>
+<script src="../../../resources/testharness.js"></script>
+<script src="../../../resources/testharnessreport.js"></script>
+<script>
+  test(t => {
+    assert_throws(null, function() { new window.blur(); });
+  }, "Construct call to window methods throws.");
+</script>

third_party/WebKit/Source/bindings/core/v8/DocumentWriteEvaluator.cpp

@@ -102,6 +102,7 @@ bool DocumentWriteEvaluator::ensureEvaluationContext()
     m_window.newLocal(isolate)->Set(navigatorString, m_navigator.newLocal(isolate));
 
     v8::Local<v8::FunctionTemplate> writeTemplate = v8::FunctionTemplate::New(isolate, documentWriteCallback, v8::External::New(isolate, this));
+    writeTemplate->RemovePrototype();
     m_document.newLocal(isolate)->Set(locationString, m_location.newLocal(isolate));
     m_document.newLocal(isolate)->Set(v8String(isolate, "write"), writeTemplate->GetFunction());
     m_document.newLocal(isolate)->Set(v8String(isolate, "writeln"), writeTemplate->GetFunction());

third_party/WebKit/Source/bindings/core/v8/PrivateScriptRunner.cpp

@@ -61,6 +61,7 @@ static v8::Local<v8::Value> compileAndRunPrivateScript(ScriptState* scriptState,
         v8::Local<v8::Value> importFunctionValue = privateScriptControllerObject->Get(context, v8String(isolate, "import")).ToLocalChecked();
         if (importFunctionValue->IsUndefined()) {
             v8::Local<v8::Function> function;
+            // This is a memory leak, FunctionTemplates are eternal.
             if (!v8::FunctionTemplate::New(isolate, importFunction)->GetFunction(context).ToLocal(&function)
                 || !v8CallBoolean(privateScriptControllerObject->Set(context, v8String(isolate, "import"), function))) {
                 fprintf(stderr, "Private script error: Setting import function failed. (Class name = %s)\n", scriptClassName.utf8().data());

third_party/WebKit/Source/bindings/core/v8/V8PerIsolateData.cpp

@@ -277,6 +277,7 @@ v8::Local<v8::FunctionTemplate> V8PerIsolateData::findOrCreateOperationTemplate(
         return result->value.Get(isolate());
 
     v8::Local<v8::FunctionTemplate> templ = v8::FunctionTemplate::New(isolate(), callback, data, signature, length);
+    templ->RemovePrototype();
     map.add(key, v8::Eternal<v8::FunctionTemplate>(isolate(), templ));
     return templ;
 }