Return different functions with the same behavior between cross-origin access...

Return different functions with the same behavior between cross-origin access and same-origin access for data properties According to the spec (test), when a data property of cross-origin properties is called, different functions with the same behavior should be returned between cross-origin access and same-origin access. However, completely the same functions via the same function template are returned currently. This CL fixes the gap by using a different template for each. Bug: 715418 Change-Id: Ibb410999e87547ead088a49f86274150783724a1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1846620Reviewed-by: Hitoshi Yoshida <peria@chromium.org> Reviewed-by: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Marina Sakai <marinasakai@google.com> Cr-Commit-Position: refs/heads/master@{#704047}

Return different functions with the same behavior between cross-origin access...
Return different functions with the same behavior between cross-origin access and same-origin access for data properties According to the spec (test), when a data property of cross-origin properties is called, different functions with the same behavior should be returned between cross-origin access and same-origin access. However, completely the same functions via the same function template are returned currently. This CL fixes the gap by using a different template for each. Bug: 715418 Change-Id: Ibb410999e87547ead088a49f86274150783724a1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1846620Reviewed-by: Hitoshi Yoshida <peria@chromium.org> Reviewed-by: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Marina Sakai <marinasakai@google.com> Cr-Commit-Position: refs/heads/master@{#704047}
9c00e198 · Marina Sakai · Commit Bot · 3ba6b936 · 9c00e198 · 9c00e198
Commit 9c00e198 authored Oct 09, 2019 by Marina Sakai Committed by Commit Bot Oct 09, 2019
4 changed files
--- a/third_party/blink/renderer/bindings/templates/interface.cc.tmpl
+++ b/third_party/blink/renderer/bindings/templates/interface.cc.tmpl
@@ -974,10 +974,40 @@ static const V8DOMConfiguration::AttributeConfiguration {{method.name}}OriginSaf
 {% set getter_callback_for_main_world = '%sForMainWorld' % getter_callback %}
 {% set setter_callback_for_main_world = '%sForMainWorld' % setter_callback
       if not method.is_unforgeable else 'nullptr' %}
-    {"{{method.name}}", {{getter_callback_for_main_world}}, {{setter_callback_for_main_world}}, {{property_attribute}}, {{property_location(method)}}, {{holder_check}}, V8DOMConfiguration::kHasSideEffect, V8DOMConfiguration::kAlwaysCallGetter, V8DOMConfiguration::MainWorld},
-    {"{{method.name}}", {{getter_callback}}, {{setter_callback}}, {{property_attribute}}, {{property_location(method)}}, {{holder_check}}, V8DOMConfiguration::kHasSideEffect, V8DOMConfiguration::kAlwaysCallGetter, V8DOMConfiguration::NonMainWorlds}}
+    {
+        "{{method.name}}",
+        {{getter_callback_for_main_world}},
+        {{setter_callback_for_main_world}},
+        {{property_attribute}},
+        {{property_location(method)}},
+        {{holder_check}},
+        V8DOMConfiguration::kHasSideEffect,
+        V8DOMConfiguration::kAlwaysCallGetter,
+        V8DOMConfiguration::MainWorld,
+    },
+    {
+        "{{method.name}}",
+        {{getter_callback}},
+        {{setter_callback}},
+        {{property_attribute}},
+        {{property_location(method)}},
+        {{holder_check}},
+        V8DOMConfiguration::kHasSideEffect,
+        V8DOMConfiguration::kAlwaysCallGetter,
+        V8DOMConfiguration::NonMainWorlds,
+    }
 {% else %}
-    {"{{method.name}}", {{getter_callback}}, {{setter_callback}}, {{property_attribute}}, {{property_location(method)}}, {{holder_check}}, V8DOMConfiguration::kHasSideEffect, V8DOMConfiguration::kAlwaysCallGetter, V8DOMConfiguration::kAllWorlds}
+    {
+        "{{method.name}}",
+        {{getter_callback}},
+        {{setter_callback}},
+        {{property_attribute}},
+        {{property_location(method)}},
+        {{holder_check}},
+        V8DOMConfiguration::kHasSideEffect,
+        V8DOMConfiguration::kAlwaysCallGetter,
+        V8DOMConfiguration::kAllWorlds,
+    }
 {% endif %}
 };
 for (const auto& attributeConfig : {{method.name}}OriginSafeAttributeConfiguration)

--- a/third_party/blink/renderer/bindings/templates/methods.cc.tmpl
+++ b/third_party/blink/renderer/bindings/templates/methods.cc.tmpl
@@ -507,7 +507,6 @@ void {{v8_class_or_partial}}::{{method.camel_case_name}}MethodCallback{{world_su
 {##############################################################################}
 {% macro origin_safe_method_getter(method, world_suffix) %}
 static void {{method.camel_case_name}}OriginSafeMethodGetter{{world_suffix}}(const v8::PropertyCallbackInfo<v8::Value>& info) {
-  static int dom_template_key; // This address is used for a key to look up the dom template.
  v8::Isolate* isolate = info.GetIsolate();
  V8PerIsolateData* data = V8PerIsolateData::From(isolate);
  const DOMWrapperWorld& world =
@@ -517,19 +516,23 @@ static void {{method.camel_case_name}}OriginSafeMethodGetter{{world_suffix}}(con
  v8::Local<v8::Signature> signature =
      v8::Signature::New(isolate, interface_template);

-  v8::Local<v8::FunctionTemplate> method_template =
-      data->FindOrCreateOperationTemplate(
-          world,
-          &dom_template_key,
-          {{v8_class_or_partial}}::{{method.camel_case_name}}MethodCallback{{world_suffix}},
-          v8::Local<v8::Value>(),
-          signature,
-          {{method.length}});
-
  {{cpp_class}}* impl = {{v8_class}}::ToImpl(info.Holder());
+  // Different FunctionTemplates should be used between cross-origin access and
+  // same-origin access.
  if (!BindingSecurity::ShouldAllowAccessTo(
          CurrentDOMWindow(isolate), impl,
          BindingSecurity::ErrorReportOption::kDoNotReport)) {
+    static int dom_template_key; // This address is used for a key to look up the dom template.
+
+    v8::Local<v8::FunctionTemplate> method_template =
+        data->FindOrCreateOperationTemplate(
+            world,
+            &dom_template_key,
+            {{v8_class_or_partial}}::{{method.camel_case_name}}MethodCallback{{world_suffix}},
+            v8::Local<v8::Value>(),
+            signature,
+            {{method.length}});
+
    V8SetReturnValue(
        info,
        method_template->GetFunction(
@@ -537,6 +540,17 @@ static void {{method.camel_case_name}}OriginSafeMethodGetter{{world_suffix}}(con
    return;
  }

+  static int dom_template_key; // This address is used for a key to look up the dom template.
+
+  v8::Local<v8::FunctionTemplate> method_template =
+      data->FindOrCreateOperationTemplate(
+          world,
+          &dom_template_key,
+          {{v8_class_or_partial}}::{{method.camel_case_name}}MethodCallback{{world_suffix}},
+          v8::Local<v8::Value>(),
+          signature,
+          {{method.length}});
+
  // When the web author overwrote the property, return the overwriting value.
  //
  // "{{method.name}}" must be the same as |name_in_utf8| (=name) in

--- a/third_party/blink/renderer/bindings/tests/results/core/v8_test_interface_check_security.cc
+++ b/third_party/blink/renderer/bindings/tests/results/core/v8_test_interface_check_security.cc
--- a/third_party/blink/web_tests/external/wpt/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt
 This is a testharness.js-based test.
-Found 90 tests; 42 PASS, 48 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 90 tests; 45 PASS, 45 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Basic sanity-checking (cross-origin)
 PASS Basic sanity-checking (same-origin + document.domain)
 PASS Basic sanity-checking (cross-site)
@@ -66,9 +66,9 @@ PASS Cross-origin functions get local Function.prototype (cross-site)
 FAIL Cross-origin Window accessors get local Function.prototype (cross-origin) Cannot read property 'name' of undefined
 FAIL Cross-origin Window accessors get local Function.prototype (same-origin + document.domain) Cannot read property 'name' of undefined
 FAIL Cross-origin Window accessors get local Function.prototype (cross-site) Cannot read property 'name' of undefined
-FAIL Same-origin observers get different functions for cross-origin objects (cross-origin) assert_not_equals: cross-origin Window functions get their own object got disallowed value function "function () { [native code] }"
-FAIL Same-origin observers get different functions for cross-origin objects (same-origin + document.domain) assert_not_equals: cross-origin Window functions get their own object got disallowed value function "function () { [native code] }"
-FAIL Same-origin observers get different functions for cross-origin objects (cross-site) assert_not_equals: cross-origin Window functions get their own object got disallowed value function "function () { [native code] }"
+PASS Same-origin observers get different functions for cross-origin objects (cross-origin)
+PASS Same-origin observers get different functions for cross-origin objects (same-origin + document.domain)
+PASS Same-origin observers get different functions for cross-origin objects (cross-site)
 FAIL Same-origin observers get different accessors for cross-origin Window (cross-origin) assert_not_equals: different Window accessors per-incumbent script settings object got disallowed value undefined
 FAIL Same-origin observers get different accessors for cross-origin Window (same-origin + document.domain) assert_not_equals: different Window accessors per-incumbent script settings object got disallowed value undefined
 FAIL Same-origin observers get different accessors for cross-origin Window (cross-site) assert_not_equals: different Window accessors per-incumbent script settings object got disallowed value undefined