I'm looking to fix https://webkit.org/b/43504, such that accessing window.location.href (and other properties) across domains will throw a SECURITY_ERR exception, to conform with the HTML5 spec. The most obvious place to do this in the Chrome V8 bindings is inside the failed access check callback that's registered here:
http://trac.webkit.org/browser/trunk/WebCore/bindings/v8/V8DOMWindowShell.cpp#L267 However, when I try to add a call to V8Proxy::setDomException (source at http://trac.webkit.org/browser/trunk/WebCore/bindings/v8/V8Proxy.cpp#L679, that ends up calling v8::ThrowException), this assert in heap-inl.h ends up firing: http://code.google.com/p/v8/source/browse/trunk/src/heap-inl.h#54 This is because the invocation of the failed access check callback that happens in Top::ReportFailedAccessCheck ( http://code.google.com/p/v8/source/browse/trunk/src/top.cc#546) has a "AssertNoAllocation no_gc" variable, with the comment "// The callers of this method are not expecting a GC." I was wondering what the logic was behind that comment, and if you had any suggestions for alternatives? In places where Top::ReportFailedAccessCheck is called, it looks like allocations happen around there too (e.g. in the GetPropertyWithCallback call above http://code.google.com/p/v8/source/browse/trunk/src/objects.cc#273). One option I looked into was turning off v8-level access checks and then writing custom getters that contained the access check and exception throwing. While that worked, that led to a significant increase in custom binding code, and seemed error-prone (since the security checks were not done automatically, so it'd be easy to miss adding one when creating a new custom getter). I was hoping I could set a "should throw an exception" flag inside the failed access check, but I didn't see an obvious place where I could hook into to actually throw it and still be in the context of executing the same statement. Thanks, Mihai -- v8-users mailing list [email protected] http://groups.google.com/group/v8-users
