Changeset 64991 in webkit

Timestamp:

Aug 9, 2010 10:50:41 AM (14 years ago)

Author:

eric@webkit.org

Message:

2010-08-09 Dominic Cooney <​dominicc@google.com>

Reviewed by Adam Barth.

Moves window.open logic into the generic bindings.

This patch moves window.open logic from V8 into the generic
bindings so it could be shared with JSC. JSC sharing is not in
this patch. This patch is of the same flavor/intent as 33201.

​https://bugs.webkit.org/show_bug.cgi?id=41392

• bindings/generic/BindingDOMWindow.h: (WebCore::::createWindow): (WebCore::::open): (WebCore::::completeURL):
• bindings/generic/BindingSecurity.h: (WebCore::::allowPopUp): (WebCore::::shouldAllowNavigation):
• bindings/v8/V8Binding.h: (WebCore::V8Binding::emptyScriptValue):
• bindings/v8/V8Utilities.cpp: (WebCore::transferHiddenDependency): (WebCore::processingUserGesture): (WebCore::shouldAllowNavigation): (WebCore::completeURL):
• bindings/v8/custom/V8ArrayBufferCustom.cpp:
• bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::V8DOMWindow::showModalDialogCallback): (WebCore::V8DOMWindow::openCallback):
• bindings/v8/specialization/V8BindingState.cpp: (WebCore::::getActiveFrame): (WebCore::::getFirstFrame): (WebCore::::processingUserGesture):
• bindings/v8/specialization/V8BindingState.h: (WebCore::):

Location:

trunk/WebCore

Files:

• ChangeLog (modified) (1 diff)
• bindings/generic/BindingDOMWindow.h (modified) (6 diffs)
• bindings/generic/BindingSecurity.h (modified) (4 diffs)
• bindings/v8/V8Binding.h (modified) (9 diffs)
• bindings/v8/V8Utilities.cpp (modified) (2 diffs)
• bindings/v8/custom/V8ArrayBufferCustom.cpp (modified) (1 diff)
• bindings/v8/custom/V8DOMWindowCustom.cpp (modified) (4 diffs)
• bindings/v8/specialization/V8BindingState.cpp (modified) (5 diffs)
• bindings/v8/specialization/V8BindingState.h (modified) (4 diffs)

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-08-09  Dominic Cooney  <dominicc@google.com>
+
+        Reviewed by Adam Barth.
+
+        Moves window.open logic into the generic bindings.
+
+        This patch moves window.open logic from V8 into the generic
+        bindings so it could be shared with JSC. JSC sharing is not in
+        this patch. This patch is of the same flavor/intent as 33201.
+
+        https://bugs.webkit.org/show_bug.cgi?id=41392
+
+        * bindings/generic/BindingDOMWindow.h:
+        (WebCore::::createWindow):
+        (WebCore::::open):
+        (WebCore::::completeURL):
+        * bindings/generic/BindingSecurity.h:
+        (WebCore::::allowPopUp):
+        (WebCore::::shouldAllowNavigation):
+        * bindings/v8/V8Binding.h:
+        (WebCore::V8Binding::emptyScriptValue):
+        * bindings/v8/V8Utilities.cpp:
+        (WebCore::transferHiddenDependency):
+        (WebCore::processingUserGesture):
+        (WebCore::shouldAllowNavigation):
+        (WebCore::completeURL):
+        * bindings/v8/custom/V8ArrayBufferCustom.cpp:
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::V8DOMWindow::showModalDialogCallback):
+        (WebCore::V8DOMWindow::openCallback):
+        * bindings/v8/specialization/V8BindingState.cpp:
+        (WebCore::::getActiveFrame):
+        (WebCore::::getFirstFrame):
+        (WebCore::::processingUserGesture):
+        * bindings/v8/specialization/V8BindingState.h:
+        (WebCore::):
+
 2010-08-09  Marcus Bulach  <bulach@chromium.org>
 

trunk/WebCore/bindings/generic/BindingDOMWindow.h

@@ -1 +1 @@
 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
- * 
+ *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ -15 +15 @@
  * contributors may be used to endorse or promote products derived from
  * this software without specific prior written permission.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@@ -32 +32 @@
 #define BindingDOMWindow_h
 
+#include "DOMWindow.h"
 #include "Frame.h"
 #include "FrameLoadRequest.h"
+#include "FrameLoader.h"
+#include "FrameView.h"
 #include "GenericBinding.h"
 #include "Page.h"
+#include "PlatformScreen.h"
+#include "ScriptController.h"
 #include "SecurityOrigin.h"
+#include "WindowFeatures.h"
 
 namespace WebCore {
@@ -53 +59 @@
                                const WindowFeatures& windowFeatures,
                                BindingValue dialogArgs);
+
+    static WebCore::DOMWindow* open(State<Binding>*,
+                                    WebCore::DOMWindow* parent,
+                                    const String& url,
+                                    const String& frameName,
+                                    const WindowFeatures& rawFeatures);
+
+    // FIXME: There should be a place for generic binding utilities.
+    static KURL completeURL(State<Binding>*, const String& relativeURL);
+
+private:
+    // Horizontal and vertical offset, from the parent content area,
+    // around newly opened popups that don't specify a location.
+    static const int popupTilePixels = 10;
 };
 
@@ -104 +124 @@
     if (!protocolIsJavaScript(url) || BindingSecurity<Binding>::canAccessFrame(state, newFrame, true)) {
         KURL completedUrl =
-            url.isEmpty() ? KURL(ParsedURLString, "") : completeURL(url);
-        bool userGesture = processingUserGesture();
+            url.isEmpty() ? KURL(ParsedURLString, "") : completeURL(state, url);
+        bool userGesture = state->processingUserGesture();
 
         if (created)
@@ -116 +136 @@
 }
 
+template<class Binding>
+WebCore::DOMWindow* BindingDOMWindow<Binding>::open(State<Binding>* state,
+                                                    WebCore::DOMWindow* parent,
+                                                    const String& urlString,
+                                                    const String& frameName,
+                                                    const WindowFeatures& rawFeatures)
+{
+    Frame* frame = parent->frame();
+
+    if (!BindingSecurity<Binding>::canAccessFrame(state, frame, true))
+        return 0;
+
+    Frame* firstFrame = state->getFirstFrame();
+    if (!firstFrame)
+        return 0;
+
+    Frame* activeFrame = state->getActiveFrame();
+    // We may not have a calling context if we are invoked by a plugin
+    // via NPAPI.
+    if (!activeFrame)
+        activeFrame = firstFrame;
+
+    Page* page = frame->page();
+    if (!page)
+        return 0;
+
+    // Because FrameTree::find() returns true for empty strings, we must check
+    // for empty framenames. Otherwise, illegitimate window.open() calls with
+    // no name will pass right through the popup blocker.
+    if (!BindingSecurity<Binding>::allowPopUp(state)
+        && (frameName.isEmpty() || !frame->tree()->find(frameName))) {
+        return 0;
+    }
+
+    // Get the target frame for the special cases of _top and _parent.
+    // In those cases, we can schedule a location change right now and
+    // return early.
+    bool topOrParent = false;
+    if (frameName == "_top") {
+        frame = frame->tree()->top();
+        topOrParent = true;
+    } else if (frameName == "_parent") {
+        if (Frame* parent = frame->tree()->parent())
+            frame = parent;
+        topOrParent = true;
+    }
+    if (topOrParent) {
+        if (!BindingSecurity<Binding>::shouldAllowNavigation(state, frame))
+            return 0;
+
+        String completedUrl;
+        if (!urlString.isEmpty())
+            completedUrl = completeURL(state, urlString);
+
+        if (!completedUrl.isEmpty()
+            && (!protocolIsJavaScript(completedUrl)
+                || BindingSecurity<Binding>::canAccessFrame(state, frame, true))) {
+            bool userGesture = state->processingUserGesture();
+
+            // For whatever reason, Firefox uses the first frame to determine
+            // the outgoingReferrer.  We replicate that behavior here.
+            String referrer = firstFrame->loader()->outgoingReferrer();
+
+            frame->redirectScheduler()->scheduleLocationChange(completedUrl, referrer, false, false, userGesture);
+        }
+        return frame->domWindow();
+    }
+
+    // In the case of a named frame or a new window, we'll use the
+    // createWindow() helper.
+
+    // Work with a copy of the parsed values so we can restore the
+    // values we may not want to overwrite after we do the multiple
+    // monitor fixes.
+    WindowFeatures windowFeatures(rawFeatures);
+    FloatRect screenRect = screenAvailableRect(page->mainFrame()->view());
+
+    // Set default size and location near parent window if none were specified.
+    // These may be further modified by adjustWindowRect, below.
+    if (!windowFeatures.xSet) {
+        windowFeatures.x = parent->screenX() - screenRect.x() + popupTilePixels;
+        windowFeatures.xSet = true;
+    }
+    if (!windowFeatures.ySet) {
+        windowFeatures.y = parent->screenY() - screenRect.y() + popupTilePixels;
+        windowFeatures.ySet = true;
+    }
+    if (!windowFeatures.widthSet) {
+        windowFeatures.width = parent->innerWidth();
+        windowFeatures.widthSet = true;
+    }
+    if (!windowFeatures.heightSet) {
+        windowFeatures.height = parent->innerHeight();
+        windowFeatures.heightSet = true;
+    }
+
+    FloatRect windowRect(windowFeatures.x, windowFeatures.y, windowFeatures.width, windowFeatures.height);
+
+    // The new window's location is relative to its current screen, so shift
+    // it in case it's on a secondary monitor. See http://b/viewIssue?id=967905.
+    windowRect.move(screenRect.x(), screenRect.y());
+    WebCore::DOMWindow::adjustWindowRect(screenRect, windowRect, windowRect);
+
+    windowFeatures.x = windowRect.x();
+    windowFeatures.y = windowRect.y();
+    windowFeatures.height = windowRect.height();
+    windowFeatures.width = windowRect.width();
+
+    // If either of the origin coordinates or dimensions weren't set
+    // in the original string, make sure they aren't set now.
+    if (!rawFeatures.xSet) {
+        windowFeatures.x = 0;
+        windowFeatures.xSet = false;
+    }
+    if (!rawFeatures.ySet) {
+        windowFeatures.y = 0;
+        windowFeatures.ySet = false;
+    }
+    if (!rawFeatures.widthSet) {
+      windowFeatures.width = 0;
+      windowFeatures.widthSet = false;
+    }
+    if (!rawFeatures.heightSet) {
+      windowFeatures.height = 0;
+      windowFeatures.heightSet = false;
+    }
+
+    frame = createWindow(state, activeFrame, firstFrame, frame, urlString, frameName, windowFeatures, Binding::emptyScriptValue());
+
+    if (!frame)
+        return 0;
+
+    return frame->domWindow();
+}
+
+template <class Binding>
+KURL BindingDOMWindow<Binding>::completeURL(State<Binding>* state,
+                                            const String& relativeURL)
+{
+    // For historical reasons, we need to complete the URL using the
+    // dynamic frame.
+    Frame* frame = state->getFirstFrame();
+    if (!frame)
+        return KURL();
+    return frame->loader()->completeURL(relativeURL);
+}
+
 } // namespace WebCore
 

trunk/WebCore/bindings/generic/BindingSecurity.h

@@ -35 +35 @@
 #include "CSSHelper.h"
 #include "Element.h"
+#include "Frame.h"
 #include "GenericBinding.h"
 #include "HTMLFrameElementBase.h"
 #include "HTMLNames.h"
+#include "Settings.h"
 
 namespace WebCore {
 
 class DOMWindow;
-class Frame;
 class Node;
 
@@ -56 +57 @@
     static bool checkNodeSecurity(State<Binding>*, Node* target);
 
+    static bool allowPopUp(State<Binding>*);
     static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value);
     static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value);
+
+    static bool shouldAllowNavigation(State<Binding>*, Frame*);
 
 private:
@@ -111 +115 @@
 
 template <class Binding>
+bool BindingSecurity<Binding>::allowPopUp(State<Binding>* state)
+{
+    if (state->processingUserGesture())
+        return true;
+
+    Frame* frame = state->getFirstFrame();
+    ASSERT(frame);
+    Settings* settings = frame->settings();
+    return settings && settings->javaScriptCanOpenWindowsAutomatically();
+}
+
+template <class Binding>
 bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value)
 {
@@ -129 +145 @@
 }
 
+template <class Binding>
+bool BindingSecurity<Binding>::shouldAllowNavigation(State<Binding>* state, Frame* frame)
+{
+    Frame* activeFrame = state->getActiveFrame();
+    return activeFrame && activeFrame->loader()->shouldAllowNavigation(frame);
+}
+
 }
 

trunk/WebCore/bindings/v8/V8Binding.h

@@ -1 +1 @@
 /*
 * Copyright (C) 2009 Google Inc. All rights reserved.
-* 
+*
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
-* 
+*
 *     * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
@@ -15 +15 @@
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
-* 
+*
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@@ -41 +41 @@
 
 namespace WebCore {
-    
+
     class EventListener;
     class EventTarget;
@@ -51 +51 @@
         typedef v8::Handle<v8::Value> Value;
         typedef V8BindingDOMWindow DOMWindow;
+
+        static Value emptyScriptValue() { return v8::Local<v8::Value>(); }
     };
     typedef BindingSecurity<V8Binding> V8BindingSecurity;
@@ -153 +155 @@
         return v8ValueToWebCoreString(object);
     }
-    
+
     String toWebCoreString(const v8::Arguments&, int index);
 
@@ -172 +174 @@
 
     String toWebCoreStringWithNullOrUndefinedCheck(v8::Handle<v8::Value> value);
- 
+
     v8::Handle<v8::String> v8UndetectableString(const String& str);
 
@@ -184 +186 @@
 
     v8::Handle<v8::Value> v8DateOrNull(double value);
-    
+
     v8::Persistent<v8::FunctionTemplate> createRawTemplate();
 
     struct BatchedAttribute;
     struct BatchedCallback;
-    
+
     v8::Local<v8::Signature> configureTemplate(v8::Persistent<v8::FunctionTemplate>,
                                                const char* interfaceName,
                                                v8::Persistent<v8::FunctionTemplate> parentClass,
                                                int fieldCount,
-                                               const BatchedAttribute*, 
+                                               const BatchedAttribute*,
                                                size_t attributeCount,
                                                const BatchedCallback*,
                                                size_t callbackCount);
-    
+
     v8::Handle<v8::Value> getElementStringAttr(const v8::AccessorInfo&,
                                                const QualifiedName&);
@@ -205 +207 @@
                               v8::Local<v8::Value>);
 
-    
+
     v8::Persistent<v8::String> getToStringName();
     v8::Persistent<v8::FunctionTemplate> getToStringTemplate();
-    
+
     // V8Parameter is an adapter class that converts V8 values to Strings
     // or AtomicStrings as appropriate, using multiple typecast operators.
@@ -225 +227 @@
         v8::Local<v8::Value> m_v8Object;
     };
-    
+
     template<> inline V8Parameter<DefaultMode>::operator String() { return toWebCoreString(m_v8Object); }
     template<> inline V8Parameter<WithNullCheck>::operator String() { return toWebCoreStringWithNullCheck(m_v8Object); }

trunk/WebCore/bindings/v8/V8Utilities.cpp

@@ -39 +39 @@
 #include "ScriptState.h"
 #include "V8Binding.h"
+#include "V8BindingDOMWindow.h" // FIXME: remove when completeURL moves
+#include "V8BindingState.h"
 #include "V8Proxy.h"
 #include "WorkerContext.h"
@@ -93 +95 @@
         createHiddenDependency(object, newValue, cacheIndex);
 }
-    
 
 bool processingUserGesture()
 {
-    Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
-    return frame && frame->script()->processingUserGesture();
+    return V8BindingState::Only()->processingUserGesture();
 }
 
 Frame* callingOrEnteredFrame()
 {
-    Frame* frame = V8Proxy::retrieveFrameForCallingContext();
-    if (!frame) {
-        // Unfortunately, when processing script from a plug-in, we might not
-        // have a calling context.  In those cases, we fall back to the
-        // entered context for security checks.
-        // FIXME: We need a better API for retrieving frames that abstracts
-        //        away this concern.
-        frame = V8Proxy::retrieveFrameForEnteredContext();
-    }
-    return frame;
+    return V8BindingState::Only()->getActiveFrame();
 }
 
 bool shouldAllowNavigation(Frame* frame)
 {
-    Frame* callingOrEntered = callingOrEnteredFrame();
-    return callingOrEntered && callingOrEntered->loader()->shouldAllowNavigation(frame);
+    return V8BindingSecurity::shouldAllowNavigation(V8BindingState::Only(), frame);
 }
 
 KURL completeURL(const String& relativeURL)
 {
-    // For histoical reasons, we need to complete the URL using the dynamic frame.
-    Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!frame)
-        return KURL();
-    return frame->loader()->completeURL(relativeURL);
+    return V8BindingDOMWindow::completeURL(V8BindingState::Only(), relativeURL);
 }
 

trunk/WebCore/bindings/v8/custom/V8ArrayBufferCustom.cpp

@@ -35 +35 @@
 #include "ArrayBuffer.h"
 
+#include "ExceptionCode.h"
 #include "V8Binding.h"
 #include "V8ArrayBuffer.h"

trunk/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp

@@ -83 +83 @@
 #include "WindowFeatures.h"
 
-// Horizontal and vertical offset, from the parent content area, around newly
-// opened popups that don't specify a location.
-static const int popupTilePixels = 10;
-
 namespace WebCore {
 
@@ -448 +444 @@
         return false;
     return frame->page()->chrome()->canRunModalNow();
-}
-
-static bool allowPopUp()
-{
-    Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
-
-    ASSERT(frame);
-    if (frame->script()->processingUserGesture())
-        return true;
-    Settings* settings = frame->settings();
-    return settings && settings->javaScriptCanOpenWindowsAutomatically();
 }
 
@@ -514 +499 @@
         return v8::Undefined();
 
-    if (!canShowModalDialogNow(frame) || !allowPopUp())
+    if (!canShowModalDialogNow(frame) || !V8BindingSecurity::allowPopUp(V8BindingState::Only()))
         return v8::Undefined();
 
@@ -585 +570 @@
     INC_STATS("DOM.DOMWindow.open()");
 
+    DOMWindow* parent = V8DOMWindow::toNative(args.Holder());
     String urlString = toWebCoreStringWithNullOrUndefinedCheck(args[0]);
     AtomicString frameName = (args[1]->IsUndefined() || args[1]->IsNull()) ? "_blank" : AtomicString(toWebCoreString(args[1]));
-
-    DOMWindow* parent = V8DOMWindow::toNative(args.Holder());
-    Frame* frame = parent->frame();
-
-    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true))
-        return v8::Undefined();
-
-    Frame* enteredFrame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!enteredFrame)
-        return v8::Undefined();
-
-    Frame* callingFrame = V8Proxy::retrieveFrameForCallingContext();
-    // We may not have a calling context if we are invoked by a plugin via NPAPI.
-    if (!callingFrame)
-        callingFrame = enteredFrame;
-
-    Page* page = frame->page();
-    if (!page)
-        return v8::Undefined();
-
-    // Because FrameTree::find() returns true for empty strings, we must check
-    // for empty framenames. Otherwise, illegitimate window.open() calls with
-    // no name will pass right through the popup blocker.
-    if (!allowPopUp() &&
-        (frameName.isEmpty() || !frame->tree()->find(frameName))) {
-        return v8::Undefined();
-    }
-
-    // Get the target frame for the special cases of _top and _parent.  In those
-    // cases, we can schedule a location change right now and return early.
-    bool topOrParent = false;
-    if (frameName == "_top") {
-        frame = frame->tree()->top();
-        topOrParent = true;
-    } else if (frameName == "_parent") {
-        if (Frame* parent = frame->tree()->parent())
-            frame = parent;
-        topOrParent = true;
-    }
-    if (topOrParent) {
-        if (!shouldAllowNavigation(frame))
-            return v8::Undefined();
-
-        String completedUrl;
-        if (!urlString.isEmpty())
-            completedUrl = completeURL(urlString);
-
-        if (!completedUrl.isEmpty() &&
-            (!protocolIsJavaScript(completedUrl) || ScriptController::isSafeScript(frame))) {
-            bool userGesture = processingUserGesture();
-
-            // For whatever reason, Firefox uses the entered frame to determine
-            // the outgoingReferrer.  We replicate that behavior here.
-            String referrer = enteredFrame->loader()->outgoingReferrer();
-
-            frame->redirectScheduler()->scheduleLocationChange(completedUrl, referrer, false, false, userGesture);
-        }
-        return toV8(frame->domWindow());
-    }
-
-    // In the case of a named frame or a new window, we'll use the
-    // createWindow() helper.
-
-    // Parse the values, and then work with a copy of the parsed values
-    // so we can restore the values we may not want to overwrite after
-    // we do the multiple monitor fixes.
     WindowFeatures rawFeatures(toWebCoreStringWithNullOrUndefinedCheck(args[2]));
-    WindowFeatures windowFeatures(rawFeatures);
-    FloatRect screenRect = screenAvailableRect(page->mainFrame()->view());
-
-    // Set default size and location near parent window if none were specified.
-    // These may be further modified by adjustWindowRect, below.
-    if (!windowFeatures.xSet) {
-        windowFeatures.x = parent->screenX() - screenRect.x() + popupTilePixels;
-        windowFeatures.xSet = true;
-    }
-    if (!windowFeatures.ySet) {
-        windowFeatures.y = parent->screenY() - screenRect.y() + popupTilePixels;
-        windowFeatures.ySet = true;
-    }
-    if (!windowFeatures.widthSet) {
-        windowFeatures.width = parent->innerWidth();
-        windowFeatures.widthSet = true;
-    }
-    if (!windowFeatures.heightSet) {
-        windowFeatures.height = parent->innerHeight();
-        windowFeatures.heightSet = true;
-    }
-
-    FloatRect windowRect(windowFeatures.x, windowFeatures.y, windowFeatures.width, windowFeatures.height);
-
-    // The new window's location is relative to its current screen, so shift
-    // it in case it's on a secondary monitor. See http://b/viewIssue?id=967905.
-    windowRect.move(screenRect.x(), screenRect.y());
-    WebCore::DOMWindow::adjustWindowRect(screenRect, windowRect, windowRect);
-
-    windowFeatures.x = windowRect.x();
-    windowFeatures.y = windowRect.y();
-    windowFeatures.height = windowRect.height();
-    windowFeatures.width = windowRect.width();
-
-    // If either of the origin coordinates or dimensions weren't set in the original
-    // string, make sure they aren't set now.
-    if (!rawFeatures.xSet) {
-        windowFeatures.x = 0;
-        windowFeatures.xSet = false;
-    }
-    if (!rawFeatures.ySet) {
-        windowFeatures.y = 0;
-        windowFeatures.ySet = false;
-    }
-    if (!rawFeatures.widthSet) {
-      windowFeatures.width = 0;
-      windowFeatures.widthSet = false;
-    }
-    if (!rawFeatures.heightSet) {
-      windowFeatures.height = 0;
-      windowFeatures.heightSet = false;
-    }
-
-    frame = V8BindingDOMWindow::createWindow(V8BindingState::Only(), callingFrame, enteredFrame, frame, urlString, frameName, windowFeatures, v8::Local<v8::Value>());
-
-    if (!frame)
-        return v8::Undefined();
-
-    return toV8(frame->domWindow());
+    DOMWindow* child = V8BindingDOMWindow::open(V8BindingState::Only(), parent, urlString, frameName, rawFeatures);
+
+    if (!child)
+        return v8::Undefined();
+
+    return toV8(child);
 }
 

trunk/WebCore/bindings/v8/specialization/V8BindingState.cpp

@@ -1 +1 @@
 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
- * 
+ *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ -15 +15 @@
  * contributors may be used to endorse or promote products derived from
  * this software without specific prior written permission.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@@ -32 +32 @@
 #include "V8BindingState.h"
 
+#include "Frame.h"
+#include "ScriptController.h"
 #include "V8Proxy.h"
 #include <wtf/StdLibExtras.h>
@@ -54 +56 @@
 }
 
+Frame* State<V8Binding>::getActiveFrame()
+{
+    Frame* frame = V8Proxy::retrieveFrameForCallingContext();
+    if (!frame) {
+        // Unfortunately, when processing script from a plug-in, we might not
+        // have a calling context.  In those cases, we fall back to the
+        // entered context for security checks.
+        // FIXME: We need a better API for retrieving frames that abstracts
+        //        away this concern.
+        frame = V8Proxy::retrieveFrameForEnteredContext();
+    }
+    return frame;
+}
+
+Frame* State<V8Binding>::getFirstFrame()
+{
+    return V8Proxy::retrieveFrameForEnteredContext();
+}
+
 void State<V8Binding>::immediatelyReportUnsafeAccessTo(Frame* target)
 {
@@ -59 +80 @@
 }
 
+bool State<V8Binding>::processingUserGesture()
+{
+    Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
+    return frame && frame->script()->processingUserGesture();
+}
+
 } // namespace WebCore

trunk/WebCore/bindings/v8/specialization/V8BindingState.h

@@ -1 +1 @@
 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
- * 
+ *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ -15 +15 @@
  * contributors may be used to endorse or promote products derived from
  * this software without specific prior written permission.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@@ -37 +37 @@
 namespace WebCore {
 
+class Frame;
+
 // Singleton implementation of State<V8Binding>.  Uses V8's global data
 // structures to return information about relevant execution state.
@@ -45 +47 @@
     static State* Only();
 
+    // Reports an error message (without delay) if the security check fails.
+    static void immediatelyReportUnsafeAccessTo(Frame*);
+
     // The DOMWindow corresponding to the 'calling context' of execution.
     DOMWindow* getActiveWindow();
 
-    // Reports an error message (without delay) if the security check fails.
-    static void immediatelyReportUnsafeAccessTo(Frame*);
+    // The frame corresponding to the 'calling context' of execution.
+    Frame* getActiveFrame();
+
+    // The first frame in which execution entered user script.
+    Frame* getFirstFrame();
+
+    bool processingUserGesture();
 
 private: