上篇说到一个很重要的函数initContextIfNeeded,这里专门来分析下这个函数:
// Create a new environment and setup the global object.//// The global object corresponds to a DOMWindow instance. However, to// allow properties of the JS DOMWindow instance to be shadowed, we// use a shadow object as the global object and use the JS DOMWindow// instance as the prototype for that shadow object. The JS DOMWindow// instance is undetectable from javascript code because the __proto__// accessors skip that object.//// The shadow object and the DOMWindow instance are seen as one object// from javascript. The javascript object that corresponds to a// DOMWindow instance is the shadow object. When mapping a DOMWindow// instance to a V8 object, we return the shadow object.//// To implement split-window, see// 1) https://bugs.webkit.org/show_bug.cgi?id=17249// 2) https://wiki.mozilla.org/Gecko:SplitWindow// 3) https://bugzilla.mozilla.org/show_bug.cgi?id=296639// we need to split the shadow object further into two objects:// an outer window and an inner window. The inner window is the hidden// prototype of the outer window. The inner window is the default// global object of the context. A variable declared in the global// scope is a property of the inner window.//// The outer window sticks to a Frame, it is exposed to JavaScript// via window.window, window.self, window.parent, etc. The outer window// has a security token which is the domain. The outer window cannot// have its own properties. window.foo = ‘x’ is delegated to the// inner window.//// When a frame navigates to a new page, the inner window is cut off// the outer window, and the outer window identify is preserved for// the frame. However, a new inner window is created for the new page.// If there are JS code holds a closure to the old inner window,// it won’t be able to reach the outer window via its global object.bool V8DOMWindowShell::initContextIfNeeded(){ // Bail out if the context has already been initialized. if (!m_context.IsEmpty()) return false; // Create a handle scope for all local handles. v8::HandleScope handleScope; // Setup the security handlers and message listener. This only has // to be done once. static bool isV8Initialized = false; if (!isV8Initialized) { // Tells V8 not to call the default OOM handler, binding code // will handle it. v8::V8::IgnoreOutOfMemoryException(); v8::V8::SetFatalErrorHandler(reportFatalErrorInV8); v8::V8::SetGlobalGCPrologueCallback(&V8GCController::gcPrologue); v8::V8::SetGlobalGCEpilogueCallback(&V8GCController::gcEpilogue); v8::V8::AddMessageListener(&v8UncaughtExceptionHandler); v8::V8::SetFailedAccessCheckCallbackFunction(reportUnsafeJavaScriptAccess);#if ENABLE(JAVASCRIPT_DEBUGGER) ScriptProfiler::initialize();#endif isV8Initialized = true; } m_context = createNewContext(m_global, 0); if (m_context.IsEmpty()) return false; v8::Local<v8::Context> v8Context = v8::Local<v8::Context>::New(m_context); v8::Context::Scope contextScope(v8Context); // Store the first global object created so we can reuse it. if (m_global.IsEmpty()) { m_global = v8::Persistent<v8::Object>::New(v8Context->Global()); // Bail out if allocation of the first global objects fails. if (m_global.IsEmpty()) { disposeContextHandles(); return false; }#ifndef NDEBUG V8GCController::registerGlobalHandle(PROXY, this, m_global);#endif } if (!installHiddenObjectPrototype(v8Context)) { disposeContextHandles(); return false; } if (!installDOMWindow(v8Context, m_frame->domWindow())) { disposeContextHandles(); return false; } updateDocument();
setSecurityToken();
我想有一天和你去旅行。去那没有去过的地方,
