Merge WebKit at r75315: Initial merge by git.

Change-Id: I570314b346ce101c935ed22a626b48c2af266b84

1 files changed, 623 insertions, 0 deletions

diff --git a/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp b/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
new file mode 100644
index 0000000..328a9c1
--- /dev/null
+++ b/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
@@ -0,0 +1,623 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "V8DOMWindow.h"
+
+#include "Chrome.h"
+#include "DOMTimer.h"
+#include "DOMWindow.h"
+#include "ExceptionCode.h"
+#include "Frame.h"
+#include "FrameLoadRequest.h"
+#include "FrameView.h"
+#include "HTMLCollection.h"
+#include "HTMLDocument.h"
+#include "MediaPlayer.h"
+#include "Page.h"
+#include "PlatformScreen.h"
+#include "ScheduledAction.h"
+#include "ScriptSourceCode.h"
+#include "SerializedScriptValue.h"
+#include "Settings.h"
+#include "SharedWorkerRepository.h"
+#include "Storage.h"
+#include "V8Binding.h"
+#include "V8BindingMacros.h"
+#include "V8BindingState.h"
+#include "V8EventListener.h"
+#include "V8GCForContextDispose.h"
+#include "V8HiddenPropertyName.h"
+#include "V8HTMLAudioElementConstructor.h"
+#include "V8HTMLCollection.h"
+#include "V8HTMLImageElementConstructor.h"
+#include "V8HTMLOptionElementConstructor.h"
+#include "V8MessagePortCustom.h"
+#include "V8Node.h"
+#include "V8Proxy.h"
+#include "V8Utilities.h"
+#if ENABLE(WEB_SOCKETS)
+#include "WebSocket.h"
+#endif
+#include "WindowFeatures.h"
+
+namespace WebCore {
+
+v8::Handle<v8::Value> WindowSetTimeoutImpl(const v8::Arguments& args, bool singleShot)
+{
+    int argumentCount = args.Length();
+
+    if (argumentCount < 1)
+        return v8::Undefined();
+
+    DOMWindow* imp = V8DOMWindow::toNative(args.Holder());
+    ScriptExecutionContext* scriptContext = static_cast<ScriptExecutionContext*>(imp->document());
+
+    if (!scriptContext) {
+        V8Proxy::setDOMException(INVALID_ACCESS_ERR);
+        return v8::Undefined();
+    }
+
+    v8::Handle<v8::Value> function = args[0];
+    WTF::String functionString;
+    if (!function->IsFunction()) {
+        if (function->IsString())
+            functionString = toWebCoreString(function);
+        else {
+            v8::Handle<v8::Value> v8String = function->ToString();
+
+            // Bail out if string conversion failed.
+            if (v8String.IsEmpty())
+                return v8::Undefined();
+
+            functionString = toWebCoreString(v8String);
+        }
+
+        // Don't allow setting timeouts to run empty functions!
+        // (Bug 1009597)
+        if (functionString.length() == 0)
+            return v8::Undefined();
+    }
+
+    int32_t timeout = 0;
+    if (argumentCount >= 2)
+        timeout = args[1]->Int32Value();
+
+    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
+        return v8::Undefined();
+
+    int id;
+    if (function->IsFunction()) {
+        int paramCount = argumentCount >= 2 ? argumentCount - 2 : 0;
+        v8::Local<v8::Value>* params = 0;
+        if (paramCount > 0) {
+            params = new v8::Local<v8::Value>[paramCount];
+            for (int i = 0; i < paramCount; i++)
+                // parameters must be globalized
+                params[i] = args[i+2];
+        }
+
+        // params is passed to action, and released in action's destructor
+        ScheduledAction* action = new ScheduledAction(V8Proxy::context(imp->frame()), v8::Handle<v8::Function>::Cast(function), paramCount, params);
+
+        delete[] params;
+
+        id = DOMTimer::install(scriptContext, action, timeout, singleShot);
+    } else {
+        id = DOMTimer::install(scriptContext, new ScheduledAction(V8Proxy::context(imp->frame()), functionString), timeout, singleShot);
+    }
+
+    // Try to do the idle notification before the timeout expires to get better
+    // use of any idle time. Aim for the middle of the interval for simplicity.
+    if (timeout > 0) {
+        double maximumFireInterval = static_cast<double>(timeout) / 1000 / 2;
+        V8GCForContextDispose::instance().notifyIdleSooner(maximumFireInterval);
+    }
+
+    return v8::Integer::New(id);
+}
+
+v8::Handle<v8::Value> V8DOMWindow::eventAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
+{
+    v8::Handle<v8::Object> holder = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), info.This());
+    if (holder.IsEmpty())
+        return v8::Undefined();
+
+    Frame* frame = V8DOMWindow::toNative(holder)->frame();
+    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true))
+        return v8::Undefined();
+
+    v8::Local<v8::Context> context = V8Proxy::context(frame);
+    if (context.IsEmpty())
+        return v8::Undefined();
+
+    v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event();
+    v8::Handle<v8::Value> jsEvent = context->Global()->GetHiddenValue(eventSymbol);
+    if (jsEvent.IsEmpty())
+        return v8::Undefined();
+    return jsEvent;
+}
+
+void V8DOMWindow::eventAccessorSetter(v8::Local<v8::String> name, v8::Local<v8::Value> value, const v8::AccessorInfo& info)
+{
+    v8::Handle<v8::Object> holder = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), info.This());
+    if (holder.IsEmpty())
+        return;
+
+    Frame* frame = V8DOMWindow::toNative(holder)->frame();
+    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), frame, true))
+        return;
+
+    v8::Local<v8::Context> context = V8Proxy::context(frame);
+    if (context.IsEmpty())
+        return;
+
+    v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event();
+    context->Global()->SetHiddenValue(eventSymbol, value);
+}
+
+v8::Handle<v8::Value> V8DOMWindow::cryptoAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
+{
+    // FIXME: Implement me.
+    return v8::Undefined();
+}
+
+void V8DOMWindow::locationAccessorSetter(v8::Local<v8::String> name, v8::Local<v8::Value> value, const v8::AccessorInfo& info)
+{
+    DOMWindow* imp = V8DOMWindow::toNative(info.Holder());
+    State<V8Binding>* state = V8BindingState::Only();
+
+    DOMWindow* activeWindow = state->activeWindow();
+    if (!activeWindow)
+      return;
+
+    DOMWindow* firstWindow = state->firstWindow();
+    if (!firstWindow)
+      return;
+
+    imp->setLocation(toWebCoreString(value), activeWindow, firstWindow);
+}
+
+void V8DOMWindow::openerAccessorSetter(v8::Local<v8::String> name, v8::Local<v8::Value> value, const v8::AccessorInfo& info)
+{
+    DOMWindow* imp = V8DOMWindow::toNative(info.Holder());
+
+    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
+        return;
+
+    // Opener can be shadowed if it is in the same domain.
+    // Have a special handling of null value to behave
+    // like Firefox. See bug http://b/1224887 & http://b/791706.
+    if (value->IsNull()) {
+        // imp->frame() cannot be null,
+        // otherwise, SameOrigin check would have failed.
+        ASSERT(imp->frame());
+        imp->frame()->loader()->setOpener(0);
+    }
+
+    // Delete the accessor from this object.
+    info.Holder()->Delete(name);
+
+    // Put property on the front (this) object.
+    info.This()->Set(name, value);
+}
+
+#if ENABLE(VIDEO)
+
+v8::Handle<v8::Value> V8DOMWindow::AudioAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
+{
+    DOMWindow* window = V8DOMWindow::toNative(info.Holder());
+    return V8DOMWrapper::getConstructor(&V8HTMLAudioElementConstructor::info, window);
+}
+
+#endif
+
+v8::Handle<v8::Value> V8DOMWindow::ImageAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
+{
+    DOMWindow* window = V8DOMWindow::toNative(info.Holder());
+    return V8DOMWrapper::getConstructor(&V8HTMLImageElementConstructor::info, window);
+}
+
+v8::Handle<v8::Value> V8DOMWindow::OptionAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
+{
+    DOMWindow* window = V8DOMWindow::toNative(info.Holder());
+    return V8DOMWrapper::getConstructor(&V8HTMLOptionElementConstructor::info, window);
+}
+
+v8::Handle<v8::Value> V8DOMWindow::addEventListenerCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.addEventListener()");
+
+    String eventType = toWebCoreString(args[0]);
+    bool useCapture = args[2]->BooleanValue();
+
+    DOMWindow* imp = V8DOMWindow::toNative(args.Holder());
+
+    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
+        return v8::Undefined();
+
+    Document* doc = imp->document();
+
+    if (!doc)
+        return v8::Undefined();
+
+    // FIXME: Check if there is not enough arguments
+    V8Proxy* proxy = V8Proxy::retrieve(imp->frame());
+    if (!proxy)
+        return v8::Undefined();
+
+    RefPtr<EventListener> listener = V8DOMWrapper::getEventListener(args[1], false, ListenerFindOrCreate);
+
+    if (listener) {
+        imp->addEventListener(eventType, listener, useCapture);
+        createHiddenDependency(args.Holder(), args[1], eventListenerCacheIndex);
+    }
+
+    return v8::Undefined();
+}
+
+
+v8::Handle<v8::Value> V8DOMWindow::removeEventListenerCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.removeEventListener()");
+
+    String eventType = toWebCoreString(args[0]);
+    bool useCapture = args[2]->BooleanValue();
+
+    DOMWindow* imp = V8DOMWindow::toNative(args.Holder());
+
+    if (!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), imp->frame(), true))
+        return v8::Undefined();
+
+    Document* doc = imp->document();
+
+    if (!doc)
+        return v8::Undefined();
+
+    V8Proxy* proxy = V8Proxy::retrieve(imp->frame());
+    if (!proxy)
+        return v8::Undefined();
+
+    RefPtr<EventListener> listener = V8DOMWrapper::getEventListener(args[1], false, ListenerFindOnly);
+
+    if (listener) {
+        imp->removeEventListener(eventType, listener.get(), useCapture);
+        removeHiddenDependency(args.Holder(), args[1], eventListenerCacheIndex);
+    }
+
+    return v8::Undefined();
+}
+
+v8::Handle<v8::Value> V8DOMWindow::postMessageCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.postMessage()");
+    DOMWindow* window = V8DOMWindow::toNative(args.Holder());
+
+    DOMWindow* source = V8Proxy::retrieveFrameForCallingContext()->domWindow();
+    ASSERT(source->frame());
+
+    bool didThrow = false;
+    RefPtr<SerializedScriptValue> message = SerializedScriptValue::create(args[0], didThrow);
+    if (didThrow)
+        return v8::Undefined();
+
+    MessagePortArray portArray;
+    String targetOrigin;
+
+    // This function has variable arguments and can either be:
+    //   postMessage(message, port, targetOrigin);
+    // or
+    //   postMessage(message, targetOrigin);
+    v8::TryCatch tryCatch;
+    if (args.Length() > 2) {
+        if (!getMessagePortArray(args[1], portArray))
+            return v8::Undefined();
+        targetOrigin = toWebCoreStringWithNullOrUndefinedCheck(args[2]);
+    } else {
+        targetOrigin = toWebCoreStringWithNullOrUndefinedCheck(args[1]);
+    }
+
+    if (tryCatch.HasCaught())
+        return v8::Undefined();
+
+    ExceptionCode ec = 0;
+    window->postMessage(message.release(), &portArray, targetOrigin, source, ec);
+    return throwError(ec);
+}
+
+// FIXME(fqian): returning string is cheating, and we should
+// fix this by calling toString function on the receiver.
+// However, V8 implements toString in JavaScript, which requires
+// switching context of receiver. I consider it is dangerous.
+v8::Handle<v8::Value> V8DOMWindow::toStringCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.toString()");
+    v8::Handle<v8::Object> domWrapper = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), args.This());
+    if (domWrapper.IsEmpty())
+        return args.This()->ObjectProtoToString();
+    return domWrapper->ObjectProtoToString();
+}
+
+v8::Handle<v8::Value> V8DOMWindow::releaseEventsCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.nop()");
+    return v8::Undefined();
+}
+
+v8::Handle<v8::Value> V8DOMWindow::captureEventsCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.nop()");
+    return v8::Undefined();
+}
+
+class DialogHandler {
+public:
+    explicit DialogHandler(v8::Handle<v8::Value> dialogArguments)
+        : m_dialogArguments(dialogArguments)
+    {
+    }
+
+    void dialogCreated(DOMWindow*);
+    v8::Handle<v8::Value> returnValue() const;
+
+private:
+    v8::Handle<v8::Value> m_dialogArguments;
+    v8::Handle<v8::Context> m_dialogContext;
+};
+
+inline void DialogHandler::dialogCreated(DOMWindow* dialogFrame)
+{
+    m_dialogContext = V8Proxy::context(dialogFrame->frame());
+    if (m_dialogContext.IsEmpty())
+        return;
+    if (m_dialogArguments.IsEmpty())
+        return;
+    v8::Context::Scope scope(m_dialogContext);
+    m_dialogContext->Global()->Set(v8::String::New("dialogArguments"), m_dialogArguments);
+}
+
+inline v8::Handle<v8::Value> DialogHandler::returnValue() const
+{
+    if (m_dialogContext.IsEmpty())
+        return v8::Undefined();
+    v8::Context::Scope scope(m_dialogContext);
+    v8::Handle<v8::Value> returnValue = m_dialogContext->Global()->Get(v8::String::New("returnValue"));
+    if (returnValue.IsEmpty())
+        return v8::Undefined();
+    return returnValue;
+}
+
+static void setUpDialog(DOMWindow* dialog, void* handler)
+{
+    static_cast<DialogHandler*>(handler)->dialogCreated(dialog);
+}
+
+v8::Handle<v8::Value> V8DOMWindow::showModalDialogCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.showModalDialog()");
+    DOMWindow* impl = V8DOMWindow::toNative(args.Holder());
+
+    V8BindingState* state = V8BindingState::Only();
+
+    DOMWindow* activeWindow = state->activeWindow();
+    DOMWindow* firstWindow = state->firstWindow();
+
+    // FIXME: Handle exceptions properly.
+    String urlString = toWebCoreStringWithNullOrUndefinedCheck(args[0]);
+    String dialogFeaturesString = toWebCoreStringWithNullOrUndefinedCheck(args[2]);
+
+    DialogHandler handler(args[1]);
+
+    impl->showModalDialog(urlString, dialogFeaturesString, activeWindow, firstWindow, setUpDialog, &handler);
+
+    return handler.returnValue();
+}
+
+v8::Handle<v8::Value> V8DOMWindow::openCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.open()");
+    DOMWindow* impl = V8DOMWindow::toNative(args.Holder());
+
+    V8BindingState* state = V8BindingState::Only();
+
+    DOMWindow* activeWindow = state->activeWindow();
+    DOMWindow* firstWindow = state->firstWindow();
+
+    // FIXME: Handle exceptions properly.
+    String urlString = toWebCoreStringWithNullOrUndefinedCheck(args[0]);
+    AtomicString frameName = (args[1]->IsUndefined() || args[1]->IsNull()) ? "_blank" : AtomicString(toWebCoreString(args[1]));
+    String windowFeaturesString = toWebCoreStringWithNullOrUndefinedCheck(args[2]);
+
+    RefPtr<DOMWindow> openedWindow = impl->open(urlString, frameName, windowFeaturesString, activeWindow, firstWindow);
+    if (!openedWindow)
+        return v8::Undefined();
+    return toV8(openedWindow.release());
+}
+
+v8::Handle<v8::Value> V8DOMWindow::indexedPropertyGetter(uint32_t index, const v8::AccessorInfo& info)
+{
+    INC_STATS("DOM.DOMWindow.IndexedPropertyGetter");
+
+    DOMWindow* window = V8DOMWindow::toNative(info.Holder());
+    if (!window)
+        return notHandledByInterceptor();
+
+    Frame* frame = window->frame();
+    if (!frame)
+        return notHandledByInterceptor();
+
+    Frame* child = frame->tree()->child(index);
+    if (child)
+        return toV8(child->domWindow());
+
+    return notHandledByInterceptor();
+}
+
+
+v8::Handle<v8::Value> V8DOMWindow::namedPropertyGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
+{
+    INC_STATS("DOM.DOMWindow.NamedPropertyGetter");
+
+    DOMWindow* window = V8DOMWindow::toNative(info.Holder());
+    if (!window)
+        return notHandledByInterceptor();
+
+    Frame* frame = window->frame();
+    // window is detached from a frame.
+    if (!frame)
+        return notHandledByInterceptor();
+
+    // Search sub-frames.
+    AtomicString propName = v8StringToAtomicWebCoreString(name);
+    Frame* child = frame->tree()->child(propName);
+    if (child)
+        return toV8(child->domWindow());
+
+    // Search IDL functions defined in the prototype
+    v8::Handle<v8::Value> result = info.Holder()->GetRealNamedProperty(name);
+    if (!result.IsEmpty())
+        return result;
+
+    // Search named items in the document.
+    Document* doc = frame->document();
+
+    if (doc && doc->isHTMLDocument()) {
+        if (static_cast<HTMLDocument*>(doc)->hasNamedItem(propName.impl()) || doc->hasElementWithId(propName.impl())) {
+            RefPtr<HTMLCollection> items = doc->windowNamedItems(propName);
+            if (items->length() >= 1) {
+                if (items->length() == 1)
+                    return toV8(items->firstItem());
+                return toV8(items.release());
+            }
+        }
+    }
+
+    return notHandledByInterceptor();
+}
+
+
+v8::Handle<v8::Value> V8DOMWindow::setTimeoutCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.setTimeout()");
+    return WindowSetTimeoutImpl(args, true);
+}
+
+
+v8::Handle<v8::Value> V8DOMWindow::setIntervalCallback(const v8::Arguments& args)
+{
+    INC_STATS("DOM.DOMWindow.setInterval()");
+    return WindowSetTimeoutImpl(args, false);
+}
+
+bool V8DOMWindow::namedSecurityCheck(v8::Local<v8::Object> host, v8::Local<v8::Value> key, v8::AccessType type, v8::Local<v8::Value>)
+{
+    v8::Handle<v8::Object> window = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), host);
+    if (window.IsEmpty())
+        return false;  // the frame is gone.
+
+    DOMWindow* targetWindow = V8DOMWindow::toNative(window);
+
+    ASSERT(targetWindow);
+
+    Frame* target = targetWindow->frame();
+    if (!target)
+        return false;
+
+    if (key->IsString()) {
+        String name = toWebCoreString(key);
+        // Notice that we can't call HasRealNamedProperty for ACCESS_HAS
+        // because that would generate infinite recursion.
+        if (type == v8::ACCESS_HAS && target->tree()->child(name))
+            return true;
+        if (type == v8::ACCESS_GET && target->tree()->child(name) && !host->HasRealNamedProperty(key->ToString()))
+            return true;
+    }
+
+    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, false);
+}
+
+bool V8DOMWindow::indexedSecurityCheck(v8::Local<v8::Object> host, uint32_t index, v8::AccessType type, v8::Local<v8::Value>)
+{
+    v8::Handle<v8::Object> window = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), host);
+    if (window.IsEmpty())
+        return false;
+
+    DOMWindow* targetWindow = V8DOMWindow::toNative(window);
+
+    ASSERT(targetWindow);
+
+    Frame* target = targetWindow->frame();
+    if (!target)
+        return false;
+
+    // Notice that we can't call HasRealNamedProperty for ACCESS_HAS
+    // because that would generate infinite recursion.
+    if (type == v8::ACCESS_HAS && target->tree()->child(index))
+        return true;
+    if (type == v8::ACCESS_GET && target->tree()->child(index) && !host->HasRealIndexedProperty(index))
+        return true;
+
+    return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, false);
+}
+
+v8::Handle<v8::Value> toV8(DOMWindow* window)
+{
+    if (!window)
+        return v8::Null();
+    // Initializes environment of a frame, and return the global object
+    // of the frame.
+    Frame* frame = window->frame();
+    if (!frame)
+        return v8::Handle<v8::Object>();
+
+    // Special case: Because of evaluateInIsolatedWorld() one DOMWindow can have
+    // multiple contexts and multiple global objects associated with it. When
+    // code running in one of those contexts accesses the window object, we
+    // want to return the global object associated with that context, not
+    // necessarily the first global object associated with that DOMWindow.
+    v8::Handle<v8::Context> currentContext = v8::Context::GetCurrent();
+    v8::Handle<v8::Object> currentGlobal = currentContext->Global();
+    v8::Handle<v8::Object> windowWrapper = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::GetTemplate(), currentGlobal);
+    if (!windowWrapper.IsEmpty()) {
+        if (V8DOMWindow::toNative(windowWrapper) == window)
+            return currentGlobal;
+    }
+
+    // Otherwise, return the global object associated with this frame.
+    v8::Handle<v8::Context> context = V8Proxy::context(frame);
+    if (context.IsEmpty())
+        return v8::Handle<v8::Object>();
+
+    v8::Handle<v8::Object> global = context->Global();
+    ASSERT(!global.IsEmpty());
+    return global;
+}
+
+} // namespace WebCore