8 files changed, 907 insertions, 0 deletions
diff --git a/Source/WebCore/bindings/generic/ActiveDOMCallback.cpp b/Source/WebCore/bindings/generic/ActiveDOMCallback.cpp
new file mode 100644
index 0000000..bc93de5
--- /dev/null
+++ b/Source/WebCore/bindings/generic/ActiveDOMCallback.cpp
@@ -0,0 +1,142 @@
+/*
+ * Copyright (C) 2010 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ActiveDOMCallback.h"
+
+#include "ActiveDOMObject.h"
+#include "ScriptExecutionContext.h"
+#include <wtf/PassOwnPtr.h>
+#include <wtf/ThreadingPrimitives.h>
+
+namespace WebCore {
+
+static void destroyOnContextThread(PassOwnPtr<ActiveDOMObjectCallbackImpl>);
+
+class DestroyOnContextThreadTask : public ScriptExecutionContext::Task {
+public:
+    static PassOwnPtr<DestroyOnContextThreadTask> create(PassOwnPtr<ActiveDOMObjectCallbackImpl> impl)
+    {
+        return adoptPtr(new DestroyOnContextThreadTask(impl));
+    }
+
+    virtual void performTask(ScriptExecutionContext*)
+    {
+        destroyOnContextThread(m_impl.release());
+    }
+
+private:
+    DestroyOnContextThreadTask(PassOwnPtr<ActiveDOMObjectCallbackImpl> impl)
+        : m_impl(impl)
+    {
+    }
+
+    OwnPtr<ActiveDOMObjectCallbackImpl> m_impl;
+};
+
+class ActiveDOMObjectCallbackImpl : public ActiveDOMObject {
+public:
+    ActiveDOMObjectCallbackImpl(ScriptExecutionContext* context)
+        : ActiveDOMObject(context, this)
+        , m_suspended(false)
+        , m_stopped(false)
+    {
+    }
+
+    virtual void contextDestroyed()
+    {
+        MutexLocker locker(m_mutex);
+        ActiveDOMObject::contextDestroyed();
+    }
+    virtual bool canSuspend() const { return false; }
+    virtual void suspend(ReasonForSuspension)
+    {
+        MutexLocker locker(m_mutex);
+        m_suspended = true;
+    }
+    virtual void resume()
+    {
+        MutexLocker locker(m_mutex);
+        m_suspended = false;
+    }
+    virtual void stop()
+    {
+        MutexLocker locker(m_mutex);
+        m_stopped = true;
+    }
+    bool canInvokeCallback()
+    {
+        MutexLocker locker(m_mutex);
+        return (!m_suspended && !m_stopped);
+    }
+    ScriptExecutionContext* scriptExecutionContext()
+    {
+        MutexLocker locker(m_mutex);
+        return ActiveDOMObject::scriptExecutionContext();
+    }
+    Mutex& mutex() { return m_mutex; }
+
+private:
+    Mutex m_mutex;
+    bool m_suspended;
+    bool m_stopped;
+};
+
+static void destroyOnContextThread(PassOwnPtr<ActiveDOMObjectCallbackImpl> impl)
+{
+    OwnPtr<ActiveDOMObjectCallbackImpl> implOwnPtr = impl;
+
+    ScriptExecutionContext* context = implOwnPtr->scriptExecutionContext();
+    MutexLocker locker(implOwnPtr->mutex());
+    if (context && !context->isContextThread())
+        context->postTask(DestroyOnContextThreadTask::create(implOwnPtr.release()));
+}
+
+ActiveDOMCallback::ActiveDOMCallback(ScriptExecutionContext* context)
+    : m_impl(new ActiveDOMObjectCallbackImpl(context))
+{
+}
+
+ActiveDOMCallback::~ActiveDOMCallback()
+{
+    destroyOnContextThread(m_impl.release());
+}
+
+bool ActiveDOMCallback::canInvokeCallback() const
+{
+    return m_impl->canInvokeCallback();
+}
+
+ScriptExecutionContext* ActiveDOMCallback::scriptExecutionContext() const
+{
+    return m_impl->scriptExecutionContext();
+}
+
+} // namespace WebCore
diff --git a/Source/WebCore/bindings/generic/ActiveDOMCallback.h b/Source/WebCore/bindings/generic/ActiveDOMCallback.h
new file mode 100644
index 0000000..2fe99ab
--- /dev/null
+++ b/Source/WebCore/bindings/generic/ActiveDOMCallback.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2010 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ActiveDOMCallback_h
+#define ActiveDOMCallback_h
+
+#include <wtf/OwnPtr.h>
+
+namespace WebCore {
+
+class ActiveDOMObjectCallbackImpl;
+class ScriptExecutionContext;
+
+// A class that allows callbacks to behave like ActiveDOMObjects, and also
+// be destroyed on the context thread or any other thread.
+class ActiveDOMCallback {
+public:
+    ActiveDOMCallback(ScriptExecutionContext* context);
+    ~ActiveDOMCallback();
+
+    bool canInvokeCallback() const;
+    ScriptExecutionContext* scriptExecutionContext() const;
+
+private:
+    // The ActiveDOMObject part of the callback.
+    OwnPtr<ActiveDOMObjectCallbackImpl> m_impl;
+};
+
+} // namespace WebCore
+
+#endif // ActiveDOMCallback_h
diff --git a/Source/WebCore/bindings/generic/BindingSecurity.h b/Source/WebCore/bindings/generic/BindingSecurity.h
new file mode 100644
index 0000000..8a39800
--- /dev/null
+++ b/Source/WebCore/bindings/generic/BindingSecurity.h
@@ -0,0 +1,156 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * 
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BindingSecurity_h
+#define BindingSecurity_h
+
+#include "BindingSecurityBase.h"
+#include "Element.h"
+#include "Frame.h"
+#include "GenericBinding.h"
+#include "HTMLFrameElementBase.h"
+#include "HTMLNames.h"
+#include "HTMLParserIdioms.h"
+#include "Settings.h"
+
+namespace WebCore {
+
+class DOMWindow;
+class Node;
+
+// Security functions shared by various language bindings.
+template <class Binding>
+class BindingSecurity : public BindingSecurityBase {
+public:
+    // Check if the active execution context can access the target frame.
+    static bool canAccessFrame(State<Binding>*, Frame*, bool reportError);
+
+    // Check if it is safe to access the given node from the
+    // current security context.
+    static bool checkNodeSecurity(State<Binding>*, Node* target);
+
+    static bool allowPopUp(State<Binding>*);
+    static bool allowSettingFrameSrcToJavascriptUrl(State<Binding>*, HTMLFrameElementBase*, String value);
+    static bool allowSettingSrcToJavascriptURL(State<Binding>*, Element*, String name, String value);
+
+    static bool shouldAllowNavigation(State<Binding>*, Frame*);
+
+private:
+    explicit BindingSecurity() {}
+    ~BindingSecurity();
+
+    // Check if the current DOMWindow's security context can access the target
+    // DOMWindow.  This function does not report errors, so most callers should
+    // use canAccessFrame instead.
+    static bool canAccessWindow(State<Binding>*, DOMWindow* target);
+};
+
+// Implementations of templated methods must be in this file.
+
+template <class Binding>
+bool BindingSecurity<Binding>::canAccessWindow(State<Binding>* state,
+                                               DOMWindow* targetWindow)
+{
+    DOMWindow* activeWindow = state->activeWindow();
+    return canAccess(activeWindow, targetWindow);
+}
+
+template <class Binding>
+bool BindingSecurity<Binding>::canAccessFrame(State<Binding>* state,
+                                              Frame* target,
+                                              bool reportError)
+{
+    // The subject is detached from a frame, deny accesses.
+    if (!target)
+        return false;
+
+    if (!canAccessWindow(state, getDOMWindow(target))) {
+        if (reportError)
+            state->immediatelyReportUnsafeAccessTo(target);
+        return false;
+    }
+    return true;
+}
+
+template <class Binding>
+bool BindingSecurity<Binding>::checkNodeSecurity(State<Binding>* state, Node* node)
+{
+    if (!node)
+        return false;
+
+    Frame* target = getFrame(node);
+
+    if (!target)
+        return false;
+
+    return canAccessFrame(state, target, true);
+}
+
+template <class Binding>
+bool BindingSecurity<Binding>::allowPopUp(State<Binding>* state)
+{
+    if (state->processingUserGesture())
+        return true;
+
+    Frame* frame = state->firstFrame();
+    ASSERT(frame);
+    Settings* settings = frame->settings();
+    return settings && settings->javaScriptCanOpenWindowsAutomatically();
+}
+
+template <class Binding>
+bool BindingSecurity<Binding>::allowSettingFrameSrcToJavascriptUrl(State<Binding>* state, HTMLFrameElementBase* frame, String value)
+{
+    if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) {
+        Node* contentDoc = frame->contentDocument();
+        if (contentDoc && !checkNodeSecurity(state, contentDoc))
+            return false;
+    }
+    return true;
+}
+
+template <class Binding>
+bool BindingSecurity<Binding>::allowSettingSrcToJavascriptURL(State<Binding>* state, Element* element, String name, String value)
+{
+    if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"))
+        return allowSettingFrameSrcToJavascriptUrl(state, static_cast<HTMLFrameElementBase*>(element), value);
+    return true;
+}
+
+template <class Binding>
+bool BindingSecurity<Binding>::shouldAllowNavigation(State<Binding>* state, Frame* frame)
+{
+    Frame* activeFrame = state->activeFrame();
+    return activeFrame && activeFrame->loader()->shouldAllowNavigation(frame);
+}
+
+}
+
+#endif // BindingSecurity_h
diff --git a/Source/WebCore/bindings/generic/BindingSecurityBase.cpp b/Source/WebCore/bindings/generic/BindingSecurityBase.cpp
new file mode 100644
index 0000000..1598781
--- /dev/null
+++ b/Source/WebCore/bindings/generic/BindingSecurityBase.cpp
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * 
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "BindingSecurityBase.h"
+
+#include "DOMWindow.h"
+#include "Frame.h"
+#include "SecurityOrigin.h"
+
+namespace WebCore {
+
+DOMWindow* BindingSecurityBase::getDOMWindow(Frame* frame)
+{
+    return frame->domWindow();
+}
+
+Frame* BindingSecurityBase::getFrame(Node* node)
+{
+    return node->document()->frame();
+}
+
+// Same origin policy implementation:
+//
+// Same origin policy prevents JS code from domain A from accessing JS & DOM
+// objects in a different domain B. There are exceptions and several objects
+// are accessible by cross-domain code. For example, the window.frames object
+// is accessible by code from a different domain, but window.document is not.
+//
+// The JS binding code sets security check callbacks on a function template,
+// and accessing instances of the template calls the callback function.
+// The callback function enforces the same origin policy.
+//
+// Callback functions are expensive. Binding code should use a security token
+// string to do fast access checks for the common case where source and target
+// are in the same domain. A security token is a string object that represents
+// the protocol/url/port of a domain.
+//
+// There are special cases where security token matching is not enough.
+// For example, JS can set its domain to a super domain by calling
+// document.setDomain(...). In these cases, the binding code can reset
+// a context's security token to its global object so that the fast access
+// check will always fail.
+
+// Helper to check if the current execution context can access a target frame.
+// First it checks same domain policy using the lexical context.
+//
+// This is equivalent to KJS::Window::allowsAccessFrom(ExecState*).
+bool BindingSecurityBase::canAccess(DOMWindow* activeWindow,
+                                    DOMWindow* targetWindow)
+{
+    ASSERT(targetWindow);
+
+    String message;
+
+    if (activeWindow == targetWindow)
+        return true;
+
+    if (!activeWindow)
+        return false;
+
+    const SecurityOrigin* activeSecurityOrigin = activeWindow->securityOrigin();
+    const SecurityOrigin* targetSecurityOrigin = targetWindow->securityOrigin();
+
+    // We have seen crashes were the security origin of the target has not been
+    // initialized. Defend against that.
+    if (!targetSecurityOrigin)
+        return false;
+
+    if (activeSecurityOrigin->canAccess(targetSecurityOrigin))
+        return true;
+
+    // Allow access to a "about:blank" page if the dynamic context is a
+    // detached context of the same frame as the blank page.
+    if (targetSecurityOrigin->isEmpty() && activeWindow->frame() == targetWindow->frame())
+        return true;
+
+    return false;
+}
+
+} // namespace WebCore
diff --git a/Source/WebCore/bindings/generic/BindingSecurityBase.h b/Source/WebCore/bindings/generic/BindingSecurityBase.h
new file mode 100644
index 0000000..cfa2e99
--- /dev/null
+++ b/Source/WebCore/bindings/generic/BindingSecurityBase.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * 
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BindingSecurityBase_h
+#define BindingSecurityBase_h
+
+namespace WebCore {
+
+class DOMWindow;
+class Frame;
+class Node;
+
+// Helper functions for BindingSecurity that depend on WebCore classes, and
+// thus should not be implemented in BindingSecurity.h, which contains template
+// method definitions.
+class BindingSecurityBase {
+protected:
+    static DOMWindow* getDOMWindow(Frame*);
+    static Frame* getFrame(Node*);
+    static bool canAccess(DOMWindow* active, DOMWindow* target);
+};
+
+}
+
+#endif // BindingSecurityBase_h
diff --git a/Source/WebCore/bindings/generic/GenericBinding.h b/Source/WebCore/bindings/generic/GenericBinding.h
new file mode 100644
index 0000000..d95b1c7
--- /dev/null
+++ b/Source/WebCore/bindings/generic/GenericBinding.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * 
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GenericBinding_h
+#define GenericBinding_h
+
+#include "Frame.h"
+#include "FrameLoader.h"
+
+namespace WebCore {
+
+// Used to instantiate binding templates for any methods shared among all
+// language bindings.
+class GenericBinding {};
+
+// Class to represent execution state for each language binding.
+template <class T>
+class State {};
+
+// Common notion of execution state for language bindings.
+template <>
+class State<GenericBinding> {
+    // Any methods shared across bindings can go here.
+};
+
+template <class Binding>
+KURL completeURL(State<Binding>* state, const String& relativeURL)
+{
+    // For historical reasons, we need to complete the URL using the
+    // dynamic frame.
+    Frame* frame = state->firstFrame();
+    if (!frame)
+        return KURL();
+    return frame->loader()->completeURL(relativeURL);
+}
+
+}
+
+#endif // GenericBinding_h
diff --git a/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.cpp b/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.cpp
new file mode 100644
index 0000000..9a96f22
--- /dev/null
+++ b/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.cpp
@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "RuntimeEnabledFeatures.h"
+
+#include "AbstractDatabase.h"
+#include "MediaPlayer.h"
+#include "SharedWorkerRepository.h"
+#include "WebSocket.h"
+
+#if ENABLE(FILE_SYSTEM)
+#include "AsyncFileSystem.h"
+#endif
+
+namespace WebCore {
+
+bool RuntimeEnabledFeatures::isLocalStorageEnabled = true;
+bool RuntimeEnabledFeatures::isSessionStorageEnabled = true;
+bool RuntimeEnabledFeatures::isWebkitNotificationsEnabled = false;
+bool RuntimeEnabledFeatures::isApplicationCacheEnabled = true;
+bool RuntimeEnabledFeatures::isGeolocationEnabled = true;
+bool RuntimeEnabledFeatures::isIndexedDBEnabled = false;
+bool RuntimeEnabledFeatures::isWebGLEnabled = false;
+bool RuntimeEnabledFeatures::isPushStateEnabled = false;
+bool RuntimeEnabledFeatures::isTouchEnabled = true;
+bool RuntimeEnabledFeatures::isDeviceMotionEnabled = true;
+bool RuntimeEnabledFeatures::isDeviceOrientationEnabled = true;
+bool RuntimeEnabledFeatures::isSpeechInputEnabled = true;
+
+#if ENABLE(XHR_RESPONSE_BLOB)
+bool RuntimeEnabledFeatures::isXHRResponseBlobEnabled = false;
+#endif
+
+#if ENABLE(FILE_SYSTEM)
+bool RuntimeEnabledFeatures::isFileSystemEnabled = false;
+
+bool RuntimeEnabledFeatures::fileSystemEnabled()
+{
+    return isFileSystemEnabled && AsyncFileSystem::isAvailable();
+}
+#endif
+
+#if ENABLE(VIDEO)
+
+bool RuntimeEnabledFeatures::audioEnabled()
+{
+    return MediaPlayer::isAvailable();
+}
+
+bool RuntimeEnabledFeatures::htmlMediaElementEnabled()
+{
+    return MediaPlayer::isAvailable();
+}
+
+bool RuntimeEnabledFeatures::htmlAudioElementEnabled()
+{
+    return MediaPlayer::isAvailable();
+}
+
+bool RuntimeEnabledFeatures::htmlVideoElementEnabled()
+{
+    return MediaPlayer::isAvailable();
+}
+
+bool RuntimeEnabledFeatures::mediaErrorEnabled()
+{
+    return MediaPlayer::isAvailable();
+}
+
+bool RuntimeEnabledFeatures::timeRangesEnabled()
+{
+    return MediaPlayer::isAvailable();
+}
+
+#endif
+
+#if ENABLE(SHARED_WORKERS)
+bool RuntimeEnabledFeatures::sharedWorkerEnabled()
+{
+    return SharedWorkerRepository::isAvailable();
+}
+#endif
+
+#if ENABLE(WEB_SOCKETS)
+bool RuntimeEnabledFeatures::webSocketEnabled()
+{
+    return WebSocket::isAvailable();
+}
+#endif
+
+#if ENABLE(DATABASE)
+bool RuntimeEnabledFeatures::openDatabaseEnabled()
+{
+    return AbstractDatabase::isAvailable();
+}
+
+bool RuntimeEnabledFeatures::openDatabaseSyncEnabled()
+{
+    return AbstractDatabase::isAvailable();
+}
+#endif
+
+} // namespace WebCore
diff --git a/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.h b/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.h
new file mode 100644
index 0000000..343c535
--- /dev/null
+++ b/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.h
@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef RuntimeEnabledFeatures_h
+#define RuntimeEnabledFeatures_h
+
+namespace WebCore {
+
+// A class that stores static enablers for all experimental features. Note that
+// the method names must line up with the JavaScript method they enable for code
+// generation to work properly.
+
+class RuntimeEnabledFeatures {
+public:
+    static void setLocalStorageEnabled(bool isEnabled) { isLocalStorageEnabled = isEnabled; }
+    static bool localStorageEnabled() { return isLocalStorageEnabled; }
+
+    static void setSessionStorageEnabled(bool isEnabled) { isSessionStorageEnabled = isEnabled; }
+    static bool sessionStorageEnabled() { return isSessionStorageEnabled; }
+
+    static void setWebkitNotificationsEnabled(bool isEnabled) { isWebkitNotificationsEnabled = isEnabled; }
+    static bool webkitNotificationsEnabled() { return isWebkitNotificationsEnabled; }
+
+    static void setApplicationCacheEnabled(bool isEnabled) { isApplicationCacheEnabled = isEnabled; }
+    static bool applicationCacheEnabled() { return isApplicationCacheEnabled; }
+
+    static void setGeolocationEnabled(bool isEnabled) { isGeolocationEnabled = isEnabled; }
+    static bool geolocationEnabled() { return isGeolocationEnabled; }
+
+    static void setWebkitIndexedDBEnabled(bool isEnabled) { isIndexedDBEnabled = isEnabled; }
+    static bool webkitIndexedDBEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBCursorEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBDatabaseEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBDatabaseErrorEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBDatabaseExceptionEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBErrorEventEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBEventEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBFactoryEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBIndexEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBKeyRangeEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBObjectStoreEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBRequestEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBSuccessEventEnabled() { return isIndexedDBEnabled; }
+    static bool webkitIDBTransactionEnabled() { return isIndexedDBEnabled; }
+
+#if ENABLE(VIDEO)
+    static bool audioEnabled();
+    static bool htmlMediaElementEnabled();
+    static bool htmlAudioElementEnabled();
+    static bool htmlVideoElementEnabled();
+    static bool mediaErrorEnabled();
+    static bool timeRangesEnabled();
+#endif
+
+#if ENABLE(SHARED_WORKERS)
+    static bool sharedWorkerEnabled();
+#endif
+
+#if ENABLE(WEB_SOCKETS)
+    static bool webSocketEnabled();
+#endif
+
+#if ENABLE(DATABASE)
+    static bool openDatabaseEnabled();
+    static bool openDatabaseSyncEnabled();
+#endif
+
+#if ENABLE(3D_CANVAS) || ENABLE(BLOB)
+    static void setWebGLEnabled(bool isEnabled) { isWebGLEnabled = isEnabled; }
+    static bool arrayBufferEnabled() { return isWebGLEnabled; }
+    static bool int8ArrayEnabled() { return isWebGLEnabled; }
+    static bool uint8ArrayEnabled() { return isWebGLEnabled; }
+    static bool int16ArrayEnabled() { return isWebGLEnabled; }
+    static bool uint16ArrayEnabled() { return isWebGLEnabled; }
+    static bool int32ArrayEnabled() { return isWebGLEnabled; }
+    static bool uint32ArrayEnabled() { return isWebGLEnabled; }
+    static bool float32ArrayEnabled() { return isWebGLEnabled; }
+    static bool dataViewEnabled() { return isWebGLEnabled; }
+    static bool webGLRenderingContextEnabled() { return isWebGLEnabled; }
+    static bool webGLArrayBufferEnabled() { return isWebGLEnabled; }
+    static bool webGLByteArrayEnabled() { return isWebGLEnabled; }
+    static bool webGLUnsignedByteArrayEnabled() { return isWebGLEnabled; }
+    static bool webGLShortArrayEnabled() { return isWebGLEnabled; }
+    static bool webGLUnsignedShortArrayEnabled() { return isWebGLEnabled; }
+    static bool webGLIntArrayEnabled() { return isWebGLEnabled; }
+    static bool webGLUnsignedIntArrayEnabled() { return isWebGLEnabled; }
+    static bool webGLFloatArrayEnabled() { return isWebGLEnabled; }
+    static bool webGLActiveInfoEnabled() { return isWebGLEnabled; }
+    static bool webGLBufferEnabled() { return isWebGLEnabled; }
+    static bool webGLFramebufferEnabled() { return isWebGLEnabled; }
+    static bool webGLProgramEnabled() { return isWebGLEnabled; }
+    static bool webGLRenderbufferEnabled() { return isWebGLEnabled; }
+    static bool webGLShaderEnabled() { return isWebGLEnabled; }
+    static bool webGLTextureEnabled() { return isWebGLEnabled; }
+    static bool webGLUniformLocationEnabled() { return isWebGLEnabled; }
+#endif
+
+    static void setPushStateEnabled(bool isEnabled) { isPushStateEnabled = isEnabled; }
+    static bool pushStateEnabled() { return isPushStateEnabled; }
+    static bool replaceStateEnabled() { return isPushStateEnabled; }
+
+#if ENABLE(TOUCH_EVENTS)
+    static bool touchEnabled() { return isTouchEnabled; }
+    static void setTouchEnabled(bool isEnabled) { isTouchEnabled = isEnabled; }
+    static bool ontouchstartEnabled() { return isTouchEnabled; }
+    static bool ontouchmoveEnabled() { return isTouchEnabled; }
+    static bool ontouchendEnabled() { return isTouchEnabled; }
+    static bool ontouchcancelEnabled() { return isTouchEnabled; }
+    static bool createTouchEnabled() { return isTouchEnabled; }
+    static bool createTouchListEnabled() { return isTouchEnabled; }
+#endif
+
+    static void setDeviceMotionEnabled(bool isEnabled) { isDeviceMotionEnabled = isEnabled; }
+    static bool deviceMotionEnabled() { return isDeviceMotionEnabled; }
+    static bool deviceMotionEventEnabled() { return isDeviceMotionEnabled; }
+    static bool ondevicemotionEnabled() { return isDeviceMotionEnabled; }
+    
+    static void setDeviceOrientationEnabled(bool isEnabled) { isDeviceOrientationEnabled = isEnabled; }
+    static bool deviceOrientationEnabled() { return isDeviceOrientationEnabled; }
+    static bool deviceOrientationEventEnabled() { return isDeviceOrientationEnabled; }
+    static bool ondeviceorientationEnabled() { return isDeviceOrientationEnabled; }
+
+    static void setSpeechInputEnabled(bool isEnabled) { isSpeechInputEnabled = isEnabled; }
+    static bool speechInputEnabled() { return isSpeechInputEnabled; }
+    static bool webkitSpeechEnabled() { return isSpeechInputEnabled; }
+    static bool webkitGrammarEnabled() { return isSpeechInputEnabled; }
+
+#if ENABLE(XHR_RESPONSE_BLOB)
+    static bool xhrResponseBlobEnabled() { return isXHRResponseBlobEnabled; }
+    static void setXHRResponseBlobEnabled(bool isEnabled) { isXHRResponseBlobEnabled = isEnabled; }
+    static bool responseBlobEnabled() { return isXHRResponseBlobEnabled; }
+    static bool asBlobEnabled()  { return isXHRResponseBlobEnabled; }
+#endif
+
+#if ENABLE(FILE_SYSTEM)
+    static bool fileSystemEnabled();
+    static void setFileSystemEnabled(bool isEnabled) { isFileSystemEnabled = isEnabled; }
+#endif
+
+private:
+    // Never instantiate.
+    RuntimeEnabledFeatures() { }
+
+    static bool isLocalStorageEnabled;
+    static bool isSessionStorageEnabled;
+    static bool isWebkitNotificationsEnabled;
+    static bool isApplicationCacheEnabled;
+    static bool isGeolocationEnabled;
+    static bool isIndexedDBEnabled;
+    static bool isWebGLEnabled;
+    static bool isPushStateEnabled;
+    static bool isTouchEnabled;
+    static bool isDeviceMotionEnabled;
+    static bool isDeviceOrientationEnabled;
+    static bool isSpeechInputEnabled;
+#if ENABLE(XHR_RESPONSE_BLOB)
+    static bool isXHRResponseBlobEnabled;
+#endif
+
+#if ENABLE(FILE_SYSTEM)
+    static bool isFileSystemEnabled;
+#endif
+};
+
+} // namespace WebCore
+
+#endif // RuntimeEnabledFeatures_h