blob: fb49f5921bf94e242bac6839665ca40ab731660b [file] [log] [blame]
There are two separate wrappers for V8 here. One is called FXJS, and
it is used by the non-XFA code. The other is called FXJSE, and it is
used only by the XFA code. Additionally FXJSE may request services
from FXJS to bridge the two.
Both the FXJS and FXJSE binding code needs to be replaced by something
saner, perhaps Gin or perhaps some IDL. See
for progress on the issue.
FXJS binds objects by sticking a pointer to a CFXJS_PerObjectData in
the V8 object's internal slot. FXJSE binds objects by sticking a
pointer to either an actual v8 function object or a CFXJSE_HostObject
in the V8 object's internal slot, depending upon whether the object
represents (in some notion) a "class" or an "instance". Also, V8 objects
bound in one library may unexpectedly arrive at the other given a script
that's trying to mess with us.
To distinguish these cases, we use two internal slots for all bound
objects, regardless of the FXJS/FXJSE distinction. Slot 0 is the
tag and contains either:
kPerObjectDataTag for FXJS objects, or
kFXJSEHostObjectTag for FXJSE Host objects, or
kFXJSEProxyObjectTag for a global proxy object under FXJSE, or
One of 4 specific FXJSE_CLASS_DESCRIPTOR globals for FXJSE classes:
Slot 1's contents are determined by these tags:
kPerObjectDataTag means an aligned pointer to CFXJS_PerObjectData.
kFXJSEHostObjectTag means an aligned pointer to CFXJSE_HostObject.
kFXJSEProxyObjectTag means nullptr, and to check the prototype instead.
A FXJSE_CLASS_DESCRIPTOR pointer means to expect an actual v8 function
object (or a string naming that function), and not an aligned pointer.
Because PDFium uses V8 for various unrelated purposes, there may be up to
four v8::Contexts (JS Global Objects) associated with each document. One is
used by FXJS and holds objects as described by the js_api_reference.pdf
specification. The others are used by FXJSE.