v8binding: Makes Location's wrapper objects alive, really.

third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp

 /*
  * Copyright (C) 2009, 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 57 matching lines @@
 
 void V8Window::locationAttributeGetterCustom(
     const v8::PropertyCallbackInfo<v8::Value>& info) {
   v8::Isolate* isolate = info.GetIsolate();
   v8::Local<v8::Object> holder = info.Holder();
 
   DOMWindow* window = V8Window::toImpl(holder);
   Location* location = window->location();
   DCHECK(location);
 
-  // Keep the wrapper object for the return value alive as long as |this|
-  // object is alive in order to save creation time of the wrapper object.
+  // If we have already created a wrapper object in this world, returns it.
   if (DOMDataStore::SetReturnValue(info.GetReturnValue(), location))
     return;
 
   v8::Local<v8::Value> wrapper;
 
   // Note that this check is gated on whether or not |window| is remote, not
   // whether or not |window| is cross-origin. If |window| is local, the
   // |location| property must always return the same wrapper, even if the
   // cross-origin status changes by changing properties like |document.domain|.
   if (window->IsRemoteDOMWindow()) {
     DOMWrapperWorld& world = DOMWrapperWorld::Current(isolate);
     const auto* wrapper_type_info = location->GetWrapperTypeInfo();
     v8::Local<v8::Object> new_wrapper =
         wrapper_type_info->domTemplate(isolate, world)
             ->NewRemoteInstance()
             .ToLocalChecked();
 
     DCHECK(!DOMDataStore::ContainsWrapper(location, isolate));
     wrapper = V8DOMWrapper::AssociateObjectWithWrapper(
         isolate, location, wrapper_type_info, new_wrapper);
   } else {
     wrapper = ToV8(location, holder, isolate);
   }
 
-  // Keep the wrapper object for the return value alive as long as |this|
-  // object is alive in order to save creation time of the wrapper object.
-  //
-  // TODO(dcheng): The hidden reference behavior is broken in many ways. We
-  // should be caching for all DOM attributes. Even if it's not critical for
-  // remote Location objects, we should clean this up to improve
-  // maintainability. In the long-term, this will be superseded by wrapper
-  // tracing.
-  V8PrivateProperty::GetSymbol(isolate, "KeepAlive#Window#location")
-      .Set(holder, wrapper);
-
   V8SetReturnValue(info, wrapper);
 }
 
 void V8Window::eventAttributeGetterCustom(
     const v8::FunctionCallbackInfo<v8::Value>& info) {
   LocalDOMWindow* impl = ToLocalDOMWindow(V8Window::toImpl(info.Holder()));
   v8::Isolate* isolate = info.GetIsolate();
   ExceptionState exception_state(isolate, ExceptionState::kGetterContext,
                                  "Window", "event");
   if (!BindingSecurity::ShouldAllowAccessTo(CurrentDOMWindow(isolate), impl,
@@ skipping 267 matching lines @@
     if (items->HasExactlyOneItem()) {
       V8SetReturnValueFast(info, items->item(0), window);
       return;
     }
     V8SetReturnValueFast(info, items, window);
     return;
   }
 }
 
 }  // namespace blink