问题
I want to change the v8 engine in order to be able to intercept every access to DOM elements. As you know, v8 does not create the DOM tree. The browser creates the DOM tree.
- My question 1: how/where in the v8 source code, the DOM memory structure is delivered to v8.
- How can I do my interception with minimum effort?
回答1:
I can't tell you exactly where the DOM is registered in V8, but I have some hints for you about where you can start your search. First, as the browser creates the DOM, you should also look in the browser, not v8. If you found the spot where the DOM is registered in V8 you'll also see what code in V8 is called for this.
In chromium, Frame is the class that contains a webpage. Throughout its creation, it instantiates a ScriptController object which itself creates a V8DOMWindowShell. The passed in DOMWrapperWorld and its DOMDataStore maintain the mapping from DOM to JS objects.
This doesn't exactly tell you where the DOM is registered in V8 but somewhere around you should find this. Using Eclipse and let it search for references of seemingly interesting methods in the chromium project or list the call hierarchy are good tools for such research.
P.S.: As I'm needing something similar myself, I came across /src/out/Debug/gen/webcore/bindings which is a directory that gets created and filled with all the templates for the DOM objects during compilation of Chromium. You could edit them as you wish and recompile with your changes.
If you find the script that generates them, you could probably attach interceptors for them all at once.
回答2:
The code that registers the DOM elements with V8 is not within the V8 source code, it's in another part of the Chromium source: third_party/WebKit/Source/
There are a few pieces in there which are probably of interest to you:
- core/dom: This directory contains the implementations of the base DOM classes, plus IDL definitions of them which are used to generate the interfaces to V8
- core/html: Same, but for HTML-specific classes
- bindings/scripts: I believe this is where the scripts live which convert the IDL into C source which interfaces with V8 (I haven't looked into this part in much detail)
- bindings/core/v8: This is where the code is which actually calls into V8 to execute scripts, etc
来源:https://stackoverflow.com/questions/12725750/v8-access-to-dom