OLD | NEW |
1 // Copyright (c) 2008, Google Inc. | 1 // Copyright (c) 2008, Google Inc. |
2 // All rights reserved. | 2 // All rights reserved. |
3 // | 3 // |
4 // Redistribution and use in source and binary forms, with or without | 4 // Redistribution and use in source and binary forms, with or without |
5 // modification, are permitted provided that the following conditions are | 5 // modification, are permitted provided that the following conditions are |
6 // met: | 6 // met: |
7 // | 7 // |
8 // * Redistributions of source code must retain the above copyright | 8 // * Redistributions of source code must retain the above copyright |
9 // notice, this list of conditions and the following disclaimer. | 9 // notice, this list of conditions and the following disclaimer. |
10 // * Redistributions in binary form must reproduce the above | 10 // * Redistributions in binary form must reproduce the above |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
140 return href(); | 140 return href(); |
141 } | 141 } |
142 | 142 |
143 #if USE(V8) | 143 #if USE(V8) |
144 static void navigateIfAllowed(Frame* frame, const KURL& url, bool lock_history) | 144 static void navigateIfAllowed(Frame* frame, const KURL& url, bool lock_history) |
145 { | 145 { |
146 if (url.isEmpty()) | 146 if (url.isEmpty()) |
147 return; | 147 return; |
148 | 148 |
149 Frame* activeFrame = ScriptController::retrieveActiveFrame(); | 149 Frame* activeFrame = ScriptController::retrieveActiveFrame(); |
150 if (activeFrame && !url.protocolIs("javascript")) { | 150 if (!activeFrame) |
| 151 return; |
| 152 |
| 153 if (!url.protocolIs("javascript") || ScriptController::isSafeScript(frame)) { |
151 bool user_gesture = activeFrame->script()->processingUserGesture(); | 154 bool user_gesture = activeFrame->script()->processingUserGesture(); |
152 frame->loader()->scheduleLocationChange(url.string(), | 155 frame->loader()->scheduleLocationChange(url.string(), |
153 activeFrame->loader()->outgoingReferrer(), lock_history, user_gesture); | 156 activeFrame->loader()->outgoingReferrer(), lock_history, user_gesture); |
154 } | 157 } |
155 } | 158 } |
156 | 159 |
157 void Location::setHash(const String& hash) { | 160 void Location::setHash(const String& hash) { |
158 if (!m_frame) | 161 if (!m_frame) |
159 return; | 162 return; |
160 | 163 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
199 if (!m_frame) | 202 if (!m_frame) |
200 return; | 203 return; |
201 | 204 |
202 Frame* active_frame = ScriptController::retrieveActiveFrame(); | 205 Frame* active_frame = ScriptController::retrieveActiveFrame(); |
203 if (!active_frame) | 206 if (!active_frame) |
204 return; | 207 return; |
205 | 208 |
206 if (!active_frame->loader()->shouldAllowNavigation(m_frame)) | 209 if (!active_frame->loader()->shouldAllowNavigation(m_frame)) |
207 return; | 210 return; |
208 | 211 |
209 // Allows cross domain access except javascript url. | 212 navigateIfAllowed(m_frame, active_frame->loader()->completeURL(value), false); |
210 if (!parseURL(value).startsWith("javascript:", false) || | |
211 ScriptController::isSafeScript(m_frame)) { | |
212 navigateIfAllowed(m_frame, active_frame->loader()->completeURL(value), false
); | |
213 } | |
214 } | 213 } |
215 | 214 |
216 void Location::setPathname(const String& pathname) { | 215 void Location::setPathname(const String& pathname) { |
217 if (!m_frame) | 216 if (!m_frame) |
218 return; | 217 return; |
219 | 218 |
220 KURL url = m_frame->loader()->url(); | 219 KURL url = m_frame->loader()->url(); |
221 url.setPath(pathname); | 220 url.setPath(pathname); |
222 | 221 |
223 navigateIfAllowed(m_frame, url, false); | 222 navigateIfAllowed(m_frame, url, false); |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
273 if (!m_frame) | 272 if (!m_frame) |
274 return; | 273 return; |
275 | 274 |
276 Frame* active_frame = ScriptController::retrieveActiveFrame(); | 275 Frame* active_frame = ScriptController::retrieveActiveFrame(); |
277 if (!active_frame) | 276 if (!active_frame) |
278 return; | 277 return; |
279 | 278 |
280 if (!active_frame->loader()->shouldAllowNavigation(m_frame)) | 279 if (!active_frame->loader()->shouldAllowNavigation(m_frame)) |
281 return; | 280 return; |
282 | 281 |
283 // Allows cross domain access except javascript url. | 282 navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), true); |
284 if (!parseURL(url).startsWith("javascript:", false) || | |
285 ScriptController::isSafeScript(m_frame)) { | |
286 navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), true); | |
287 } | |
288 } | 283 } |
289 | 284 |
290 void Location::assign(const String& url) { | 285 void Location::assign(const String& url) { |
291 if (!m_frame) | 286 if (!m_frame) |
292 return; | 287 return; |
293 | 288 |
294 Frame* active_frame = ScriptController::retrieveActiveFrame(); | 289 Frame* active_frame = ScriptController::retrieveActiveFrame(); |
295 if (!active_frame) | 290 if (!active_frame) |
296 return; | 291 return; |
297 | 292 |
298 if (!active_frame->loader()->shouldAllowNavigation(m_frame)) | 293 if (!active_frame->loader()->shouldAllowNavigation(m_frame)) |
299 return; | 294 return; |
300 | 295 |
301 if (!parseURL(url).startsWith("javascript:", false) || | 296 navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), false); |
302 ScriptController::isSafeScript(m_frame)) { | |
303 navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), false); | |
304 } | |
305 } | 297 } |
| 298 |
306 #endif // USE(V8) | 299 #endif // USE(V8) |
307 | 300 |
308 | |
309 } // namespace WebCore | 301 } // namespace WebCore |
OLD | NEW |