Fix assignment of a javascript: URL to window.location.href...

webkit/port/page/Location.cpp

 // Copyright (c) 2008, Google Inc.
 // All rights reserved.
 // 
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 // 
 //     * Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
@@ skipping 129 matching lines @@
   return href();
 }
 
 #if USE(V8)
 static void navigateIfAllowed(Frame* frame, const KURL& url, bool lock_history)
 {
   if (url.isEmpty())
     return;
 
   Frame* activeFrame = ScriptController::retrieveActiveFrame();
-  if (activeFrame && !url.protocolIs("javascript")) {
+  if (!activeFrame)
+    return;
+  
+  if (!url.protocolIs("javascript") || ScriptController::isSafeScript(frame)) {
     bool user_gesture = activeFrame->script()->processingUserGesture();
     frame->loader()->scheduleLocationChange(url.string(), 
       activeFrame->loader()->outgoingReferrer(), lock_history, user_gesture);
   }
 }
 
 void Location::setHash(const String& hash) {
   if (!m_frame)
     return;
 
@@ skipping 38 matching lines @@
   if (!m_frame)
     return;
 
   Frame* active_frame = ScriptController::retrieveActiveFrame();
   if (!active_frame)
     return;
 
   if (!active_frame->loader()->shouldAllowNavigation(m_frame))
     return;
 
-  // Allows cross domain access except javascript url.
-  if (!parseURL(value).startsWith("javascript:", false) ||
-      ScriptController::isSafeScript(m_frame)) {
-    navigateIfAllowed(m_frame, active_frame->loader()->completeURL(value), false);
-  }
+  navigateIfAllowed(m_frame, active_frame->loader()->completeURL(value), false);
 }
 
 void Location::setPathname(const String& pathname) {
   if (!m_frame)
     return;
 
   KURL url = m_frame->loader()->url();  
   url.setPath(pathname);
 
   navigateIfAllowed(m_frame, url, false);    
@@ skipping 49 matching lines @@
   if (!m_frame)
     return;
 
   Frame* active_frame = ScriptController::retrieveActiveFrame();
   if (!active_frame)
     return;
 
   if (!active_frame->loader()->shouldAllowNavigation(m_frame))
     return;
 
-  // Allows cross domain access except javascript url.
-  if (!parseURL(url).startsWith("javascript:", false) ||
-      ScriptController::isSafeScript(m_frame)) {
-    navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), true);
-  }
+  navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), true);
 }
 
 void Location::assign(const String& url) {
   if (!m_frame) 
     return;
 
   Frame* active_frame = ScriptController::retrieveActiveFrame();
   if (!active_frame)
     return;
 
   if (!active_frame->loader()->shouldAllowNavigation(m_frame))
     return;
 
-  if (!parseURL(url).startsWith("javascript:", false) ||
-      ScriptController::isSafeScript(m_frame)) {
-    navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), false);
-  }
+  navigateIfAllowed(m_frame, active_frame->loader()->completeURL(url), false);
 }
+
 #endif  // USE(V8)
 
-
 }  // namespace WebCore