| Index: WebCore/page/History.cpp
|
| ===================================================================
|
| --- WebCore/page/History.cpp (revision 55463)
|
| +++ WebCore/page/History.cpp (working copy)
|
| @@ -86,14 +86,7 @@
|
| if (urlString.isEmpty())
|
| return baseURL;
|
|
|
| - KURL absoluteURL(baseURL, urlString);
|
| - if (!absoluteURL.isValid())
|
| - return KURL();
|
| -
|
| - if (absoluteURL.string().left(absoluteURL.pathStart()) != baseURL.string().left(baseURL.pathStart()))
|
| - return KURL();
|
| -
|
| - return absoluteURL;
|
| + return KURL(baseURL, urlString);
|
| }
|
|
|
| void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& title, const String& urlString, StateObjectType stateObjectType, ExceptionCode& ec)
|
| @@ -102,7 +95,8 @@
|
| return;
|
|
|
| KURL fullURL = urlForState(urlString);
|
| - if (!fullURL.isValid()) {
|
| + RefPtr<SecurityOrigin> origin = SecurityOrigin::create(fullURL);
|
| + if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->isSameSchemeHostPort(origin.get())) {
|
| ec = SECURITY_ERR;
|
| return;
|
| }
|
|
|
Chromium Code Reviews
Issue 3106001:
Merge 64077 - 2010-07-26 Justin Schuh <jschuh@chromium.org>... (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/WebKit/375/