OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. |
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) | 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) |
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
8 * Copyright (C) 2011 Google Inc. All rights reserved. | 8 * Copyright (C) 2011 Google Inc. All rights reserved. |
9 * | 9 * |
10 * Redistribution and use in source and binary forms, with or without | 10 * Redistribution and use in source and binary forms, with or without |
(...skipping 298 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
309 // This is only called by ScriptController::executeScriptIfJavaScriptURL | 309 // This is only called by ScriptController::executeScriptIfJavaScriptURL |
310 // and always contains the result of evaluating a javascript: url. | 310 // and always contains the result of evaluating a javascript: url. |
311 // This is the <iframe src="javascript:'html'"> case. | 311 // This is the <iframe src="javascript:'html'"> case. |
312 void FrameLoader::replaceDocumentWhileExecutingJavaScriptURL(const String& sourc e, Document* ownerDocument) | 312 void FrameLoader::replaceDocumentWhileExecutingJavaScriptURL(const String& sourc e, Document* ownerDocument) |
313 { | 313 { |
314 if (!m_frame->document()->loader()) | 314 if (!m_frame->document()->loader()) |
315 return; | 315 return; |
316 | 316 |
317 // DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL can cause the DocumentLoader to get deref'ed and possible destroyed, | 317 // DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL can cause the DocumentLoader to get deref'ed and possible destroyed, |
318 // so protect it with a RefPtr. | 318 // so protect it with a RefPtr. |
319 RefPtrWillBeRawPtr<DocumentLoader> documentLoader(m_frame->document()->loade r()); | 319 RefPtrWillBeRawPtr<DocumentLoader> documentLoader(m_frame->document()->loade r()); |
haraken
2015/11/16 08:35:59
Nit: It would be better to move this to just above
| |
320 RefPtrWillBeRawPtr<Document> originalDocument(m_frame->document()); | |
320 | 321 |
321 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJavaSc riptURL); | 322 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJavaSc riptURL); |
322 | 323 |
323 // Prepare a DocumentInit before clearing the frame, because it may need to | 324 // Prepare a DocumentInit before clearing the frame, because it may need to |
324 // inherit an aliased security context. | 325 // inherit an aliased security context. |
325 DocumentInit init(m_frame->document()->url(), m_frame); | 326 DocumentInit init(m_frame->document()->url(), m_frame); |
326 init.withNewRegistrationContext(); | 327 init.withNewRegistrationContext(); |
327 | 328 |
328 stopAllLoaders(); | 329 stopAllLoaders(); |
329 m_frame->detachChildren(); | 330 m_frame->detachChildren(); |
330 m_frame->document()->detach(); | 331 m_frame->document()->detach(); |
331 clear(); | 332 clear(); |
332 | 333 |
333 // detachChildren() potentially detaches the frame from the document. The | 334 // detachChildren() potentially detaches the frame from the document. The |
334 // loading cannot continue in that case. | 335 // loading cannot continue in that case. |
335 if (!m_frame->page()) | 336 if (!m_frame->page()) |
336 return; | 337 return; |
337 | 338 |
339 // Detaching plugins in Document::detach() can run a nested message loop, wh ich may have | |
340 // resulted in loading a new, potentially cross-origin document. Cancel the JS URL navigation. | |
341 if (originalDocument != m_frame->document()) | |
dcheng
2015/11/16 08:24:29
I considered two other approaches:
- Checking m_fr
Nate Chapin
2015/11/16 19:16:34
...can we just stop the madness and disable naviga
| |
342 return; | |
343 | |
338 client()->transitionToCommittedForNewPage(); | 344 client()->transitionToCommittedForNewPage(); |
339 documentLoader->replaceDocumentWhileExecutingJavaScriptURL(init, source, own erDocument); | 345 documentLoader->replaceDocumentWhileExecutingJavaScriptURL(init, source, own erDocument); |
340 } | 346 } |
341 | 347 |
342 void FrameLoader::receivedMainResourceRedirect(const KURL& newURL) | 348 void FrameLoader::receivedMainResourceRedirect(const KURL& newURL) |
343 { | 349 { |
344 client()->dispatchDidReceiveServerRedirectForProvisionalLoad(); | 350 client()->dispatchDidReceiveServerRedirectForProvisionalLoad(); |
345 // If a back/forward navigation redirects cross-origin, don't reuse any stat e from the HistoryItem. | 351 // If a back/forward navigation redirects cross-origin, don't reuse any stat e from the HistoryItem. |
346 if (m_provisionalItem && !SecurityOrigin::create(m_provisionalItem->url())-> isSameSchemeHostPort(SecurityOrigin::create(newURL).get())) | 352 if (m_provisionalItem && !SecurityOrigin::create(m_provisionalItem->url())-> isSameSchemeHostPort(SecurityOrigin::create(newURL).get())) |
347 m_provisionalItem.clear(); | 353 m_provisionalItem.clear(); |
(...skipping 1202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1550 // FIXME: We need a way to propagate insecure requests policy flags to | 1556 // FIXME: We need a way to propagate insecure requests policy flags to |
1551 // out-of-process frames. For now, we'll always use default behavior. | 1557 // out-of-process frames. For now, we'll always use default behavior. |
1552 if (!parentFrame->isLocalFrame()) | 1558 if (!parentFrame->isLocalFrame()) |
1553 return nullptr; | 1559 return nullptr; |
1554 | 1560 |
1555 ASSERT(toLocalFrame(parentFrame)->document()); | 1561 ASSERT(toLocalFrame(parentFrame)->document()); |
1556 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ; | 1562 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ; |
1557 } | 1563 } |
1558 | 1564 |
1559 } // namespace blink | 1565 } // namespace blink |
OLD | NEW |