third_party/WebKit/Source/core/loader/FrameLoader.cpp - Issue 1444183003: Cancel javascript: URL navigations if the frame was navigated.

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 1444183003: Cancel javascript: URL navigations if the frame was navigated. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Approach #3 Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.	2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.

3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)	3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)

4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)	4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)

5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>	5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>

6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.	6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.

7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>	7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>

8 * Copyright (C) 2011 Google Inc. All rights reserved.	8 * Copyright (C) 2011 Google Inc. All rights reserved.

9 *	9 *

10 * Redistribution and use in source and binary forms, with or without	10 * Redistribution and use in source and binary forms, with or without

(...skipping 298 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
309 // This is only called by ScriptController::executeScriptIfJavaScriptURL	309 // This is only called by ScriptController::executeScriptIfJavaScriptURL

310 // and always contains the result of evaluating a javascript: url.	310 // and always contains the result of evaluating a javascript: url.

311 // This is the <iframe src="javascript:'html'"> case.	311 // This is the <iframe src="javascript:'html'"> case.

312 void FrameLoader::replaceDocumentWhileExecutingJavaScriptURL(const String& sourc e, Document* ownerDocument)	312 void FrameLoader::replaceDocumentWhileExecutingJavaScriptURL(const String& sourc e, Document* ownerDocument)

313 {	313 {

314 if (!m_frame->document()->loader())	314 if (!m_frame->document()->loader())

315 return;	315 return;

316	316

317 // DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL can cause the DocumentLoader to get deref'ed and possible destroyed,	317 // DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL can cause the DocumentLoader to get deref'ed and possible destroyed,

318 // so protect it with a RefPtr.	318 // so protect it with a RefPtr.

319 RefPtrWillBeRawPtr<DocumentLoader> documentLoader(m_frame->document()->loade r());	319 RefPtrWillBeRawPtr<DocumentLoader> documentLoader(m_frame->document()->loade r());
	haraken 2015/11/16 08:35:59 Nit: It would be better to move this to just above Nit: It would be better to move this to just above documentLoader->replaceDocumentWhileExecutingJavaScriptURL.
	320 RefPtrWillBeRawPtr<Document> originalDocument(m_frame->document());

320	321

321 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJavaSc riptURL);	322 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJavaSc riptURL);

322	323

323 // Prepare a DocumentInit before clearing the frame, because it may need to	324 // Prepare a DocumentInit before clearing the frame, because it may need to

324 // inherit an aliased security context.	325 // inherit an aliased security context.

325 DocumentInit init(m_frame->document()->url(), m_frame);	326 DocumentInit init(m_frame->document()->url(), m_frame);

326 init.withNewRegistrationContext();	327 init.withNewRegistrationContext();

327	328

328 stopAllLoaders();	329 stopAllLoaders();

329 m_frame->detachChildren();	330 m_frame->detachChildren();

330 m_frame->document()->detach();	331 m_frame->document()->detach();

331 clear();	332 clear();

332	333

333 // detachChildren() potentially detaches the frame from the document. The	334 // detachChildren() potentially detaches the frame from the document. The

334 // loading cannot continue in that case.	335 // loading cannot continue in that case.

335 if (!m_frame->page())	336 if (!m_frame->page())

336 return;	337 return;

337	338

	339 // Detaching plugins in Document::detach() can run a nested message loop, wh ich may have

	340 // resulted in loading a new, potentially cross-origin document. Cancel the JS URL navigation.

	341 if (originalDocument != m_frame->document())
	dcheng 2015/11/16 08:24:29 I considered two other approaches: - Checking m_fr I considered two other approaches: - Checking m_frame->document()->loader() == documentLoader: this breaks javascript: URL navigation in the initial empty document case. - ownerDocument != m_frame->document(): this doesn't work if another Document other than this one initiated the JS url navigation Nate Chapin 2015/11/16 19:16:34 ...can we just stop the madness and disable naviga Show quoted text On 2015/11/16 08:24:29, dcheng wrote: > I considered two other approaches: > - Checking m_frame->document()->loader() == documentLoader: this breaks > javascript: URL navigation in the initial empty document case. > - ownerDocument != m_frame->document(): this doesn't work if another Document > other than this one initiated the JS url navigation ...can we just stop the madness and disable navigation inside detach? What does that break?
	342 return;

	343

338 client()->transitionToCommittedForNewPage();	344 client()->transitionToCommittedForNewPage();

339 documentLoader->replaceDocumentWhileExecutingJavaScriptURL(init, source, own erDocument);	345 documentLoader->replaceDocumentWhileExecutingJavaScriptURL(init, source, own erDocument);

340 }	346 }

341	347

342 void FrameLoader::receivedMainResourceRedirect(const KURL& newURL)	348 void FrameLoader::receivedMainResourceRedirect(const KURL& newURL)

343 {	349 {

344 client()->dispatchDidReceiveServerRedirectForProvisionalLoad();	350 client()->dispatchDidReceiveServerRedirectForProvisionalLoad();

345 // If a back/forward navigation redirects cross-origin, don't reuse any stat e from the HistoryItem.	351 // If a back/forward navigation redirects cross-origin, don't reuse any stat e from the HistoryItem.

346 if (m_provisionalItem && !SecurityOrigin::create(m_provisionalItem->url())-> isSameSchemeHostPort(SecurityOrigin::create(newURL).get()))	352 if (m_provisionalItem && !SecurityOrigin::create(m_provisionalItem->url())-> isSameSchemeHostPort(SecurityOrigin::create(newURL).get()))

347 m_provisionalItem.clear();	353 m_provisionalItem.clear();

(...skipping 1202 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1550 // FIXME: We need a way to propagate insecure requests policy flags to	1556 // FIXME: We need a way to propagate insecure requests policy flags to

1551 // out-of-process frames. For now, we'll always use default behavior.	1557 // out-of-process frames. For now, we'll always use default behavior.

1552 if (!parentFrame->isLocalFrame())	1558 if (!parentFrame->isLocalFrame())

1553 return nullptr;	1559 return nullptr;

1554	1560

1555 ASSERT(toLocalFrame(parentFrame)->document());	1561 ASSERT(toLocalFrame(parentFrame)->document());

1556 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ;	1562 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ;

1557 }	1563 }

1558	1564

1559 } // namespace blink	1565 } // namespace blink

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »