OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
161 | 161 |
162 return KURL(document->baseURL(), urlString); | 162 return KURL(document->baseURL(), urlString); |
163 } | 163 } |
164 | 164 |
165 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat ionType, FrameLoadType type, ExceptionState& exceptionState) | 165 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat ionType, FrameLoadType type, ExceptionState& exceptionState) |
166 { | 166 { |
167 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) | 167 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) |
168 return; | 168 return; |
169 | 169 |
170 KURL fullURL = urlForState(urlString); | 170 KURL fullURL = urlForState(urlString); |
171 if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->canRequest (fullURL)) { | 171 Document* document = m_frame->document(); |
172 if (!fullURL.isValid() || !document->securityOrigin()->areSamePageUrls(fullU RL, document->url())) { | |
Mike West
2015/12/08 13:45:19
If we need a special case for `pushState`/`replace
robwu
2015/12/08 14:06:39
Will do.
| |
172 // We can safely expose the URL to JavaScript, as a) no redirection take s place: JavaScript already had this URL, b) JavaScript can only access a same-o rigin History object. | 173 // We can safely expose the URL to JavaScript, as a) no redirection take s place: JavaScript already had this URL, b) JavaScript can only access a same-o rigin History object. |
173 exceptionState.throwSecurityError("A history state object with URL '" + fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f rame->document()->securityOrigin()->toString() + "'."); | 174 exceptionState.throwSecurityError("A history state object with URL '" + fullURL.elidedString() + "' cannot be created in a document with origin '" + doc ument->securityOrigin()->toString() + "' and URL '" + document->url().elidedStri ng() + "'."); |
174 return; | 175 return; |
175 } | 176 } |
176 | 177 |
177 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig ationHistoryApi, data, restorationType, type); | 178 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig ationHistoryApi, data, restorationType, type); |
178 } | 179 } |
179 | 180 |
180 } // namespace blink | 181 } // namespace blink |
OLD | NEW |