Chromium Code Reviews Chromium Code Reviews
Issue 1495013002:
Check for equality of the URL's origin in replaceState/pushState (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 161 | 161 |
| 162 return KURL(document->baseURL(), urlString); | 162 return KURL(document->baseURL(), urlString); |
| 163 } | 163 } |
| 164 | 164 |
| 165 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat ionType, FrameLoadType type, ExceptionState& exceptionState) | 165 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat ionType, FrameLoadType type, ExceptionState& exceptionState) |
| 166 { | 166 { |
| 167 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) | 167 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) |
| 168 return; | 168 return; |
| 169 | 169 |
| 170 KURL fullURL = urlForState(urlString); | 170 KURL fullURL = urlForState(urlString); |
| 171 if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->canRequest (fullURL)) { | 171 Document* document = m_frame->document(); |
| 172 if (!fullURL.isValid() || !document->securityOrigin()->areSamePageUrls(fullU RL, document->url())) { | |
|
Mike West
2015/12/08 13:45:19
If we need a special case for `pushState`/`replace
robwu
2015/12/08 14:06:39
Will do.
| |
| 172 // We can safely expose the URL to JavaScript, as a) no redirection take s place: JavaScript already had this URL, b) JavaScript can only access a same-o rigin History object. | 173 // We can safely expose the URL to JavaScript, as a) no redirection take s place: JavaScript already had this URL, b) JavaScript can only access a same-o rigin History object. |
| 173 exceptionState.throwSecurityError("A history state object with URL '" + fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f rame->document()->securityOrigin()->toString() + "'."); | 174 exceptionState.throwSecurityError("A history state object with URL '" + fullURL.elidedString() + "' cannot be created in a document with origin '" + doc ument->securityOrigin()->toString() + "' and URL '" + document->url().elidedStri ng() + "'."); |
| 174 return; | 175 return; |
| 175 } | 176 } |
| 176 | 177 |
| 177 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig ationHistoryApi, data, restorationType, type); | 178 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig ationHistoryApi, data, restorationType, type); |
| 178 } | 179 } |
| 179 | 180 |
| 180 } // namespace blink | 181 } // namespace blink |
| OLD | NEW |
