| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 175 Document* document = m_frame->document(); | 175 Document* document = m_frame->document(); |
| 176 | 176 |
| 177 if (urlString.isNull()) | 177 if (urlString.isNull()) |
| 178 return document->url(); | 178 return document->url(); |
| 179 if (urlString.isEmpty()) | 179 if (urlString.isEmpty()) |
| 180 return document->baseURL(); | 180 return document->baseURL(); |
| 181 | 181 |
| 182 return KURL(document->baseURL(), urlString); | 182 return KURL(document->baseURL(), urlString); |
| 183 } | 183 } |
| 184 | 184 |
| 185 bool History::canChangeToUrl(const KURL& url) | 185 bool History::canChangeToUrl(const KURL& url, SecurityOrigin* documentOrigin, co
nst KURL& documentURL) |
| 186 { | 186 { |
| 187 if (!url.isValid()) | 187 if (!url.isValid()) |
| 188 return false; | 188 return false; |
| 189 | 189 |
| 190 Document* document = m_frame->document(); | 190 if (documentOrigin->isGrantedUniversalAccess()) |
| 191 SecurityOrigin* origin = document->securityOrigin(); | |
| 192 if (origin->isGrantedUniversalAccess()) | |
| 193 return true; | 191 return true; |
| 194 | 192 |
| 195 if (origin->isUnique()) | 193 // We allow sandboxed documents, `data:`/`file:` URLs, etc. to use |
| 196 return false; | 194 // 'pushState'/'replaceState' to modify the URL fragment: see |
| 195 // https://crbug.com/528681 for the compatibility concerns. |
| 196 if (documentOrigin->isUnique() || documentOrigin->isLocal()) |
| 197 return equalIgnoringFragmentIdentifier(url, documentURL); |
| 197 | 198 |
| 198 if (!equalIgnoringPathQueryAndFragment(url, document->url())) | 199 if (!equalIgnoringPathQueryAndFragment(url, documentURL)) |
| 199 return false; | 200 return false; |
| 200 | 201 |
| 201 RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::create(url); | 202 RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::create(url); |
| 202 if (requestedOrigin->isUnique() || !requestedOrigin->isSameSchemeHostPort(or
igin)) | 203 if (requestedOrigin->isUnique() || !requestedOrigin->isSameSchemeHostPort(do
cumentOrigin)) |
| 203 return false; | 204 return false; |
| 204 | 205 |
| 205 return true; | 206 return true; |
| 206 } | 207 } |
| 207 | 208 |
| 208 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat
ionType, FrameLoadType type, ExceptionState& exceptionState) | 209 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat
ionType, FrameLoadType type, ExceptionState& exceptionState) |
| 209 { | 210 { |
| 210 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) | 211 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) |
| 211 return; | 212 return; |
| 212 | 213 |
| 213 KURL fullURL = urlForState(urlString); | 214 KURL fullURL = urlForState(urlString); |
| 214 if (!canChangeToUrl(fullURL)) { | 215 if (!canChangeToUrl(fullURL, m_frame->document()->securityOrigin(), m_frame-
>document()->url())) { |
| 215 // We can safely expose the URL to JavaScript, as a) no redirection take
s place: JavaScript already had this URL, b) JavaScript can only access a same-o
rigin History object. | 216 // We can safely expose the URL to JavaScript, as a) no redirection take
s place: JavaScript already had this URL, b) JavaScript can only access a same-o
rigin History object. |
| 216 exceptionState.throwSecurityError("A history state object with URL '" +
fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f
rame->document()->securityOrigin()->toString() + "' and URL '" + m_frame->docume
nt()->url().elidedString() + "'."); | 217 exceptionState.throwSecurityError("A history state object with URL '" +
fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f
rame->document()->securityOrigin()->toString() + "' and URL '" + m_frame->docume
nt()->url().elidedString() + "'."); |
| 217 return; | 218 return; |
| 218 } | 219 } |
| 219 | 220 |
| 220 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig
ationHistoryApi, data, restorationType, type); | 221 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig
ationHistoryApi, data, restorationType, type); |
| 221 } | 222 } |
| 222 | 223 |
| 223 } // namespace blink | 224 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1632513002:
Add a fragment change exception to history API's unique origin restrictions. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master