OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
175 Document* document = m_frame->document(); | 175 Document* document = m_frame->document(); |
176 | 176 |
177 if (urlString.isNull()) | 177 if (urlString.isNull()) |
178 return document->url(); | 178 return document->url(); |
179 if (urlString.isEmpty()) | 179 if (urlString.isEmpty()) |
180 return document->baseURL(); | 180 return document->baseURL(); |
181 | 181 |
182 return KURL(document->baseURL(), urlString); | 182 return KURL(document->baseURL(), urlString); |
183 } | 183 } |
184 | 184 |
185 bool History::canChangeToUrl(const KURL& url) | 185 bool History::canChangeToUrl(const KURL& url, SecurityOrigin* documentOrigin, co
nst KURL& documentURL) |
186 { | 186 { |
187 if (!url.isValid()) | 187 if (!url.isValid()) |
188 return false; | 188 return false; |
189 | 189 |
190 Document* document = m_frame->document(); | 190 if (documentOrigin->isGrantedUniversalAccess()) |
191 SecurityOrigin* origin = document->securityOrigin(); | |
192 if (origin->isGrantedUniversalAccess()) | |
193 return true; | 191 return true; |
194 | 192 |
195 if (origin->isUnique()) | 193 // We allow sandboxed documents, `data:`/`file:` URLs, etc. to use |
196 return false; | 194 // 'pushState'/'replaceState' to modify the URL fragment: see |
| 195 // https://crbug.com/528681 for the compatibility concerns. |
| 196 if (documentOrigin->isUnique() || documentOrigin->isLocal()) |
| 197 return equalIgnoringFragmentIdentifier(url, documentURL); |
197 | 198 |
198 if (!equalIgnoringPathQueryAndFragment(url, document->url())) | 199 if (!equalIgnoringPathQueryAndFragment(url, documentURL)) |
199 return false; | 200 return false; |
200 | 201 |
201 RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::create(url); | 202 RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::create(url); |
202 if (requestedOrigin->isUnique() || !requestedOrigin->isSameSchemeHostPort(or
igin)) | 203 if (requestedOrigin->isUnique() || !requestedOrigin->isSameSchemeHostPort(do
cumentOrigin)) |
203 return false; | 204 return false; |
204 | 205 |
205 return true; | 206 return true; |
206 } | 207 } |
207 | 208 |
208 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat
ionType, FrameLoadType type, ExceptionState& exceptionState) | 209 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat
ionType, FrameLoadType type, ExceptionState& exceptionState) |
209 { | 210 { |
210 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) | 211 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) |
211 return; | 212 return; |
212 | 213 |
213 KURL fullURL = urlForState(urlString); | 214 KURL fullURL = urlForState(urlString); |
214 if (!canChangeToUrl(fullURL)) { | 215 if (!canChangeToUrl(fullURL, m_frame->document()->securityOrigin(), m_frame-
>document()->url())) { |
215 // We can safely expose the URL to JavaScript, as a) no redirection take
s place: JavaScript already had this URL, b) JavaScript can only access a same-o
rigin History object. | 216 // We can safely expose the URL to JavaScript, as a) no redirection take
s place: JavaScript already had this URL, b) JavaScript can only access a same-o
rigin History object. |
216 exceptionState.throwSecurityError("A history state object with URL '" +
fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f
rame->document()->securityOrigin()->toString() + "' and URL '" + m_frame->docume
nt()->url().elidedString() + "'."); | 217 exceptionState.throwSecurityError("A history state object with URL '" +
fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f
rame->document()->securityOrigin()->toString() + "' and URL '" + m_frame->docume
nt()->url().elidedString() + "'."); |
217 return; | 218 return; |
218 } | 219 } |
219 | 220 |
220 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig
ationHistoryApi, data, restorationType, type); | 221 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig
ationHistoryApi, data, restorationType, type); |
221 } | 222 } |
222 | 223 |
223 } // namespace blink | 224 } // namespace blink |
OLD | NEW |