OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
52 | 52 |
53 const String& aString = a.getString(); | 53 const String& aString = a.getString(); |
54 const String& bString = b.getString(); | 54 const String& bString = b.getString(); |
55 for (int i = 0; i < aLength; ++i) { | 55 for (int i = 0; i < aLength; ++i) { |
56 if (aString[i] != bString[i]) | 56 if (aString[i] != bString[i]) |
57 return false; | 57 return false; |
58 } | 58 } |
59 return true; | 59 return true; |
60 } | 60 } |
61 | 61 |
| 62 bool equalIgnoringQueryAndFragment(const KURL& a, const KURL& b) |
| 63 { |
| 64 int aLength = a.pathEnd(); |
| 65 int bLength = b.pathEnd(); |
| 66 |
| 67 if (aLength != bLength) |
| 68 return false; |
| 69 |
| 70 const String& aString = a.getString(); |
| 71 const String& bString = b.getString(); |
| 72 for (int i = 0; i < aLength; ++i) { |
| 73 if (aString[i] != bString[i]) |
| 74 return false; |
| 75 } |
| 76 return true; |
| 77 } |
| 78 |
62 } // namespace | 79 } // namespace |
63 | 80 |
64 History::History(LocalFrame* frame) | 81 History::History(LocalFrame* frame) |
65 : DOMWindowProperty(frame) | 82 : DOMWindowProperty(frame) |
66 , m_lastStateObjectRequested(nullptr) | 83 , m_lastStateObjectRequested(nullptr) |
67 { | 84 { |
68 } | 85 } |
69 | 86 |
70 DEFINE_TRACE(History) | 87 DEFINE_TRACE(History) |
71 { | 88 { |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
189 if (!url.isValid()) | 206 if (!url.isValid()) |
190 return false; | 207 return false; |
191 | 208 |
192 if (documentOrigin->isGrantedUniversalAccess()) | 209 if (documentOrigin->isGrantedUniversalAccess()) |
193 return true; | 210 return true; |
194 | 211 |
195 // We allow sandboxed documents, `data:`/`file:` URLs, etc. to use | 212 // We allow sandboxed documents, `data:`/`file:` URLs, etc. to use |
196 // 'pushState'/'replaceState' to modify the URL fragment: see | 213 // 'pushState'/'replaceState' to modify the URL fragment: see |
197 // https://crbug.com/528681 for the compatibility concerns. | 214 // https://crbug.com/528681 for the compatibility concerns. |
198 if (documentOrigin->isUnique() || documentOrigin->isLocal()) | 215 if (documentOrigin->isUnique() || documentOrigin->isLocal()) |
199 return equalIgnoringFragmentIdentifier(url, documentURL); | 216 return equalIgnoringQueryAndFragment(url, documentURL); |
200 | 217 |
201 if (!equalIgnoringPathQueryAndFragment(url, documentURL)) | 218 if (!equalIgnoringPathQueryAndFragment(url, documentURL)) |
202 return false; | 219 return false; |
203 | 220 |
204 RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::create(url); | 221 RefPtr<SecurityOrigin> requestedOrigin = SecurityOrigin::create(url); |
205 if (requestedOrigin->isUnique() || !requestedOrigin->isSameSchemeHostPort(do
cumentOrigin)) | 222 if (requestedOrigin->isUnique() || !requestedOrigin->isSameSchemeHostPort(do
cumentOrigin)) |
206 return false; | 223 return false; |
207 | 224 |
208 return true; | 225 return true; |
209 } | 226 } |
210 | 227 |
211 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat
ionType, FrameLoadType type, ExceptionState& exceptionState) | 228 void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
ing& /* title */, const String& urlString, HistoryScrollRestorationType restorat
ionType, FrameLoadType type, ExceptionState& exceptionState) |
212 { | 229 { |
213 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) | 230 if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader()) |
214 return; | 231 return; |
215 | 232 |
216 KURL fullURL = urlForState(urlString); | 233 KURL fullURL = urlForState(urlString); |
217 if (!canChangeToUrl(fullURL, m_frame->document()->getSecurityOrigin(), m_fra
me->document()->url())) { | 234 if (!canChangeToUrl(fullURL, m_frame->document()->getSecurityOrigin(), m_fra
me->document()->url())) { |
218 // We can safely expose the URL to JavaScript, as a) no redirection take
s place: JavaScript already had this URL, b) JavaScript can only access a same-o
rigin History object. | 235 // We can safely expose the URL to JavaScript, as a) no redirection take
s place: JavaScript already had this URL, b) JavaScript can only access a same-o
rigin History object. |
219 exceptionState.throwSecurityError("A history state object with URL '" +
fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f
rame->document()->getSecurityOrigin()->toString() + "' and URL '" + m_frame->doc
ument()->url().elidedString() + "'."); | 236 exceptionState.throwSecurityError("A history state object with URL '" +
fullURL.elidedString() + "' cannot be created in a document with origin '" + m_f
rame->document()->getSecurityOrigin()->toString() + "' and URL '" + m_frame->doc
ument()->url().elidedString() + "'."); |
220 return; | 237 return; |
221 } | 238 } |
222 | 239 |
223 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig
ationHistoryApi, data, restorationType, type, m_frame->document()); | 240 m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavig
ationHistoryApi, data, restorationType, type, m_frame->document()); |
224 } | 241 } |
225 | 242 |
226 } // namespace blink | 243 } // namespace blink |
OLD | NEW |