Disable navigations in the unload handler.

third_party/WebKit/Source/core/loader/NavigationScheduler.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserved.
  * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
  * Copyright (C) 2009 Adam Barth. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
@@ skipping 78 matching lines @@
     scheduledNavigationClobberHistogram.count(value);
 
     DEFINE_STATIC_LOCAL(CustomCountHistogram, scheduledClobberAbortTimeHistogram, ("Navigation.Scheduled.MaybeCausedAbort.Time", 1, 10000, 50));
     double navigationStart = frame->loader().provisionalDocumentLoader()->timing().navigationStart();
     if (navigationStart)
         scheduledClobberAbortTimeHistogram.count(monotonicallyIncreasingTime() - navigationStart);
 }
 
 } // namespace
 
-unsigned NavigationDisablerForBeforeUnload::s_navigationDisableCount = 0;
-unsigned NavigationCounterForUnload::s_inUnloadHandler = 0;
+unsigned NavigationDisablerForUnload::s_navigationDisableCount = 0;
 
 class ScheduledNavigation : public GarbageCollectedFinalized<ScheduledNavigation> {
     WTF_MAKE_NONCOPYABLE(ScheduledNavigation);
 public:
     ScheduledNavigation(double delay, Document* originDocument, bool replacesCurrentItem, bool isLocationChange)
         : m_delay(delay)
         , m_originDocument(originDocument)
         , m_replacesCurrentItem(replacesCurrentItem)
         , m_isLocationChange(isLocationChange)
         , m_wasUserGesture(UserGestureIndicator::processingUserGesture())
@@ skipping 209 matching lines @@
 }
 
 bool NavigationScheduler::isNavigationScheduledWithin(double interval) const
 {
     return m_redirect && m_redirect->delay() <= interval;
 }
 
 // TODO(dcheng): There are really two different load blocking concepts at work
 // here and they have been incorrectly tangled together.
 //
-// 1. NavigationDisablerForBeforeUnload is for blocking navigation scheduling
-//    during a beforeunload event. Scheduled navigations during beforeunload
-//    would make it possible to get trapped in an endless loop of beforeunload
-//    dialogs.
+// 1. NavigationDisablerForUnload is for blocking navigation scheduling during
+//    a beforeunload or unload events. Scheduled navigations during
+//    beforeunload would make it possible to get trapped in an endless loop of
+//    beforeunload dialogs. Scheduled navigations during the unload handler
+//    makes is possible to cancel a navigation that was initiated right before
+//    it commits.
 //
 //    Checking Frame::isNavigationAllowed() doesn't make sense in this context:
 //    NavigationScheduler is always cleared when a new load commits, so it's
 //    impossible for a scheduled navigation to clobber a navigation that just
 //    committed.
 //
 // 2. FrameNavigationDisabler / LocalFrame::isNavigationAllowed() are intended
 //    to prevent Documents from being reattached during destruction, since it
 //    can cause bugs with security origin confusion. This is primarily intended
 //    to block /synchronous/ navigations during things lke Document::detachLayoutTree().
 inline bool NavigationScheduler::shouldScheduleReload() const
 {
-    return m_frame->page() && m_frame->isNavigationAllowed() && NavigationDisablerForBeforeUnload::isNavigationAllowed();
+    return m_frame->page() && m_frame->isNavigationAllowed() && NavigationDisablerForUnload::isNavigationAllowed();
 }
 
 inline bool NavigationScheduler::shouldScheduleNavigation(const String& url) const
 {
-    return m_frame->page() && m_frame->isNavigationAllowed() && (protocolIsJavaScript(url) || NavigationDisablerForBeforeUnload::isNavigationAllowed());
+    return m_frame->page() && m_frame->isNavigationAllowed() && (protocolIsJavaScript(url) || NavigationDisablerForUnload::isNavigationAllowed());
 }
 
 void NavigationScheduler::scheduleRedirect(double delay, const String& url)
 {
     if (!shouldScheduleNavigation(url))
         return;
     if (delay < 0 || delay > INT_MAX / 1000)
         return;
     if (url.isEmpty())
         return;
@@ skipping 24 matching lines @@
 
     replacesCurrentItem = replacesCurrentItem || mustReplaceCurrentItem(m_frame);
 
     // If the URL we're going to navigate to is the same as the current one, except for the
     // fragment part, we don't need to schedule the location change. We'll skip this
     // optimization for cross-origin navigations to minimize the navigator's ability to
     // execute timing attacks.
     if (originDocument->getSecurityOrigin()->canAccess(m_frame->document()->getSecurityOrigin())) {
         KURL parsedURL(ParsedURLString, url);
         if (parsedURL.hasFragmentIdentifier() && equalIgnoringFragmentIdentifier(m_frame->document()->url(), parsedURL)) {
-            if (NavigationCounterForUnload::inUnloadHandler())
-                Deprecation::countDeprecation(m_frame, UseCounter::UnloadHandler_Navigation);
 
             FrameLoadRequest request(originDocument, m_frame->document()->completeURL(url), "_self");
             request.setReplacesCurrentItem(replacesCurrentItem);
             if (replacesCurrentItem)
                 request.setClientRedirect(ClientRedirectPolicy::ClientRedirect);
             m_frame->loader().load(request);
             return;
         }
     }
 
@@ skipping 86 matching lines @@
     m_redirect.clear();
 }
 
 DEFINE_TRACE(NavigationScheduler)
 {
     visitor->trace(m_frame);
     visitor->trace(m_redirect);
 }
 
 } // namespace blink