Index: ios/web/web_state/ui/crw_web_controller.mm |
diff --git a/ios/web/web_state/ui/crw_web_controller.mm b/ios/web/web_state/ui/crw_web_controller.mm |
index ac54fae6cb1165cbe32452f382ac5e5a74d5c55b..f2e337bd4894b7101e29c0dc872dc3f9e4f3ae9d 100644 |
--- a/ios/web/web_state/ui/crw_web_controller.mm |
+++ b/ios/web/web_state/ui/crw_web_controller.mm |
@@ -1853,6 +1853,14 @@ - (void)updateCurrentBackForwardListItemHolder { |
// page, and should not be associated. |
if (_webUIManager) |
return; |
+ // When navigating to a page created with window.history.pushState using a |
+ // WKBackForwardListItem, the WKWebViewConfiguration's user scripts are not |
+ // injected. As a result, the WKBackForwardList will become out of sync with |
Eugene But (OOO till 7-30)
2016/08/30 00:48:57
Sounds like if scripts are not injected than spoof
kkhorimoto
2016/08/30 00:54:41
Sorry, the URL spoofing issue was the result of on
|
+ // the NavigationManager, allowing for URL spoofing attacks. |
+ web::NavigationItemImpl* currentItem = |
+ [self currentSessionEntry].navigationItemImpl; |
+ if (currentItem->IsCreatedFromPushState()) |
+ return; |
web::WKBackForwardListItemHolder* holder = |
[self currentBackForwardListItemHolder]; |