Clear hash when setting URL in document.open

third_party/WebKit/Source/core/dom/Document.cpp

Index: third_party/WebKit/Source/core/dom/Document.cpp
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
index 3b0b38b56fd88293a6901e60f057e37cfc54546a..f91aebe823d29a0a4b05cb69a6068ce20f49091d 100644
--- a/third_party/WebKit/Source/core/dom/Document.cpp
+++ b/third_party/WebKit/Source/core/dom/Document.cpp
@@ -2727,7 +2727,13 @@ void Document::open(Document* entered_document,
       return;
     }
     SetSecurityOrigin(entered_document->GetSecurityOrigin());
-    SetURL(entered_document->Url());
+
+    // Clear the hash fragment from the inerited URL to prevent a

[skobes, 2017/04/21 17:19:56]

typo: inherited

[bokan, 2017/04/24 17:39:04]

Done.

+    // scroll-into-view for any document.open()'d frame.
+    KURL new_url = entered_document->Url();
+    new_url.SetFragmentIdentifier(String());
+
+    SetURL(new_url);

[skobes, 2017/04/21 17:19:56]

Does this code run only for cross-frame document.open(), or also for
document.open() on the current frame?  We probably only want to do this in the
cross-frame case.

[bokan, 2017/04/24 17:39:04]

Currently this was for any frame. I've changed it to run only when opened from a
cross-frame document.

     cookie_url_ = entered_document->CookieURL();
   }