diff options
author | Ben Murdoch <benm@google.com> | 2014-09-05 15:36:53 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2014-09-05 15:36:53 +0000 |
commit | cdecc11b0dfc2ba74d154b6228ab5b66e6d95f15 (patch) | |
tree | 24e29dad0ba2d8895712bfc91b604c7ef24f9ed3 | |
parent | 6f18799ebd0cf499a0021b50d99ca9e8e3d0bfbb (diff) | |
parent | a24c15e30ab6f8a64e17cb8a3a2a7967fe01dcef (diff) | |
download | webkit-cdecc11b0dfc2ba74d154b6228ab5b66e6d95f15.tar.gz |
am a24c15e3: am 7e4405a7: Cherry pick r91611 Perform the JavaScript navigation check on a complete URL
* commit 'a24c15e30ab6f8a64e17cb8a3a2a7967fe01dcef':
Cherry pick r91611 Perform the JavaScript navigation check on a complete URL
-rw-r--r-- | Source/WebCore/page/DOMWindow.cpp | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp index 1806a21cf..dc927acd2 100644 --- a/Source/WebCore/page/DOMWindow.cpp +++ b/Source/WebCore/page/DOMWindow.cpp @@ -1699,7 +1699,7 @@ void DOMWindow::setLocation(const String& urlString, DOMWindow* activeWindow, DO if (completedURL.isNull()) return; - if (isInsecureScriptAccess(activeWindow, urlString)) + if (isInsecureScriptAccess(activeWindow, completedURL)) return; // We want a new history item if we are processing a user gesture. @@ -1785,7 +1785,7 @@ Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram newFrame->loader()->setOpener(openerFrame); newFrame->page()->setOpenedByDOM(); - if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString)) + if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL)) return newFrame; if (function) @@ -1835,7 +1835,9 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin if (!activeFrame->loader()->shouldAllowNavigation(targetFrame)) return 0; - if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString)) + KURL completedURL = firstFrame->document()->completeURL(urlString); + + if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL)) return targetFrame->domWindow(); if (urlString.isEmpty()) @@ -1844,7 +1846,7 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin // For whatever reason, Firefox uses the first window rather than the active window to // determine the outgoing referrer. We replicate that behavior here. targetFrame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(), - firstFrame->document()->completeURL(urlString).string(), + completedURL, firstFrame->loader()->outgoingReferrer(), !activeFrame->script()->anyPageIsProcessingUserGesture(), false); |