Cherry pick r91611 Perform the JavaScript navigation check on a complete URL

Bug: 17050386 Change-Id: I613809864472007989938abde317b0a112c0a81c
author: Ben Murdoch <benm@google.com> 2014-09-04 15:40:31 +0100
committer: Paul Kocialkowski <contact@paulk.fr> 2014-10-05 11:07:17 +0200
commit: 6141cdedee0907e68f9b42b755ab24395a2e8ebf (patch)
tree: 730bc62ffd466ca05cbcffae2eba7cb8b4436572
parent: 0250c1987af104372a30af713389f3a96d865f9e (diff)
download: external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.zip
external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.tar.gz
external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.tar.bz2
1 files changed, 6 insertions, 4 deletions
diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp
index 0416cb5..45f288b 100644
--- a/Source/WebCore/page/DOMWindow.cpp
+++ b/Source/WebCore/page/DOMWindow.cpp
@@ -1699,7 +1699,7 @@ void DOMWindow::setLocation(const String& urlString, DOMWindow* activeWindow, DO
     if (completedURL.isNull())
         return;
 
-    if (isInsecureScriptAccess(activeWindow, urlString))
+    if (isInsecureScriptAccess(activeWindow, completedURL))
         return;
 
     // We want a new history item if we are processing a user gesture.
@@ -1785,7 +1785,7 @@ Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram
     newFrame->loader()->setOpener(openerFrame);
     newFrame->page()->setOpenedByDOM();
 
-    if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
+    if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
         return newFrame;
 
     if (function)
@@ -1835,7 +1835,9 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin
         if (!activeFrame->loader()->shouldAllowNavigation(targetFrame))
             return 0;
 
-        if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
+        KURL completedURL = firstFrame->document()->completeURL(urlString);
+
+        if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
             return targetFrame->domWindow();
 
         if (urlString.isEmpty())
@@ -1844,7 +1846,7 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin
         // For whatever reason, Firefox uses the first window rather than the active window to
         // determine the outgoing referrer. We replicate that behavior here.
         targetFrame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(),
-            firstFrame->document()->completeURL(urlString).string(),
+            completedURL,
             firstFrame->loader()->outgoingReferrer(),
             !activeFrame->script()->anyPageIsProcessingUserGesture(), false);
author	Ben Murdoch <benm@google.com>	2014-09-04 15:40:31 +0100
committer	Paul Kocialkowski <contact@paulk.fr>	2014-10-05 11:07:17 +0200
commit	6141cdedee0907e68f9b42b755ab24395a2e8ebf (patch)
tree	730bc62ffd466ca05cbcffae2eba7cb8b4436572
parent	0250c1987af104372a30af713389f3a96d865f9e (diff)
download	external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.zip external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.tar.gz external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.tar.bz2