summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBen Murdoch <benm@google.com>2014-09-04 15:40:31 +0100
committerPaul Kocialkowski <contact@paulk.fr>2014-10-05 11:07:17 +0200
commit6141cdedee0907e68f9b42b755ab24395a2e8ebf (patch)
tree730bc62ffd466ca05cbcffae2eba7cb8b4436572
parent0250c1987af104372a30af713389f3a96d865f9e (diff)
downloadexternal_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.zip
external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.tar.gz
external_webkit-6141cdedee0907e68f9b42b755ab24395a2e8ebf.tar.bz2
Cherry pick r91611 Perform the JavaScript navigation check on a complete URL
Bug: 17050386 Change-Id: I613809864472007989938abde317b0a112c0a81c
-rw-r--r--Source/WebCore/page/DOMWindow.cpp10
1 files changed, 6 insertions, 4 deletions
diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp
index 0416cb5..45f288b 100644
--- a/Source/WebCore/page/DOMWindow.cpp
+++ b/Source/WebCore/page/DOMWindow.cpp
@@ -1699,7 +1699,7 @@ void DOMWindow::setLocation(const String& urlString, DOMWindow* activeWindow, DO
if (completedURL.isNull())
return;
- if (isInsecureScriptAccess(activeWindow, urlString))
+ if (isInsecureScriptAccess(activeWindow, completedURL))
return;
// We want a new history item if we are processing a user gesture.
@@ -1785,7 +1785,7 @@ Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram
newFrame->loader()->setOpener(openerFrame);
newFrame->page()->setOpenedByDOM();
- if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
+ if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
return newFrame;
if (function)
@@ -1835,7 +1835,9 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin
if (!activeFrame->loader()->shouldAllowNavigation(targetFrame))
return 0;
- if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
+ KURL completedURL = firstFrame->document()->completeURL(urlString);
+
+ if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
return targetFrame->domWindow();
if (urlString.isEmpty())
@@ -1844,7 +1846,7 @@ PassRefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicStrin
// For whatever reason, Firefox uses the first window rather than the active window to
// determine the outgoing referrer. We replicate that behavior here.
targetFrame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(),
- firstFrame->document()->completeURL(urlString).string(),
+ completedURL,
firstFrame->loader()->outgoingReferrer(),
!activeFrame->script()->anyPageIsProcessingUserGesture(), false);