1 files changed, 28 insertions, 15 deletions

diff --git a/WebCore/bindings/js/JSLocation.cpp b/WebCore/bindings/js/JSLocation.cpp
index 2fc1a34..b4e63de 100644
--- a/WebCore/bindings/js/JSLocation.cpp
+++ b/WebCore/bindings/js/JSLocation.cpp
@@ -26,6 +26,7 @@
 #include "DOMWindow.h"
 #include "Frame.h"
 #include "FrameLoader.h"
+#include "PlatformString.h"
 #include "kjs_proxy.h"
 #include "kjs_window.h"
 
@@ -131,12 +132,12 @@ bool JSLocation::customGetOwnPropertySlot(ExecState* exec, const Identifier& pro
     return true;
 }
 
-void JSLocation::put(ExecState* exec, const Identifier& propertyName, JSValue* value)
+void JSLocation::put(ExecState* exec, const Identifier& propertyName, JSValue* value, int attr)
 {
   if (!m_frame)
     return;
 
-  String str = value->toString(exec);
+  DeprecatedString str = value->toString(exec);
   KURL url = m_frame->loader()->url();
   bool sameDomainAccess = allowsAccessFromFrame(exec, m_frame);
 
@@ -151,7 +152,6 @@ void JSLocation::put(ExecState* exec, const Identifier& propertyName, JSValue* v
 
       switch (entry->value.intValue) {
       case Href: {
-          // FIXME: Why isn't this security check needed for the other properties, like Host, below?
           Frame* frame = Window::retrieveActive(exec)->impl()->frame();
           if (!frame)
               return;
@@ -160,30 +160,27 @@ void JSLocation::put(ExecState* exec, const Identifier& propertyName, JSValue* v
           url = frame->loader()->completeURL(str);
           break;
       }
-      case Hash:
+      case Hash: {
           if (str.startsWith("#"))
-              str = str.substring(1);
+              str = str.mid(1);
           if (url.ref() == str)
               return;
           url.setRef(str);
           break;
-      case Host:
+      }
+      case Host: {
           url.setHostAndPort(str);
           break;
+      }
       case Hostname:
           url.setHost(str);
           break;
       case Pathname:
           url.setPath(str);
           break;
-      case Port: {
-          // FIXME: Could make this a little less ugly if String provided a toUnsignedShort function.
-          int port = str.toInt();
-          if (port < 0 || port > 0xFFFF)
-              port = 0;
-          url.setPort(port);
+      case Port:
+          url.setPort(str.toUInt());
           break;
-      }
       case Protocol:
           url.setProtocol(str);
           break;
@@ -197,12 +194,16 @@ void JSLocation::put(ExecState* exec, const Identifier& propertyName, JSValue* v
       }
   } else {
       if (sameDomainAccess)
-          JSObject::put(exec, propertyName, value);
+          JSObject::put(exec, propertyName, value, attr);
       return;
   }
 
   Frame* activeFrame = Window::retrieveActive(exec)->impl()->frame();
+#ifdef ANDROID_JAVASCRIPT_SECURITY 
   if (!url.protocolIs("javascript") || sameDomainAccess) {
+#else
+  if (!url.deprecatedString().startsWith("javascript:", false) || sameDomainAccess) {
+#endif
     bool userGesture = activeFrame->scriptProxy()->processingUserGesture();
     m_frame->loader()->scheduleLocationChange(url.string(), activeFrame->loader()->outgoingReferrer(), false, userGesture);
   }
@@ -237,9 +238,13 @@ JSValue* jsLocationProtoFuncReplace(ExecState* exec, JSObject* thisObj, const Li
     if (activeFrame) {
         if (!activeFrame->loader()->shouldAllowNavigation(frame))
             return jsUndefined();
-        String str = args[0]->toString(exec);
+        DeprecatedString str = args[0]->toString(exec);
         const Window* window = Window::retrieveWindow(frame);
+#ifdef ANDROID_JAVASCRIPT_SECURITY 
         if (!protocolIs(str, "javascript") || (window && window->allowsAccessFrom(exec))) {
+#else
+        if (!str.startsWith("javascript:", false) || (window && window->allowsAccessFrom(exec))) {
+#endif
             bool userGesture = activeFrame->scriptProxy()->processingUserGesture();
             frame->loader()->scheduleLocationChange(activeFrame->loader()->completeURL(str).string(), activeFrame->loader()->outgoingReferrer(), true, userGesture);
         }
@@ -261,7 +266,11 @@ JSValue* jsLocationProtoFuncReload(ExecState* exec, JSObject* thisObj, const Lis
     if (!window->allowsAccessFrom(exec))
         return jsUndefined();
 
+#ifdef ANDROID_JAVASCRIPT_SECURITY 
     if (!frame->loader()->url().protocolIs("javascript") || (window && window->allowsAccessFrom(exec))) {
+#else
+    if (!frame->loader()->url().deprecatedString().startsWith("javascript:", false) || (window && window->allowsAccessFrom(exec))) {
+#endif
         bool userGesture = Window::retrieveActive(exec)->impl()->frame()->scriptProxy()->processingUserGesture();
         frame->loader()->scheduleRefresh(userGesture);
     }
@@ -283,7 +292,11 @@ JSValue* jsLocationProtoFuncAssign(ExecState* exec, JSObject* thisObj, const Lis
             return jsUndefined();
         const Window* window = Window::retrieveWindow(frame);
         String dstUrl = activeFrame->loader()->completeURL(args[0]->toString(exec)).string();
+#ifdef ANDROID_JAVASCRIPT_SECURITY 
         if (!protocolIs(dstUrl, "javascript") || (window && window->allowsAccessFrom(exec))) {
+#else
+        if (!dstUrl.startsWith("javascript:", false) || (window && window->allowsAccessFrom(exec))) {
+#endif
             bool userGesture = activeFrame->scriptProxy()->processingUserGesture();
             // We want a new history item if this JS was called via a user gesture
             frame->loader()->scheduleLocationChange(dstUrl, activeFrame->loader()->outgoingReferrer(), false, userGesture);