From b31073102b4df9c6f531ad939e5d0f4d8880a9e5 Mon Sep 17 00:00:00 2001 From: Grace Kloba Date: Fri, 21 May 2010 09:35:01 -0700 Subject: Fix a binding big in WebKit which prevents url hijacking for mobile adsense. Fix http://b/issue?id=2695688 cherry-pick the change from WebKit https://bugs.webkit.org/show_bug.cgi?id=39452 --- WebCore/bindings/generic/BindingDOMWindow.h | 2 +- WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'WebCore') diff --git a/WebCore/bindings/generic/BindingDOMWindow.h b/WebCore/bindings/generic/BindingDOMWindow.h index b46bdf9..f883d11 100644 --- a/WebCore/bindings/generic/BindingDOMWindow.h +++ b/WebCore/bindings/generic/BindingDOMWindow.h @@ -109,7 +109,7 @@ Frame* BindingDOMWindow::createWindow(State* state, if (created) newFrame->loader()->changeLocation(completedUrl, referrer, false, false, userGesture); else if (!url.isEmpty()) - newFrame->redirectScheduler()->scheduleLocationChange(completedUrl.string(), referrer, false, userGesture); + newFrame->redirectScheduler()->scheduleLocationChange(completedUrl.string(), referrer, false, false, userGesture); } return newFrame; diff --git a/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp b/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp index 6a53a1f..ff2be37 100644 --- a/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp +++ b/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp @@ -574,7 +574,7 @@ v8::Handle V8DOMWindow::openCallback(const v8::Arguments& args) // the outgoingReferrer. We replicate that behavior here. String referrer = enteredFrame->loader()->outgoingReferrer(); - frame->redirectScheduler()->scheduleLocationChange(completedUrl, referrer, false, userGesture); + frame->redirectScheduler()->scheduleLocationChange(completedUrl, referrer, false, false, userGesture); } return toV8(frame->domWindow()); } -- cgit v1.1