Cherry pick r91611 Perform the JavaScript navigation check on a complete URL
Bug: 17050386
Change-Id: I613809864472007989938abde317b0a112c0a81c
diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp
index 1806a21..dc927ac 100644
--- a/Source/WebCore/page/DOMWindow.cpp
+++ b/Source/WebCore/page/DOMWindow.cpp
@@ -1699,7 +1699,7 @@
if (completedURL.isNull())
return;
- if (isInsecureScriptAccess(activeWindow, urlString))
+ if (isInsecureScriptAccess(activeWindow, completedURL))
return;
// We want a new history item if we are processing a user gesture.
@@ -1785,7 +1785,7 @@
newFrame->loader()->setOpener(openerFrame);
newFrame->page()->setOpenedByDOM();
- if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
+ if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
return newFrame;
if (function)
@@ -1835,7 +1835,9 @@
if (!activeFrame->loader()->shouldAllowNavigation(targetFrame))
return 0;
- if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
+ KURL completedURL = firstFrame->document()->completeURL(urlString);
+
+ if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
return targetFrame->domWindow();
if (urlString.isEmpty())
@@ -1844,7 +1846,7 @@
// For whatever reason, Firefox uses the first window rather than the active window to
// determine the outgoing referrer. We replicate that behavior here.
targetFrame->navigationScheduler()->scheduleLocationChange(activeFrame->document()->securityOrigin(),
- firstFrame->document()->completeURL(urlString).string(),
+ completedURL,
firstFrame->loader()->outgoingReferrer(),
!activeFrame->script()->anyPageIsProcessingUserGesture(), false);
