Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement* ownerElement, const KURL& url, const AtomicString& frameName, bool lockHistory, bool lockBackForwardList)
{
Frame* frame = ownerElement->contentFrame();
if (frame)
frame->navigationScheduler()->scheduleLocationChange(m_frame->document()->securityOrigin(), url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList);
else
frame = loadSubframe(ownerElement, url, frameName, m_frame->loader()->outgoingReferrer());
return frame;
}
Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const AtomicString& frameName, bool lockHistory, bool lockBackForwardList)
{
Frame* frame = ownerElement.contentFrame();
if (frame)
frame->navigationScheduler().scheduleLocationChange(m_frame.document()->securityOrigin(), url.string(), m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList);
else
frame = loadSubframe(ownerElement, url, frameName, m_frame.loader().outgoingReferrer());
if (!frame)
return nullptr;
ASSERT(ownerElement.contentFrame() == frame || !ownerElement.contentFrame());
return ownerElement.contentFrame();
}
void ApplicationCacheHost::selectCacheWithManifest(const KURL& manifestURL)
{
if (m_internal) {
if (!m_internal->m_outerHost->selectCacheWithManifest(manifestURL)) {
// It's a foreign entry, restart the current navigation from the top
// of the navigation algorithm. The navigation will not result in the
// same resource being loaded, because "foreign" entries are never picked
// during navigation.
// see WebCore::ApplicationCacheGroup::selectCache()
Frame* frame = m_documentLoader->frame();
frame->navigationScheduler()->scheduleLocationChange(frame->document()->securityOrigin(),
frame->document()->url(), frame->loader()->referrer());
}
}
}
Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& requestUrl, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)
{
URL url = requestUrl;
ownerElement.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(url, ContentSecurityPolicy::InsecureRequestType::Load);
Frame* frame = ownerElement.contentFrame();
if (frame)
frame->navigationScheduler().scheduleLocationChange(m_frame.document(), m_frame.document()->securityOrigin(), url, m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList);
else
frame = loadSubframe(ownerElement, url, frameName, m_frame.loader().outgoingReferrer());
if (!frame)
return nullptr;
ASSERT(ownerElement.contentFrame() == frame || !ownerElement.contentFrame());
return ownerElement.contentFrame();
}
void JSDocument::setLocation(ExecState* exec, JSValue value)
{
Frame* frame = static_cast<Document*>(impl())->frame();
if (!frame)
return;
String str = ustringToString(value.toString(exec));
Frame* lexicalFrame = asJSDOMWindow(exec->lexicalGlobalObject())->impl()->frame();
// IE and Mozilla both resolve the URL relative to the source frame,
// not the target frame.
Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
str = activeFrame->document()->completeURL(str).string();
frame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(),
str, activeFrame->loader()->outgoingReferrer(), !activeFrame->script()->anyPageIsProcessingUserGesture(), false);
}
Frame* createWindow(const String& urlString, const AtomicString& frameName, const WindowFeatures& windowFeatures,
DOMWindow* activeWindow, Frame* firstFrame, Frame* openerFrame, DOMWindow::PrepareDialogFunction function, void* functionContext)
{
Frame* activeFrame = activeWindow->frame();
KURL completedURL = urlString.isEmpty() ? KURL(ParsedURLString, emptyString()) : firstFrame->document()->completeURL(urlString);
if (!completedURL.isEmpty() && !completedURL.isValid()) {
// Don't expose client code to invalid URLs.
activeWindow->printErrorMessage("Unable to open a window with invalid URL '" + completedURL.string() + "'.\n");
return 0;
}
// For whatever reason, Firefox uses the first frame to determine the outgoingReferrer. We replicate that behavior here.
String referrer = SecurityPolicy::generateReferrerHeader(firstFrame->document()->referrerPolicy(), completedURL, firstFrame->loader()->outgoingReferrer());
ResourceRequest request(completedURL, referrer);
FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin());
FrameLoadRequest frameRequest(activeWindow->document()->securityOrigin(), request, frameName);
// We pass the opener frame for the lookupFrame in case the active frame is different from
// the opener frame, and the name references a frame relative to the opener frame.
bool created;
Frame* newFrame = createWindow(activeFrame, openerFrame, frameRequest, windowFeatures, created);
if (!newFrame)
return 0;
newFrame->loader()->setOpener(openerFrame);
newFrame->page()->setOpenedByDOM();
if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
return newFrame;
if (function)
function(newFrame->domWindow(), functionContext);
if (created) {
FrameLoadRequest request(activeWindow->document()->securityOrigin(), ResourceRequest(completedURL, referrer));
newFrame->loader()->load(request);
} else if (!urlString.isEmpty()) {
newFrame->navigationScheduler()->scheduleLocationChange(activeWindow->document()->securityOrigin(), completedURL.string(), referrer, false);
}
return newFrame;
}
void HTMLFormElement::scheduleFormSubmission(PassRefPtr<FormSubmission> submission)
{
ASSERT(submission->method() == FormSubmission::PostMethod || submission->method() == FormSubmission::GetMethod);
ASSERT(submission->data());
ASSERT(submission->state());
if (submission->action().isEmpty())
return;
if (document().isSandboxed(SandboxForms)) {
// FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Blocked form submission to '" + submission->action().elidedString() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set.");
return;
}
if (protocolIsJavaScript(submission->action())) {
if (!document().contentSecurityPolicy()->allowFormAction(KURL(submission->action())))
return;
document().frame()->script().executeScriptIfJavaScriptURL(submission->action());
return;
}
Frame* targetFrame = document().frame()->loader().findFrameForNavigation(submission->target(), submission->state()->sourceDocument());
if (!targetFrame) {
if (!DOMWindow::allowPopUp(document().frame()) && !UserGestureIndicator::processingUserGesture())
return;
targetFrame = document().frame();
} else {
submission->clearTarget();
}
if (!targetFrame->page())
return;
submission->setReferrer(document().frame()->loader().outgoingReferrer());
submission->setOrigin(document().frame()->loader().outgoingOrigin());
targetFrame->navigationScheduler().scheduleFormSubmission(submission);
}
