void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& title, const String& urlString, StateObjectType stateObjectType, ExceptionCode& ec)
{
if (!m_frame || !m_frame->page())
return;
KURL fullURL = urlForState(urlString);
RefPtr<SecurityOrigin> origin = SecurityOrigin::create(fullURL);
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->isSameSchemeHostPort(origin.get())) {
ec = SECURITY_ERR;
return;
}
if (stateObjectType == StateObjectPush)
m_frame->loader()->history()->pushState(data, title, fullURL.string());
else if (stateObjectType == StateObjectReplace)
m_frame->loader()->history()->replaceState(data, title, fullURL.string());
if (!urlString.isEmpty())
m_frame->document()->updateURLForPushOrReplaceState(fullURL);
if (stateObjectType == StateObjectPush)
m_frame->loader()->client()->dispatchDidPushStateWithinPage();
else if (stateObjectType == StateObjectReplace)
m_frame->loader()->client()->dispatchDidReplaceStateWithinPage();
}
void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& /* title */, const String& urlString, UpdateBackForwardListPolicy updateBackForwardListPolicy, ExceptionState& exceptionState)
{
if (!m_frame || !m_frame->page())
return;
KURL fullURL = urlForState(urlString);
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->canRequest(fullURL)) {
// We can safely expose the URL to JavaScript, as a) no redirection takes place: JavaScript already had this URL, b) JavaScript can only access a same-origin History object.
exceptionState.throwSecurityError("A history state object with URL '" + fullURL.elidedString() + "' cannot be created in a document with origin '" + m_frame->document()->securityOrigin()->toString() + "'.");
return;
}
m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavigationHistoryApi, data, updateBackForwardListPolicy);
}
void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& /* title */, const String& urlString, HistoryScrollRestorationType restorationType, FrameLoadType type, ExceptionState& exceptionState)
{
if (!m_frame || !m_frame->page() || !m_frame->loader().documentLoader())
return;
KURL fullURL = urlForState(urlString);
if (!canChangeToUrl(fullURL, m_frame->document()->getSecurityOrigin(), m_frame->document()->url())) {
// We can safely expose the URL to JavaScript, as a) no redirection takes place: JavaScript already had this URL, b) JavaScript can only access a same-origin History object.
exceptionState.throwSecurityError("A history state object with URL '" + fullURL.elidedString() + "' cannot be created in a document with origin '" + m_frame->document()->getSecurityOrigin()->toString() + "' and URL '" + m_frame->document()->url().elidedString() + "'.");
return;
}
m_frame->loader().updateForSameDocumentNavigation(fullURL, SameDocumentNavigationHistoryApi, data, restorationType, type);
}
void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& title, const String& urlString, StateObjectType stateObjectType, ExceptionCode& ec)
{
if (!m_frame)
return;
#if !PLATFORM(WKC)
ASSERT(m_frame->page());
#else
if (!m_frame->page())
return;
#endif
KURL fullURL = urlForState(urlString);
#if 1
// modified at webkit.org trunk r64077 and r85436
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->canRequest(fullURL)) {
#else
if (!fullURL.isValid()) {
#endif
ec = SECURITY_ERR;
return;
}
if (stateObjectType == StateObjectPush)
m_frame->loader()->history()->pushState(data, title, fullURL.string());
else if (stateObjectType == StateObjectReplace)
m_frame->loader()->history()->replaceState(data, title, fullURL.string());
if (!urlString.isEmpty()) {
m_frame->document()->updateURLForPushOrReplaceState(fullURL);
if (stateObjectType == StateObjectPush)
m_frame->loader()->client()->dispatchDidPushStateWithinPage();
else if (stateObjectType == StateObjectReplace)
m_frame->loader()->client()->dispatchDidReplaceStateWithinPage();
}
}
} // namespace WebCore
