Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement* ownerElement, const KURL& url, const AtomicString& frameName, bool lockHistory, bool lockBackForwardList) { Frame* frame = ownerElement->contentFrame(); if (frame) frame->navigationScheduler()->scheduleLocationChange(m_frame->document()->securityOrigin(), url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList); else frame = loadSubframe(ownerElement, url, frameName, m_frame->loader()->outgoingReferrer()); return frame; }
Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const AtomicString& frameName, bool lockHistory, bool lockBackForwardList) { Frame* frame = ownerElement.contentFrame(); if (frame) frame->navigationScheduler().scheduleLocationChange(m_frame.document()->securityOrigin(), url.string(), m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList); else frame = loadSubframe(ownerElement, url, frameName, m_frame.loader().outgoingReferrer()); if (!frame) return nullptr; ASSERT(ownerElement.contentFrame() == frame || !ownerElement.contentFrame()); return ownerElement.contentFrame(); }
void ApplicationCacheHost::selectCacheWithManifest(const KURL& manifestURL) { if (m_internal) { if (!m_internal->m_outerHost->selectCacheWithManifest(manifestURL)) { // It's a foreign entry, restart the current navigation from the top // of the navigation algorithm. The navigation will not result in the // same resource being loaded, because "foreign" entries are never picked // during navigation. // see WebCore::ApplicationCacheGroup::selectCache() Frame* frame = m_documentLoader->frame(); frame->navigationScheduler()->scheduleLocationChange(frame->document()->securityOrigin(), frame->document()->url(), frame->loader()->referrer()); } } }
Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& requestUrl, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList) { URL url = requestUrl; ownerElement.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(url, ContentSecurityPolicy::InsecureRequestType::Load); Frame* frame = ownerElement.contentFrame(); if (frame) frame->navigationScheduler().scheduleLocationChange(m_frame.document(), m_frame.document()->securityOrigin(), url, m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList); else frame = loadSubframe(ownerElement, url, frameName, m_frame.loader().outgoingReferrer()); if (!frame) return nullptr; ASSERT(ownerElement.contentFrame() == frame || !ownerElement.contentFrame()); return ownerElement.contentFrame(); }
void JSDocument::setLocation(ExecState* exec, JSValue value) { Frame* frame = static_cast<Document*>(impl())->frame(); if (!frame) return; String str = ustringToString(value.toString(exec)); Frame* lexicalFrame = asJSDOMWindow(exec->lexicalGlobalObject())->impl()->frame(); // IE and Mozilla both resolve the URL relative to the source frame, // not the target frame. Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame(); str = activeFrame->document()->completeURL(str).string(); frame->navigationScheduler()->scheduleLocationChange(lexicalFrame->document()->securityOrigin(), str, activeFrame->loader()->outgoingReferrer(), !activeFrame->script()->anyPageIsProcessingUserGesture(), false); }
Frame* createWindow(const String& urlString, const AtomicString& frameName, const WindowFeatures& windowFeatures, DOMWindow* activeWindow, Frame* firstFrame, Frame* openerFrame, DOMWindow::PrepareDialogFunction function, void* functionContext) { Frame* activeFrame = activeWindow->frame(); KURL completedURL = urlString.isEmpty() ? KURL(ParsedURLString, emptyString()) : firstFrame->document()->completeURL(urlString); if (!completedURL.isEmpty() && !completedURL.isValid()) { // Don't expose client code to invalid URLs. activeWindow->printErrorMessage("Unable to open a window with invalid URL '" + completedURL.string() + "'.\n"); return 0; } // For whatever reason, Firefox uses the first frame to determine the outgoingReferrer. We replicate that behavior here. String referrer = SecurityPolicy::generateReferrerHeader(firstFrame->document()->referrerPolicy(), completedURL, firstFrame->loader()->outgoingReferrer()); ResourceRequest request(completedURL, referrer); FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin()); FrameLoadRequest frameRequest(activeWindow->document()->securityOrigin(), request, frameName); // We pass the opener frame for the lookupFrame in case the active frame is different from // the opener frame, and the name references a frame relative to the opener frame. bool created; Frame* newFrame = createWindow(activeFrame, openerFrame, frameRequest, windowFeatures, created); if (!newFrame) return 0; newFrame->loader()->setOpener(openerFrame); newFrame->page()->setOpenedByDOM(); if (newFrame->domWindow()->isInsecureScriptAccess(activeWindow, completedURL)) return newFrame; if (function) function(newFrame->domWindow(), functionContext); if (created) { FrameLoadRequest request(activeWindow->document()->securityOrigin(), ResourceRequest(completedURL, referrer)); newFrame->loader()->load(request); } else if (!urlString.isEmpty()) { newFrame->navigationScheduler()->scheduleLocationChange(activeWindow->document()->securityOrigin(), completedURL.string(), referrer, false); } return newFrame; }
void HTMLFormElement::scheduleFormSubmission(PassRefPtr<FormSubmission> submission) { ASSERT(submission->method() == FormSubmission::PostMethod || submission->method() == FormSubmission::GetMethod); ASSERT(submission->data()); ASSERT(submission->state()); if (submission->action().isEmpty()) return; if (document().isSandboxed(SandboxForms)) { // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Blocked form submission to '" + submission->action().elidedString() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set."); return; } if (protocolIsJavaScript(submission->action())) { if (!document().contentSecurityPolicy()->allowFormAction(KURL(submission->action()))) return; document().frame()->script().executeScriptIfJavaScriptURL(submission->action()); return; } Frame* targetFrame = document().frame()->loader().findFrameForNavigation(submission->target(), submission->state()->sourceDocument()); if (!targetFrame) { if (!DOMWindow::allowPopUp(document().frame()) && !UserGestureIndicator::processingUserGesture()) return; targetFrame = document().frame(); } else { submission->clearTarget(); } if (!targetFrame->page()) return; submission->setReferrer(document().frame()->loader().outgoingReferrer()); submission->setOrigin(document().frame()->loader().outgoingOrigin()); targetFrame->navigationScheduler().scheduleFormSubmission(submission); }