Webpages can trigger loads with invalid URLs
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 27 Apr 2014 16:06:27 +0000 (16:06 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 27 Apr 2014 16:06:27 +0000 (16:06 +0000)
commit46e3208c94f0b1c2a96689cf1c86ff2c0b125f94
treeb3844b04d2857347d907593fcf187e78d5418305
parentf15d1a8d2ba512bea7dd1e3f5853f295bab08a5d
Webpages can trigger loads with invalid URLs
https://bugs.webkit.org/show_bug.cgi?id=132224
rdar://problem/16697142

Reviewed by Alexey Proskuryakov.

Invalid URLs can be a way to trick the user about what website they
are looking at.  Still trying to figure out a good way to regression-test this.

* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Pass a URL rather than a String to
the navigation scheduler.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::receivedFirstData): Ditto.

* loader/NavigationScheduler.cpp:
(WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Take a URL rather
than a string.
(WebCore::ScheduledURLNavigation::url): Ditto.
(WebCore::ScheduledRedirect::ScheduledRedirect): Ditto.
(WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto.
(WebCore::ScheduledRefresh::ScheduledRefresh): Ditto.
(WebCore::NavigationScheduler::shouldScheduleNavigation): Added a check that
prevents navigation to any URL that is invalid, except for JavaScript URLs,
which need not be valid.
(WebCore::NavigationScheduler::scheduleRedirect): Use URL instead of String.
(WebCore::NavigationScheduler::scheduleLocationChange): Use URL instead of
String. Also got rid of empty string check since empty URLs are also invalid,
and so shouldScheduleNavigation will take care of it.
(WebCore::NavigationScheduler::scheduleRefresh): Use URL instead of String.

* loader/NavigationScheduler.h: Take URL instead of String. Also removed some
unneeded incldues and uses of WTF_MAKE_NONCOPYABLE. NavigationScheduler is
already noncopyable because it has a reference for a data member, and the
disabler doesn't have any real reason to be noncopyable.

* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe): Pass a URL rather than a
String to the NavigationScheduler.
* page/DOMWindow.cpp:
(WebCore::DOMWindow::createWindow): Ditto.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin): Return a URL instead
of a String.
* page/SecurityOrigin.h: Updated for above change.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167856 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/loader/NavigationScheduler.cpp
Source/WebCore/loader/NavigationScheduler.h
Source/WebCore/loader/SubframeLoader.cpp
Source/WebCore/page/DOMWindow.cpp
Source/WebCore/page/SecurityOrigin.cpp
Source/WebCore/page/SecurityOrigin.h