diff options
author | japhet@chromium.org <japhet@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-06-04 09:00:39 +0000 |
---|---|---|
committer | japhet@chromium.org <japhet@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-06-04 09:00:39 +0000 |
commit | 8d5cb21f876a51c4fddcb90954e0dd819a09a7a5 (patch) | |
tree | 0005719b9fbf9fd1757f5d028f557215487d1645 /content/browser/android | |
parent | ce3651bc735d21ca677642616c454cf2e97797ca (diff) | |
download | chromium_src-8d5cb21f876a51c4fddcb90954e0dd819a09a7a5.zip chromium_src-8d5cb21f876a51c4fddcb90954e0dd819a09a7a5.tar.gz chromium_src-8d5cb21f876a51c4fddcb90954e0dd819a09a7a5.tar.bz2 |
Trust the renderer's same-document navigation flag if it is a same-origin nav.
Currently in AreURLsInPageNavigation, we only trust renderer_says_in_page if
the before and after urls are identical. This prevents us from correctly
classifying history.pushState and history.replaceState navigations as in-page.
Navigations via the history API are required to be same-origin, but can differ
by more than just the ref component, so we get the correct behavior without
the renderer process being able to lie about a cross-origin navigation.
BUG=138324
TEST=Added cases to NavigationControllerTest.IsInPageNavigation
Review URL: https://codereview.chromium.org/304763002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@274734 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser/android')
-rw-r--r-- | content/browser/android/web_contents_observer_android.cc | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/content/browser/android/web_contents_observer_android.cc b/content/browser/android/web_contents_observer_android.cc index 72b2241..19a622a 100644 --- a/content/browser/android/web_contents_observer_android.cc +++ b/content/browser/android/web_contents_observer_android.cc @@ -129,12 +129,23 @@ void WebContentsObserverAndroid::DidNavigateMainFrame( ConvertUTF8ToJavaString(env, params.url.spec())); ScopedJavaLocalRef<jstring> jstring_base_url( ConvertUTF8ToJavaString(env, params.base_url.spec())); + // See http://crbug.com/251330 for why it's determined this way. - bool in_page_navigation = - details.type == NAVIGATION_TYPE_IN_PAGE || details.is_in_page; + url::Replacements<char> replacements; + replacements.ClearRef(); + bool urls_same_ignoring_fragment = + params.url.ReplaceComponents(replacements) == + details.previous_url.ReplaceComponents(replacements); + + // is_fragment_navigation is indicative of the intent of this variable. + // However, there isn't sufficient information here to determine whether this + // is actually a fragment navigation, or a history API navigation to a URL + // that would also be valid for a fragment navigation. + bool is_fragment_navigation = urls_same_ignoring_fragment && + (details.type == NAVIGATION_TYPE_IN_PAGE || details.is_in_page); Java_WebContentsObserverAndroid_didNavigateMainFrame( env, obj.obj(), jstring_url.obj(), jstring_base_url.obj(), - details.is_navigation_to_different_page(), in_page_navigation); + details.is_navigation_to_different_page(), is_fragment_navigation); } void WebContentsObserverAndroid::DidNavigateAnyFrame( |