Skip to content

Commit 60f84ad

Browse files
domenicdomenic
committed
Use the associated document for pushState/replaceState's origin check
This updates the origin check in pushState/replaceState to use the origin of the document of the relevant History object, instead of that of the entry settings object. This more correctly matches 2/3 open source browsers: - https://chromium.googlesource.com/chromium/src/+/c21f0b11ac83ea970d0eaf6a0b223d48a32a4b32/third_party/WebKit/Source/core/frame/History.cpp#234 - https://github.com/WebKit/webkit/blob/0ee7b606dbf35d9688c15b19b1a83ec1ff242cd7/Source/WebCore/page/History.cpp#L150 (Gecko does no such security check). It also helps with #1431. While there, cleaned up some redundant steps and tightened wording.
1 parent 921499f commit 60f84ad

File tree

1 file changed

+14
-15
lines changed

1 file changed

+14
-15
lines changed

source

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -80151,10 +80151,11 @@ interface <dfn>History</dfn> {
8015180151
<p>When either of these methods is invoked, the user agent must run the following steps:</p>
8015280152

8015380153
<ol>
80154+
<li><p>Let <var>document</var> be the unique <code>Document</code> object this
80155+
<code>History</code> object is associated with.</p></li>
8015480156

80155-
<li><p>If this <code>History</code> object is associated with a <code>Document</code> that is
80156-
not <span>fully active</span>, throw a <span>"<code>SecurityError</code>"</span>
80157-
<code>DOMException</code>.</p></li>
80157+
<li><p>If <var>document</var> is not <span>fully active</span>, throw a
80158+
<span>"<code>SecurityError</code>"</span> <code>DOMException</code>.</p></li>
8015880159

8015980160
<li><p>Optionally, abort these steps. (For example, the user agent might disallow calls to these
8016080161
methods that are invoked on a timer, or from event listeners that are not triggered in response
@@ -80180,20 +80181,20 @@ interface <dfn>History</dfn> {
8018080181

8018180182
<li><p>Let <var>new URL</var> be the <span>resulting URL record</span>.</p></li>
8018280183

80183-
<li>Compare <var>new URL</var> to the document's <span
80184+
<li>Compare <var>new URL</var> to <var>document</var>'s <span
8018480185
data-x="concept-document-url">URL</span>. If any component of these two <span data-x="URL
8018580186
record">URL records</span> differ other than the <span data-x="concept-url-path">path</span>,
8018680187
<span data-x="concept-url-query">query</span>, and <span
8018780188
data-x="concept-url-fragment">fragment</span> components, then throw a
8018880189
<span>"<code>SecurityError</code>"</span> <code>DOMException</code> and abort these steps.</li>
8018980190

80190-
<li>If the <span data-x="concept-url-origin">origin</span> of <var>new URL</var> is not the
80191-
same as the <span>origin</span> of the <span>responsible document</span> specified by the
80192-
<span>entry settings object</span>, and either the <span data-x="concept-url-path">path</span>
80193-
or <span data-x="concept-url-query">query</span> components of the two <span data-x="URL
80194-
record">URL records</span> compared in the previous step differ, throw a
80195-
<span>"<code>SecurityError</code>"</span> <code>DOMException</code> and abort these steps.
80196-
(This prevents sandboxed content from spoofing other pages on the same origin.)</li>
80191+
<li>If the <span data-x="concept-url-origin">origin</span> of <var>new URL</var> is not
80192+
<span>same origin</span> with the <span>origin</span> of <var>document</var>, and either the
80193+
<span data-x="concept-url-path">path</span> or <span data-x="concept-url-query">query</span>
80194+
components of the two <span data-x="URL record">URL records</span> compared in the previous
80195+
step differ, throw a <span>"<code>SecurityError</code>"</span> <code>DOMException</code> and
80196+
abort these steps. (This prevents sandboxed content from spoofing other pages on the same
80197+
origin.)</li>
8019780198

8019880199
</ol>
8019980200

@@ -80256,17 +80257,15 @@ interface <dfn>History</dfn> {
8025680257

8025780258
<li>
8025880259

80259-
<p>Set the document's <span data-x="concept-document-url">URL</span> to <var>new URL</var>.</p>
80260+
<p>Set <var>document</var>'s <span data-x="concept-document-url">URL</span> to <var>new
80261+
URL</var>.</p>
8026080262

8026180263
<p class="note">Since this is neither a <span data-x="navigate">navigation</span> of the
8026280264
<span>browsing context</span> nor a <span data-x="traverse the history">history traversal</span>,
8026380265
it does not cause a <code data-x="event-hashchange">hashchange</code> event to be fired.</p>
8026480266

8026580267
</li>
8026680268

80267-
<li><p>Let <var>targetRealm</var> be this <code>History</code> object's <span>relevant settings
80268-
object</span>'s <span data-x="environment settings object's realm">Realm</span>.</p></li>
80269-
8027080269
<li>
8027180270

8027280271
<p>Set <code data-x="dom-history-state">history.state</code> to

0 commit comments

Comments
 (0)