Skip to content
Browse files
Add support to return an adjusted URL when accessed from JavaScript b…

Reviewed by Wenson Hsieh.

This patch adds support to return an adjusted URL for JavaScript bindings
after a cross site top level navigation.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::urlForBindings const):
(WebCore::Document::adjustedURL const):
* Source/WebCore/dom/Document.h:
(WebCore::Document::urlForBindings const): Deleted.
* Source/WebCore/page/Location.cpp:
(WebCore::Location::url const):

Canonical link:
  • Loading branch information
charliewolfe authored and whsieh committed Dec 7, 2022
1 parent bc01428 commit 31e1e52a0454daa2899f75aa1ec6af635a3828ed
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 2 deletions.
@@ -3530,9 +3530,42 @@ void Document::setURL(const URL& url)
m_url = WTFMove(newURL);

m_documentURI = m_url.url().string();
m_adjustedURL = adjustedURL();

const URL& Document::urlForBindings() const
auto shouldAdjustURL = [this] {
if (m_url.url().isEmpty() || !loader() || !isTopDocument())
return false;

auto* topDocumentLoader = topDocument().loader();
if (!topDocumentLoader || !topDocumentLoader->networkConnectionIntegrityPolicy().contains(WebCore::NetworkConnectionIntegrity::Enabled))
return false;

auto preNavigationURL = loader()->originalRequest().httpReferrer();
if (preNavigationURL.isEmpty() || RegistrableDomain { URL { preNavigationURL } }.matches(securityOrigin().data()))
return false;

return true;

if (shouldAdjustURL)
return m_adjustedURL;

return m_url.url().isEmpty() ? aboutBlankURL() : m_url.url();

#if USE(APPLE_INTERNAL_SDK) && __has_include(<WebKitAdditions/DocumentAdditions.cpp>)
#include <WebKitAdditions/DocumentAdditions.cpp>
URL Document::adjustedURL() const
return m_url.url();

URL Document::fallbackBaseURL() const
@@ -722,7 +722,9 @@ class Document

const URL& url() const final { return m_url; }
void setURL(const URL&);
const URL& urlForBindings() const { return m_url.url().isEmpty() ? aboutBlankURL() : m_url.url(); }
WEBCORE_EXPORT const URL& urlForBindings() const;

URL adjustedURL() const;

const URL& creationURL() const { return m_creationURL; }

@@ -1879,6 +1881,7 @@ class Document
URL m_cookieURL; // The URL to use for cookie access.
URL m_firstPartyForCookies; // The policy URL for third-party cookie blocking.
URL m_siteForCookies; // The policy URL for Same-Site cookies.
URL m_adjustedURL; // The URL to return for bindings after a cross-site navigation when the "network connection integrity" setting is enabled.

// Document.documentURI:
// Although URL-like, Document.documentURI can actually be set to any
@@ -53,7 +53,7 @@ inline const URL& Location::url() const
if (!frame())
return aboutBlankURL();

const URL& url = frame()->document()->url();
const URL& url = frame()->document()->urlForBindings();
if (!url.isValid())
return aboutBlankURL(); // Use "about:blank" while the page is still loading (before we have a frame).

0 comments on commit 31e1e52

Please sign in to comment.