Skip to content
Permalink
Browse files
Add support to return an adjusted URL when accessed from JavaScript b…
…indings

https://bugs.webkit.org/show_bug.cgi?id=248490
rdar://100472810

Reviewed by Wenson Hsieh.

This patch adds support to return an adjusted URL for JavaScript bindings
after a cross site top level navigation.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::setURL):
(WebCore::Document::urlForBindings const):
(WebCore::Document::adjustedURL const):
* Source/WebCore/dom/Document.h:
(WebCore::Document::urlForBindings const): Deleted.
* Source/WebCore/page/Location.cpp:
(WebCore::Location::url const):

Canonical link: https://commits.webkit.org/257490@main
  • Loading branch information
charliewolfe authored and whsieh committed Dec 7, 2022
1 parent bc01428 commit 31e1e52a0454daa2899f75aa1ec6af635a3828ed
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 2 deletions.
@@ -3530,9 +3530,42 @@ void Document::setURL(const URL& url)
m_url = WTFMove(newURL);

m_documentURI = m_url.url().string();
m_adjustedURL = adjustedURL();
updateBaseURL();
}

const URL& Document::urlForBindings() const
{
auto shouldAdjustURL = [this] {
if (m_url.url().isEmpty() || !loader() || !isTopDocument())
return false;

auto* topDocumentLoader = topDocument().loader();
if (!topDocumentLoader || !topDocumentLoader->networkConnectionIntegrityPolicy().contains(WebCore::NetworkConnectionIntegrity::Enabled))
return false;

auto preNavigationURL = loader()->originalRequest().httpReferrer();
if (preNavigationURL.isEmpty() || RegistrableDomain { URL { preNavigationURL } }.matches(securityOrigin().data()))
return false;

return true;
}();

if (shouldAdjustURL)
return m_adjustedURL;

return m_url.url().isEmpty() ? aboutBlankURL() : m_url.url();
}

#if USE(APPLE_INTERNAL_SDK) && __has_include(<WebKitAdditions/DocumentAdditions.cpp>)
#include <WebKitAdditions/DocumentAdditions.cpp>
#else
URL Document::adjustedURL() const
{
return m_url.url();
}
#endif

// https://html.spec.whatwg.org/#fallback-base-url
URL Document::fallbackBaseURL() const
{
@@ -722,7 +722,9 @@ class Document

const URL& url() const final { return m_url; }
void setURL(const URL&);
const URL& urlForBindings() const { return m_url.url().isEmpty() ? aboutBlankURL() : m_url.url(); }
WEBCORE_EXPORT const URL& urlForBindings() const;

URL adjustedURL() const;

const URL& creationURL() const { return m_creationURL; }

@@ -1879,6 +1881,7 @@ class Document
URL m_cookieURL; // The URL to use for cookie access.
URL m_firstPartyForCookies; // The policy URL for third-party cookie blocking.
URL m_siteForCookies; // The policy URL for Same-Site cookies.
URL m_adjustedURL; // The URL to return for bindings after a cross-site navigation when the "network connection integrity" setting is enabled.

// Document.documentURI:
// Although URL-like, Document.documentURI can actually be set to any
@@ -53,7 +53,7 @@ inline const URL& Location::url() const
if (!frame())
return aboutBlankURL();

const URL& url = frame()->document()->url();
const URL& url = frame()->document()->urlForBindings();
if (!url.isValid())
return aboutBlankURL(); // Use "about:blank" while the page is still loading (before we have a frame).

0 comments on commit 31e1e52

Please sign in to comment.