Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

replace location.href references with a centralized method so we can …

…address #4787
  • Loading branch information...
commit 2daa1793fb9f989e0e86cf8dc0283f08117357eb 1 parent 882c045
@johnbender johnbender authored
View
15 js/jquery.mobile.navigation.js
@@ -49,6 +49,17 @@ define( [
//
urlParseRE: /^(((([^:\/#\?]+:)?(?:(\/\/)((?:(([^:@\/#\?]+)(?:\:([^:@\/#\?]+))?)@)?(([^:\/#\?\]\[]+|\[[^\/\]@#?]+\])(?:\:([0-9]+))?))?)?)?((\/?(?:[^\/\?#]+\/+)*)([^\?#]*)))?(\?[^#]+)?)(#.*)?/,
+ // Abstraction to address xss (Issue #4787) in browsers that auto decode location.href
+ // All references to location.href should be replaced with a call to this method so
+ // that it can be dealt with properly here
+ getLocation: function() {
+ return window.location.toString();
+ },
+
+ parseLocation: function() {
+ return this.parseUrl( this.getLocation() );
+ },
+
//Parse a URL into a structure that allows easy access to
//all of the URL components by name.
parseUrl: function( url ) {
@@ -368,7 +379,7 @@ define( [
$base = $head.children( "base" ),
//tuck away the original document URL minus any fragment.
- documentUrl = path.parseUrl( location.href ),
+ documentUrl = path.parseLocation(),
//if the document has an embedded base tag, documentBase is set to its
//initial value. If a base tag does not exist, then we default to the documentUrl.
@@ -1480,7 +1491,7 @@ define( [
$window.bind( "hashchange", function( e, triggered ) {
// Firefox auto-escapes the location.hash as for v13 but
// leaves the href untouched
- $.mobile._handleHashChange( path.parseUrl(location.href).hash );
+ $.mobile._handleHashChange( path.parseLocation().hash );
});
//set page min-heights to be device specific
View
12 js/jquery.mobile.navigation.pushstate.js
@@ -12,7 +12,7 @@ define( [ "jquery", "./jquery.mobile.navigation", "../external/requirejs/depend!
var pushStateHandler = {},
self = pushStateHandler,
$win = $( window ),
- url = $.mobile.path.parseUrl( location.href ),
+ url = $.mobile.path.parseLocation(),
mobileinitDeferred = $.Deferred(),
domreadyDeferred = $.Deferred();
@@ -34,7 +34,8 @@ define( [ "jquery", "./jquery.mobile.navigation", "../external/requirejs/depend!
state: function() {
return {
- hash: $.mobile.path.parseUrl( location.href ).hash || "#" + self.initialFilePath,
+ // firefox auto decodes the url when using location.hash but not href
+ hash: $.mobile.path.parseLocation().hash || "#" + self.initialFilePath,
title: document.title,
// persist across refresh
@@ -72,9 +73,10 @@ define( [ "jquery", "./jquery.mobile.navigation", "../external/requirejs/depend!
}
var href, state,
- hash = $.mobile.path.parseUrl( location.href ).hash,
+ // firefox auto decodes the url when using location.hash but not href
+ hash = $.mobile.path.parseLocation().hash,
isPath = $.mobile.path.isPath( hash ),
- resolutionUrl = isPath ? location.href : $.mobile.getDocumentUrl();
+ resolutionUrl = isPath ? $.mobile.path.getLocation() : $.mobile.getDocumentUrl();
hash = isPath ? hash.replace( "#", "" ) : hash;
@@ -139,7 +141,7 @@ define( [ "jquery", "./jquery.mobile.navigation", "../external/requirejs/depend!
// if there's no hash, we need to replacestate for returning to home
if ( location.hash === "" ) {
- history.replaceState( self.state(), document.title, location.href );
+ history.replaceState( self.state(), document.title, $.mobile.path.getLocation() );
}
}
});
Please sign in to comment.
Something went wrong with that request. Please try again.