Skip to content
This repository
Browse code

replace location.href references with a centralized method so we can …

…address #4787
  • Loading branch information...
commit 4348eac153d6cc7da29797a30e6d44549e09f2eb 1 parent 40735e2
John Bender authored August 06, 2012
2  js/jquery.mobile.init.js
@@ -88,7 +88,7 @@ define( [ "jquery", "./jquery.mobile.core", "./jquery.mobile.support", "./jquery
88 88
 
89 89
 				// Store the initial destination
90 90
 				if ( $.mobile.path.isHashValid( location.hash ) ) {
91  
-					$.mobile.urlHistory.initialDst = $.mobile.path.parseUrl( location.href ).hash.replace( "#", "" );
  91
+					$.mobile.urlHistory.initialDst = $.mobile.path.parseLocation().hash.replace( "#", "" );
92 92
 				}
93 93
 				$.mobile.changePage( $.mobile.firstPage, { transition: "none", reverse: true, changeHash: false, fromHashChange: true } );
94 94
 			}
15  js/jquery.mobile.navigation.js
@@ -49,6 +49,17 @@ define( [
49 49
 			//
50 50
 			urlParseRE: /^(((([^:\/#\?]+:)?(?:(\/\/)((?:(([^:@\/#\?]+)(?:\:([^:@\/#\?]+))?)@)?(([^:\/#\?\]\[]+|\[[^\/\]@#?]+\])(?:\:([0-9]+))?))?)?)?((\/?(?:[^\/\?#]+\/+)*)([^\?#]*)))?(\?[^#]+)?)(#.*)?/,
51 51
 
  52
+			// Abstraction to address xss (Issue #4787) in browsers that auto decode location.href
  53
+			// All references to location.href should be replaced with a call to this method so
  54
+			// that it can be dealt with properly here
  55
+			getLocation: function() {
  56
+				return window.location.toString();
  57
+			},
  58
+
  59
+			parseLocation: function() {
  60
+				return this.parseUrl( this.getLocation() );
  61
+			},
  62
+
52 63
 			//Parse a URL into a structure that allows easy access to
53 64
 			//all of the URL components by name.
54 65
 			parseUrl: function( url ) {
@@ -369,7 +380,7 @@ define( [
369 380
 		$base = $head.children( "base" ),
370 381
 
371 382
 		//tuck away the original document URL minus any fragment.
372  
-		documentUrl = path.parseUrl( location.href ),
  383
+		documentUrl = path.parseLocation(),
373 384
 
374 385
 		//if the document has an embedded base tag, documentBase is set to its
375 386
 		//initial value. If a base tag does not exist, then we default to the documentUrl.
@@ -1500,7 +1511,7 @@ define( [
1500 1511
 		$window.bind( "hashchange", function( e, triggered ) {
1501 1512
 			// Firefox auto-escapes the location.hash as for v13 but
1502 1513
 			// leaves the href untouched
1503  
-			$.mobile._handleHashChange( path.parseUrl(location.href).hash );
  1514
+			$.mobile._handleHashChange( path.parseLocation().hash );
1504 1515
 		});
1505 1516
 
1506 1517
 		//set page min-heights to be device specific
10  js/jquery.mobile.navigation.pushstate.js
@@ -12,7 +12,7 @@ define( [ "jquery", "./jquery.mobile.navigation", "depend!./jquery.hashchange[jq
12 12
 	var	pushStateHandler = {},
13 13
 		self = pushStateHandler,
14 14
 		$win = $( window ),
15  
-		url = $.mobile.path.parseUrl( location.href ),
  15
+		url = $.mobile.path.parseLocation(),
16 16
 		mobileinitDeferred = $.Deferred(),
17 17
 		domreadyDeferred = $.Deferred();
18 18
 
@@ -35,7 +35,7 @@ define( [ "jquery", "./jquery.mobile.navigation", "depend!./jquery.hashchange[jq
35 35
 		state: function() {
36 36
 			return {
37 37
 				// firefox auto decodes the url when using location.hash but not href
38  
-				hash: $.mobile.path.parseUrl( location.href ).hash || "#" + self.initialFilePath,
  38
+				hash: $.mobile.path.parseLocation().hash || "#" + self.initialFilePath,
39 39
 				title: document.title,
40 40
 
41 41
 				// persist across refresh
@@ -74,9 +74,9 @@ define( [ "jquery", "./jquery.mobile.navigation", "depend!./jquery.hashchange[jq
74 74
 
75 75
 			var href, state,
76 76
 				// firefox auto decodes the url when using location.hash but not href
77  
-				hash = $.mobile.path.parseUrl( location.href ).hash,
  77
+				hash = $.mobile.path.parseLocation().hash,
78 78
 				isPath = $.mobile.path.isPath( hash ),
79  
-				resolutionUrl = isPath ? location.href : $.mobile.getDocumentUrl();
  79
+				resolutionUrl = isPath ? $.mobile.path.getLocation() : $.mobile.getDocumentUrl();
80 80
 
81 81
 			hash = isPath ? hash.replace( "#", "" ) : hash;
82 82
 
@@ -141,7 +141,7 @@ define( [ "jquery", "./jquery.mobile.navigation", "depend!./jquery.hashchange[jq
141 141
 
142 142
 			// if there's no hash, we need to replacestate for returning to home
143 143
 			if ( location.hash === "" ) {
144  
-				history.replaceState( self.state(), document.title, location.href );
  144
+				history.replaceState( self.state(), document.title, $.mobile.path.getLocation() );
145 145
 			}
146 146
 		}
147 147
 	});

0 notes on commit 4348eac

Please sign in to comment.
Something went wrong with that request. Please try again.