From 09daf88ea7cfad0006743f6aa7ca6a53d5c173d1 Mon Sep 17 00:00:00 2001 From: Dave Tapuska Date: Thu, 18 Jul 2019 10:31:43 -0400 Subject: [PATCH 1/2] Explicitly prevent sandboxed navigation in the history interface. The spec was a little unclear whether sandboxed navigation was prevented if it causes a top-level navigation via the history API. The check for the navigation was after the unload steps of the history traversal. Fixes #880 --- source | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/source b/source index a3eee0bf42b..c9f6e431c22 100644 --- a/source +++ b/source @@ -81625,23 +81625,26 @@ interface History { null.

When the go(delta) method is - invoked, if delta is zero, the user agent must act as if the - location.reload() method was called instead. Otherwise, - the user agent must traverse the history by a delta whose value is - delta. If this History object is associated with a Document - that is not fully active, invoking must instead throw a - "SecurityError" DOMException.

+ invoked, if delta is zero, the user agent must act as if the location.reload() method was called instead. Otherwise, the + user agent must traverse the history by a delta with delta and this + History object's associated Document browsing context. If + this History object is associated with a Document that is not + fully active, invoking must instead throw a "SecurityError" + DOMException.

When the back() method is invoked, the user - agent must traverse the history by a delta −1. If this History - object is associated with a Document that is not fully active, - invoking must instead throw a "SecurityError" + agent must traverse the history by a delta −1 and this History + object's associated Document browsing context. If this + History object is associated with a Document that is not fully + active, invoking must instead throw a "SecurityError" DOMException.

When the forward() method is invoked, the - user agent must traverse the history by a delta +1. If this History - object is associated with a Document that is not fully active, - invoking must instead throw a "SecurityError" + user agent must traverse the history by a delta +1 and this History + object's associated Document browsing context. If this + History object is associated with a Document that is not fully + active, invoking must instead throw a "SecurityError" DOMException.

@@ -81674,14 +81677,16 @@ interface History {
-

To traverse the history by a delta delta, the user agent must - append a task to this top-level browsing context's - session history traversal queue, the task - consisting of running the following steps:

+

To traverse the history by a delta given delta and browsing + context source browsing context, the user agent must append a task to this top-level browsing context's session + history traversal queue, the task consisting of running + the following steps:

    -

  1. If the index of the current entry of the joint session history plus delta is less than zero or greater than or equal to the number of items in the +

  2. If the index of the current entry of the joint session history plus + delta is less than zero or greater than or equal to the number of items in the joint session history, then return.

  3. Let specified entry be the entry in the joint session @@ -81691,6 +81696,9 @@ interface History {

  4. Let specified browsing context be the browsing context of the specified entry.

    5. +

  5. If source browsing context is not allowed to navigate + specified browsing context, return.

    6. +

  6. If the specified browsing context's active document's unload a document algorithm is currently running, return.

    7. @@ -81738,8 +81746,8 @@ interface History {

When the user navigates through a browsing context, e.g. using a browser's back - and forward buttons, the user agent must traverse the history by a delta equivalent - to the action specified by the user.

+ and forward buttons, the user agent must traverse the history by a delta with a delta + equivalent to the action specified by the user and the top-level browsing context.

From 95992a694d8a765d9bd994e7638cb643981d809b Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Tue, 30 Jul 2019 14:57:29 -0400 Subject: [PATCH 2/2] Fix which BC; editorial tweaks --- source | 67 ++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 21 deletions(-) diff --git a/source b/source index c9f6e431c22..5e21c07c790 100644 --- a/source +++ b/source @@ -81625,27 +81625,52 @@ interface History { null.

When the go(delta) method is - invoked, if delta is zero, the user agent must act as if the location.reload() method was called instead. Otherwise, the - user agent must traverse the history by a delta with delta and this - History object's associated Document browsing context. If - this History object is associated with a Document that is not - fully active, invoking must instead throw a "SecurityError" - DOMException.

+ invoked:

-

When the back() method is invoked, the user - agent must traverse the history by a delta −1 and this History - object's associated Document browsing context. If this - History object is associated with a Document that is not fully - active, invoking must instead throw a "SecurityError" - DOMException.

+
    +

  1. Let document be this History object's associated + Document.

    2. -

    When the forward() method is invoked, the - user agent must traverse the history by a delta +1 and this History - object's associated Document browsing context. If this - History object is associated with a Document that is not fully - active, invoking must instead throw a "SecurityError" - DOMException.

    +

  2. If document is not fully active, then throw a + "SecurityError" + DOMException.

    3. + + +

  3. If delta is 0, then act as if the location.reload() method was called, and return.

    4. + +

  4. Traverse the history by a delta with delta and + document's browsing context.

    5. +
+ +

When the back() method is invoked:

+ +
    +

  1. Let document be this History object's associated + Document.

    2. + +

  2. If document is not fully active, then throw a + "SecurityError" + DOMException.

    3. + +

  3. Traverse the history by a delta with −1 and + document's browsing context.

    4. +
+ +

When the forward() method is invoked:

+ + +
    +

  1. Let document be this History object's associated + Document.

    2. + +

  2. If document is not fully active, then throw a + "SecurityError" + DOMException.

    3. + +

  3. Traverse the history by a delta with +1 and + document's browsing context.

    4. +
@@ -81697,7 +81722,7 @@ interface History { the specified entry.

  • If source browsing context is not allowed to navigate - specified browsing context, return.

    • + specified browsing context, then return.

  • If the specified browsing context's active document's unload a document algorithm is currently running, return.

    • @@ -81747,7 +81772,7 @@ interface History {

    When the user navigates through a browsing context, e.g. using a browser's back and forward buttons, the user agent must traverse the history by a delta with a delta - equivalent to the action specified by the user and the top-level browsing context.

    + equivalent to the action specified by the user and the browsing context being operated on.