blob: 0daedd495a2f8d3311da1fd30ee5b4c605bc893f [file] [log] [blame]
/*
* Copyright (C) 2007 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "History.h"
#include "BackForwardController.h"
#include "Document.h"
#include "ExceptionCode.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "HistoryController.h"
#include "HistoryItem.h"
#include "MainFrame.h"
#include "Page.h"
#include "ScriptController.h"
#include "SecurityOrigin.h"
#include <wtf/CheckedArithmetic.h>
#include <wtf/MainThread.h>
namespace WebCore {
History::History(Frame& frame)
: DOMWindowProperty(&frame)
{
}
unsigned History::length() const
{
if (!m_frame)
return 0;
auto* page = m_frame->page();
if (!page)
return 0;
return page->backForward().count();
}
SerializedScriptValue* History::state()
{
m_lastStateObjectRequested = stateInternal();
return m_lastStateObjectRequested.get();
}
SerializedScriptValue* History::stateInternal() const
{
if (!m_frame)
return nullptr;
auto* historyItem = m_frame->loader().history().currentItem();
if (!historyItem)
return nullptr;
return historyItem->stateObject();
}
bool History::stateChanged() const
{
return m_lastStateObjectRequested != stateInternal();
}
bool History::isSameAsCurrentState(SerializedScriptValue* state) const
{
return state == stateInternal();
}
void History::back()
{
go(-1);
}
void History::back(Document& document)
{
go(document, -1);
}
void History::forward()
{
go(1);
}
void History::forward(Document& document)
{
go(document, 1);
}
void History::go(int distance)
{
if (!m_frame)
return;
m_frame->navigationScheduler().scheduleHistoryNavigation(distance);
}
void History::go(Document& document, int distance)
{
if (!m_frame)
return;
ASSERT(isMainThread());
if (!document.canNavigate(m_frame))
return;
m_frame->navigationScheduler().scheduleHistoryNavigation(distance);
}
URL History::urlForState(const String& urlString)
{
URL baseURL = m_frame->document()->baseURL();
if (urlString.isEmpty())
return baseURL;
return URL(baseURL, urlString);
}
ExceptionOr<void> History::stateObjectAdded(RefPtr<SerializedScriptValue>&& data, const String& title, const String& urlString, StateObjectType stateObjectType)
{
// Each unique main-frame document is only allowed to send 64MB of state object payload to the UI client/process.
static uint32_t totalStateObjectPayloadLimit = 0x4000000;
static double stateObjectTimeSpan = 30.0;
static unsigned perStateObjectTimeSpanLimit = 100;
if (!m_frame || !m_frame->page())
return { };
URL fullURL = urlForState(urlString);
if (!fullURL.isValid() || !m_frame->document()->securityOrigin().canRequest(fullURL))
return Exception { SECURITY_ERR };
if (fullURL.hasUsername() || fullURL.hasPassword()) {
if (stateObjectType == StateObjectType::Replace)
return Exception { SECURITY_ERR, "Attempt to use history.replaceState() to change session history URL to " + fullURL.string() + " is insecure; Username/passwords aren't allowed in state object URLs" };
return Exception { SECURITY_ERR, "Attempt to use history.pushState() to add URL " + fullURL.string() + " to session history is insecure; Username/passwords aren't allowed in state object URLs" };
}
Document* mainDocument = m_frame->page()->mainFrame().document();
History* mainHistory = nullptr;
if (mainDocument) {
if (auto* mainDOMWindow = mainDocument->domWindow())
mainHistory = mainDOMWindow->history();
}
if (!mainHistory)
return { };
double currentTimestamp = currentTime();
if (currentTimestamp - mainHistory->m_currentStateObjectTimeSpanStart > stateObjectTimeSpan) {
mainHistory->m_currentStateObjectTimeSpanStart = currentTimestamp;
mainHistory->m_currentStateObjectTimeSpanObjectsAdded = 0;
}
if (mainHistory->m_currentStateObjectTimeSpanObjectsAdded >= perStateObjectTimeSpanLimit) {
if (stateObjectType == StateObjectType::Replace)
return Exception { SECURITY_ERR, String::format("Attempt to use history.replaceState() more than %u times per %f seconds", perStateObjectTimeSpanLimit, stateObjectTimeSpan) };
return Exception { SECURITY_ERR, String::format("Attempt to use history.pushState() more than %u times per %f seconds", perStateObjectTimeSpanLimit, stateObjectTimeSpan) };
}
Checked<unsigned> titleSize = title.length();
titleSize *= 2;
Checked<unsigned> urlSize = fullURL.string().length();
urlSize *= 2;
Checked<uint64_t> payloadSize = titleSize;
payloadSize += urlSize;
payloadSize += data ? data->data().size() : 0;
Checked<uint64_t> newTotalUsage = mainHistory->m_totalStateObjectUsage;
if (stateObjectType == StateObjectType::Replace)
newTotalUsage -= m_mostRecentStateObjectUsage;
newTotalUsage += payloadSize;
if (newTotalUsage > totalStateObjectPayloadLimit) {
if (stateObjectType == StateObjectType::Replace)
return Exception { QUOTA_EXCEEDED_ERR, ASCIILiteral("Attempt to store more data than allowed using history.replaceState()") };
return Exception { QUOTA_EXCEEDED_ERR, ASCIILiteral("Attempt to store more data than allowed using history.pushState()") };
}
m_mostRecentStateObjectUsage = payloadSize.unsafeGet();
mainHistory->m_totalStateObjectUsage = newTotalUsage.unsafeGet();
++mainHistory->m_currentStateObjectTimeSpanObjectsAdded;
if (!urlString.isEmpty())
m_frame->document()->updateURLForPushOrReplaceState(fullURL);
if (stateObjectType == StateObjectType::Push) {
m_frame->loader().history().pushState(WTFMove(data), title, fullURL.string());
m_frame->loader().client().dispatchDidPushStateWithinPage();
} else if (stateObjectType == StateObjectType::Replace) {
m_frame->loader().history().replaceState(WTFMove(data), title, fullURL.string());
m_frame->loader().client().dispatchDidReplaceStateWithinPage();
}
return { };
}
} // namespace WebCore