<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[167856] trunk/Source/WebCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/167856">167856</a></dd>
<dt>Author</dt> <dd>darin@apple.com</dd>
<dt>Date</dt> <dd>2014-04-27 09:06:27 -0700 (Sun, 27 Apr 2014)</dd>
</dl>

<h3>Log Message</h3>
<pre>Webpages can trigger loads with invalid URLs
https://bugs.webkit.org/show_bug.cgi?id=132224
rdar://problem/16697142

Reviewed by Alexey Proskuryakov.

Invalid URLs can be a way to trick the user about what website they
are looking at.  Still trying to figure out a good way to regression-test this.

* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Pass a URL rather than a String to
the navigation scheduler.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::receivedFirstData): Ditto.

* loader/NavigationScheduler.cpp:
(WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Take a URL rather
than a string.
(WebCore::ScheduledURLNavigation::url): Ditto.
(WebCore::ScheduledRedirect::ScheduledRedirect): Ditto.
(WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto.
(WebCore::ScheduledRefresh::ScheduledRefresh): Ditto.
(WebCore::NavigationScheduler::shouldScheduleNavigation): Added a check that
prevents navigation to any URL that is invalid, except for JavaScript URLs,
which need not be valid.
(WebCore::NavigationScheduler::scheduleRedirect): Use URL instead of String.
(WebCore::NavigationScheduler::scheduleLocationChange): Use URL instead of
String. Also got rid of empty string check since empty URLs are also invalid,
and so shouldScheduleNavigation will take care of it.
(WebCore::NavigationScheduler::scheduleRefresh): Use URL instead of String.

* loader/NavigationScheduler.h: Take URL instead of String. Also removed some
unneeded incldues and uses of WTF_MAKE_NONCOPYABLE. NavigationScheduler is
already noncopyable because it has a reference for a data member, and the
disabler doesn't have any real reason to be noncopyable.

* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe): Pass a URL rather than a
String to the NavigationScheduler.
* page/DOMWindow.cpp:
(WebCore::DOMWindow::createWindow): Ditto.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin): Return a URL instead
of a String.
* page/SecurityOrigin.h: Updated for above change.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoredomDocumentcpp">trunk/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderFrameLoadercpp">trunk/Source/WebCore/loader/FrameLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderNavigationSchedulercpp">trunk/Source/WebCore/loader/NavigationScheduler.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderNavigationSchedulerh">trunk/Source/WebCore/loader/NavigationScheduler.h</a></li>
<li><a href="#trunkSourceWebCoreloaderSubframeLoadercpp">trunk/Source/WebCore/loader/SubframeLoader.cpp</a></li>
<li><a href="#trunkSourceWebCorepageDOMWindowcpp">trunk/Source/WebCore/page/DOMWindow.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSecurityOrigincpp">trunk/Source/WebCore/page/SecurityOrigin.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSecurityOriginh">trunk/Source/WebCore/page/SecurityOrigin.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/ChangeLog        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -1,3 +1,52 @@
</span><ins>+2014-04-27  Darin Adler  &lt;darin@apple.com&gt;
+
+        Webpages can trigger loads with invalid URLs
+        https://bugs.webkit.org/show_bug.cgi?id=132224
+        rdar://problem/16697142
+
+        Reviewed by Alexey Proskuryakov.
+
+        Invalid URLs can be a way to trick the user about what website they
+        are looking at.  Still trying to figure out a good way to regression-test this.
+
+        * dom/Document.cpp:
+        (WebCore::Document::processHttpEquiv): Pass a URL rather than a String to
+        the navigation scheduler.
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::receivedFirstData): Ditto.
+
+        * loader/NavigationScheduler.cpp:
+        (WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Take a URL rather
+        than a string.
+        (WebCore::ScheduledURLNavigation::url): Ditto.
+        (WebCore::ScheduledRedirect::ScheduledRedirect): Ditto.
+        (WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto.
+        (WebCore::ScheduledRefresh::ScheduledRefresh): Ditto.
+        (WebCore::NavigationScheduler::shouldScheduleNavigation): Added a check that
+        prevents navigation to any URL that is invalid, except for JavaScript URLs,
+        which need not be valid.
+        (WebCore::NavigationScheduler::scheduleRedirect): Use URL instead of String.
+        (WebCore::NavigationScheduler::scheduleLocationChange): Use URL instead of
+        String. Also got rid of empty string check since empty URLs are also invalid,
+        and so shouldScheduleNavigation will take care of it.
+        (WebCore::NavigationScheduler::scheduleRefresh): Use URL instead of String.
+
+        * loader/NavigationScheduler.h: Take URL instead of String. Also removed some
+        unneeded incldues and uses of WTF_MAKE_NONCOPYABLE. NavigationScheduler is
+        already noncopyable because it has a reference for a data member, and the
+        disabler doesn't have any real reason to be noncopyable.
+
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::loadOrRedirectSubframe): Pass a URL rather than a
+        String to the NavigationScheduler.
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::createWindow): Ditto.
+
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::urlWithUniqueSecurityOrigin): Return a URL instead
+        of a String.
+        * page/SecurityOrigin.h: Updated for above change.
+
</ins><span class="cx"> 2014-04-27  Zan Dobersek  &lt;zdobersek@igalia.com&gt;
</span><span class="cx"> 
</span><span class="cx">         ScriptExecutionContext::Task should work well with C++11 lambdas
</span></span></pre></div>
<a id="trunkSourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Document.cpp (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Document.cpp        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/dom/Document.cpp        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -2824,14 +2824,15 @@
</span><span class="cx">         styleResolverChanged(DeferRecalcStyle);
</span><span class="cx">     } else if (equalIgnoringCase(equiv, &quot;refresh&quot;)) {
</span><span class="cx">         double delay;
</span><del>-        String url;
-        if (frame &amp;&amp; parseHTTPRefresh(content, true, delay, url)) {
-            if (url.isEmpty())
-                url = m_url.string();
</del><ins>+        String urlString;
+        if (frame &amp;&amp; parseHTTPRefresh(content, true, delay, urlString)) {
+            URL completedURL;
+            if (urlString.isEmpty())
+                completedURL = m_url;
</ins><span class="cx">             else
</span><del>-                url = completeURL(url).string();
-            if (!protocolIsJavaScript(url))
-                frame-&gt;navigationScheduler().scheduleRedirect(delay, url);
</del><ins>+                completedURL = completeURL(urlString);
+            if (!protocolIsJavaScript(completedURL))
+                frame-&gt;navigationScheduler().scheduleRedirect(delay, completedURL);
</ins><span class="cx">             else {
</span><span class="cx">                 String message = &quot;Refused to refresh &quot; + m_url.stringCenterEllipsizedToLength() + &quot; to a javascript: URL&quot;;
</span><span class="cx">                 addConsoleMessage(MessageSource::Security, MessageLevel::Error, message);
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderFrameLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/FrameLoader.cpp        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -666,16 +666,17 @@
</span><span class="cx">         return;
</span><span class="cx"> 
</span><span class="cx">     double delay;
</span><del>-    String url;
-    if (!parseHTTPRefresh(m_documentLoader-&gt;response().httpHeaderField(&quot;Refresh&quot;), false, delay, url))
</del><ins>+    String urlString;
+    if (!parseHTTPRefresh(m_documentLoader-&gt;response().httpHeaderField(&quot;Refresh&quot;), false, delay, urlString))
</ins><span class="cx">         return;
</span><del>-    if (url.isEmpty())
-        url = m_frame.document()-&gt;url().string();
</del><ins>+    URL completedURL;
+    if (urlString.isEmpty())
+        completedURL = m_frame.document()-&gt;url();
</ins><span class="cx">     else
</span><del>-        url = m_frame.document()-&gt;completeURL(url).string();
</del><ins>+        completedURL = m_frame.document()-&gt;completeURL(urlString);
</ins><span class="cx"> 
</span><del>-    if (!protocolIsJavaScript(url))
-        m_frame.navigationScheduler().scheduleRedirect(delay, url);
</del><ins>+    if (!protocolIsJavaScript(completedURL))
+        m_frame.navigationScheduler().scheduleRedirect(delay, completedURL);
</ins><span class="cx">     else {
</span><span class="cx">         String message = &quot;Refused to refresh &quot; + m_frame.document()-&gt;url().stringCenterEllipsizedToLength() + &quot; to a javascript: URL&quot;;
</span><span class="cx">         m_frame.document()-&gt;addConsoleMessage(MessageSource::Security, MessageLevel::Error, message);
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderNavigationSchedulercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/NavigationScheduler.cpp (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/NavigationScheduler.cpp        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/loader/NavigationScheduler.cpp        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -97,7 +97,7 @@
</span><span class="cx"> 
</span><span class="cx"> class ScheduledURLNavigation : public ScheduledNavigation {
</span><span class="cx"> protected:
</span><del>-    ScheduledURLNavigation(double delay, SecurityOrigin* securityOrigin, const String&amp; url, const String&amp; referrer, LockHistory lockHistory, LockBackForwardList lockBackForwardList, bool duringLoad, bool isLocationChange)
</del><ins>+    ScheduledURLNavigation(double delay, SecurityOrigin* securityOrigin, const URL&amp; url, const String&amp; referrer, LockHistory lockHistory, LockBackForwardList lockBackForwardList, bool duringLoad, bool isLocationChange)
</ins><span class="cx">         : ScheduledNavigation(delay, lockHistory, lockBackForwardList, duringLoad, isLocationChange)
</span><span class="cx">         , m_securityOrigin(securityOrigin)
</span><span class="cx">         , m_url(url)
</span><span class="lines">@@ -109,7 +109,7 @@
</span><span class="cx">     virtual void fire(Frame&amp; frame) override
</span><span class="cx">     {
</span><span class="cx">         UserGestureIndicator gestureIndicator(wasUserGesture() ? DefinitelyProcessingUserGesture : DefinitelyNotProcessingUserGesture);
</span><del>-        frame.loader().changeLocation(m_securityOrigin.get(), URL(ParsedURLString, m_url), m_referrer, lockHistory(), lockBackForwardList(), false);
</del><ins>+        frame.loader().changeLocation(m_securityOrigin.get(), m_url, m_referrer, lockHistory(), lockBackForwardList(), false);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     virtual void didStartTimer(Frame&amp; frame, Timer&lt;NavigationScheduler&gt;&amp; timer) override
</span><span class="lines">@@ -119,7 +119,7 @@
</span><span class="cx">         m_haveToldClient = true;
</span><span class="cx"> 
</span><span class="cx">         UserGestureIndicator gestureIndicator(wasUserGesture() ? DefinitelyProcessingUserGesture : DefinitelyNotProcessingUserGesture);
</span><del>-        frame.loader().clientRedirected(URL(ParsedURLString, m_url), delay(), currentTime() + timer.nextFireInterval(), lockBackForwardList());
</del><ins>+        frame.loader().clientRedirected(m_url, delay(), currentTime() + timer.nextFireInterval(), lockBackForwardList());
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     virtual void didStopTimer(Frame&amp; frame, bool newLoadInProgress) override
</span><span class="lines">@@ -137,19 +137,19 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
</span><del>-    String url() const { return m_url; }
</del><ins>+    const URL&amp; url() const { return m_url; }
</ins><span class="cx">     String referrer() const { return m_referrer; }
</span><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     RefPtr&lt;SecurityOrigin&gt; m_securityOrigin;
</span><del>-    String m_url;
</del><ins>+    URL m_url;
</ins><span class="cx">     String m_referrer;
</span><span class="cx">     bool m_haveToldClient;
</span><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> class ScheduledRedirect : public ScheduledURLNavigation {
</span><span class="cx"> public:
</span><del>-    ScheduledRedirect(double delay, SecurityOrigin* securityOrigin, const String&amp; url, LockHistory lockHistory, LockBackForwardList lockBackForwardList)
</del><ins>+    ScheduledRedirect(double delay, SecurityOrigin* securityOrigin, const URL&amp; url, LockHistory lockHistory, LockBackForwardList lockBackForwardList)
</ins><span class="cx">         : ScheduledURLNavigation(delay, securityOrigin, url, String(), lockHistory, lockBackForwardList, false, false)
</span><span class="cx">     {
</span><span class="cx">         clearUserGesture();
</span><span class="lines">@@ -163,20 +163,20 @@
</span><span class="cx">     virtual void fire(Frame&amp; frame) override
</span><span class="cx">     {
</span><span class="cx">         UserGestureIndicator gestureIndicator(wasUserGesture() ? DefinitelyProcessingUserGesture : DefinitelyNotProcessingUserGesture);
</span><del>-        bool refresh = equalIgnoringFragmentIdentifier(frame.document()-&gt;url(), URL(ParsedURLString, url()));
-        frame.loader().changeLocation(securityOrigin(), URL(ParsedURLString, url()), referrer(), lockHistory(), lockBackForwardList(), refresh);
</del><ins>+        bool refresh = equalIgnoringFragmentIdentifier(frame.document()-&gt;url(), url());
+        frame.loader().changeLocation(securityOrigin(), url(), referrer(), lockHistory(), lockBackForwardList(), refresh);
</ins><span class="cx">     }
</span><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> class ScheduledLocationChange : public ScheduledURLNavigation {
</span><span class="cx"> public:
</span><del>-    ScheduledLocationChange(SecurityOrigin* securityOrigin, const String&amp; url, const String&amp; referrer, LockHistory lockHistory, LockBackForwardList lockBackForwardList, bool duringLoad)
</del><ins>+    ScheduledLocationChange(SecurityOrigin* securityOrigin, const URL&amp; url, const String&amp; referrer, LockHistory lockHistory, LockBackForwardList lockBackForwardList, bool duringLoad)
</ins><span class="cx">         : ScheduledURLNavigation(0.0, securityOrigin, url, referrer, lockHistory, lockBackForwardList, duringLoad, true) { }
</span><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> class ScheduledRefresh : public ScheduledURLNavigation {
</span><span class="cx"> public:
</span><del>-    ScheduledRefresh(SecurityOrigin* securityOrigin, const String&amp; url, const String&amp; referrer)
</del><ins>+    ScheduledRefresh(SecurityOrigin* securityOrigin, const URL&amp; url, const String&amp; referrer)
</ins><span class="cx">         : ScheduledURLNavigation(0.0, securityOrigin, url, referrer, LockHistory::Yes, LockBackForwardList::Yes, false, true)
</span><span class="cx">     {
</span><span class="cx">     }
</span><span class="lines">@@ -184,7 +184,7 @@
</span><span class="cx">     virtual void fire(Frame&amp; frame) override
</span><span class="cx">     {
</span><span class="cx">         UserGestureIndicator gestureIndicator(wasUserGesture() ? DefinitelyProcessingUserGesture : DefinitelyNotProcessingUserGesture);
</span><del>-        frame.loader().changeLocation(securityOrigin(), URL(ParsedURLString, url()), referrer(), lockHistory(), lockBackForwardList(), true);
</del><ins>+        frame.loader().changeLocation(securityOrigin(), url(), referrer(), lockHistory(), lockBackForwardList(), true);
</ins><span class="cx">     }
</span><span class="cx"> };
</span><span class="cx"> 
</span><span class="lines">@@ -304,12 +304,18 @@
</span><span class="cx">     return m_frame.page();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline bool NavigationScheduler::shouldScheduleNavigation(const String&amp; url) const
</del><ins>+inline bool NavigationScheduler::shouldScheduleNavigation(const URL&amp; url) const
</ins><span class="cx"> {
</span><del>-    return shouldScheduleNavigation() &amp;&amp; (protocolIsJavaScript(url) || NavigationDisablerForBeforeUnload::isNavigationAllowed());
</del><ins>+    if (!shouldScheduleNavigation())
+        return false;
+    if (protocolIsJavaScript(url))
+        return true;
+    if (!url.isValid())
+        return false;
+    return NavigationDisablerForBeforeUnload::isNavigationAllowed();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void NavigationScheduler::scheduleRedirect(double delay, const String&amp; url)
</del><ins>+void NavigationScheduler::scheduleRedirect(double delay, const URL&amp; url)
</ins><span class="cx"> {
</span><span class="cx">     if (!shouldScheduleNavigation(url))
</span><span class="cx">         return;
</span><span class="lines">@@ -343,12 +349,10 @@
</span><span class="cx">     return LockBackForwardList::No;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void NavigationScheduler::scheduleLocationChange(SecurityOrigin* securityOrigin, const String&amp; url, const String&amp; referrer, LockHistory lockHistory, LockBackForwardList lockBackForwardList)
</del><ins>+void NavigationScheduler::scheduleLocationChange(SecurityOrigin* securityOrigin, const URL&amp; url, const String&amp; referrer, LockHistory lockHistory, LockBackForwardList lockBackForwardList)
</ins><span class="cx"> {
</span><span class="cx">     if (!shouldScheduleNavigation(url))
</span><span class="cx">         return;
</span><del>-    if (url.isEmpty())
-        return;
</del><span class="cx"> 
</span><span class="cx">     if (lockBackForwardList == LockBackForwardList::No)
</span><span class="cx">         lockBackForwardList = mustLockBackForwardList(m_frame);
</span><span class="lines">@@ -401,7 +405,7 @@
</span><span class="cx">     if (url.isEmpty())
</span><span class="cx">         return;
</span><span class="cx"> 
</span><del>-    schedule(std::make_unique&lt;ScheduledRefresh&gt;(m_frame.document()-&gt;securityOrigin(), url.string(), m_frame.loader().outgoingReferrer()));
</del><ins>+    schedule(std::make_unique&lt;ScheduledRefresh&gt;(m_frame.document()-&gt;securityOrigin(), url, m_frame.loader().outgoingReferrer()));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void NavigationScheduler::scheduleHistoryNavigation(int steps)
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderNavigationSchedulerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/NavigationScheduler.h (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/NavigationScheduler.h        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/loader/NavigationScheduler.h        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -34,8 +34,6 @@
</span><span class="cx"> #include &quot;FrameLoaderTypes.h&quot;
</span><span class="cx"> #include &quot;Timer.h&quot;
</span><span class="cx"> #include &lt;wtf/Forward.h&gt;
</span><del>-#include &lt;wtf/Noncopyable.h&gt;
-#include &lt;wtf/PassRefPtr.h&gt;
</del><span class="cx"> 
</span><span class="cx"> namespace WebCore {
</span><span class="cx"> 
</span><span class="lines">@@ -43,10 +41,9 @@
</span><span class="cx"> class Frame;
</span><span class="cx"> class ScheduledNavigation;
</span><span class="cx"> class SecurityOrigin;
</span><ins>+class URL;
</ins><span class="cx"> 
</span><span class="cx"> class NavigationDisablerForBeforeUnload {
</span><del>-    WTF_MAKE_NONCOPYABLE(NavigationDisablerForBeforeUnload);
-
</del><span class="cx"> public:
</span><span class="cx">     NavigationDisablerForBeforeUnload()
</span><span class="cx">     {
</span><span class="lines">@@ -64,8 +61,6 @@
</span><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> class NavigationScheduler {
</span><del>-    WTF_MAKE_NONCOPYABLE(NavigationScheduler);
-
</del><span class="cx"> public:
</span><span class="cx">     explicit NavigationScheduler(Frame&amp;);
</span><span class="cx">     ~NavigationScheduler();
</span><span class="lines">@@ -73,9 +68,8 @@
</span><span class="cx">     bool redirectScheduledDuringLoad();
</span><span class="cx">     bool locationChangePending();
</span><span class="cx"> 
</span><del>-    void scheduleRedirect(double delay, const String&amp; url);
-    void scheduleLocationChange(SecurityOrigin*, const String&amp; url, const String&amp; referrer, LockHistory = LockHistory::Yes,
-        LockBackForwardList = LockBackForwardList::Yes);
</del><ins>+    void scheduleRedirect(double delay, const URL&amp;);
+    void scheduleLocationChange(SecurityOrigin*, const URL&amp;, const String&amp; referrer, LockHistory = LockHistory::Yes, LockBackForwardList = LockBackForwardList::Yes);
</ins><span class="cx">     void scheduleFormSubmission(PassRefPtr&lt;FormSubmission&gt;);
</span><span class="cx">     void scheduleRefresh();
</span><span class="cx">     void scheduleHistoryNavigation(int steps);
</span><span class="lines">@@ -87,7 +81,7 @@
</span><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     bool shouldScheduleNavigation() const;
</span><del>-    bool shouldScheduleNavigation(const String&amp; url) const;
</del><ins>+    bool shouldScheduleNavigation(const URL&amp;) const;
</ins><span class="cx"> 
</span><span class="cx">     void timerFired(Timer&lt;NavigationScheduler&gt;&amp;);
</span><span class="cx">     void schedule(std::unique_ptr&lt;ScheduledNavigation&gt;);
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderSubframeLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/SubframeLoader.cpp        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -324,7 +324,7 @@
</span><span class="cx"> {
</span><span class="cx">     Frame* frame = ownerElement.contentFrame();
</span><span class="cx">     if (frame)
</span><del>-        frame-&gt;navigationScheduler().scheduleLocationChange(m_frame.document()-&gt;securityOrigin(), url.string(), m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList);
</del><ins>+        frame-&gt;navigationScheduler().scheduleLocationChange(m_frame.document()-&gt;securityOrigin(), url, m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList);
</ins><span class="cx">     else
</span><span class="cx">         frame = loadSubframe(ownerElement, url, frameName, m_frame.loader().outgoingReferrer());
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebCorepageDOMWindowcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/DOMWindow.cpp (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/DOMWindow.cpp        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/page/DOMWindow.cpp        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -2018,7 +2018,7 @@
</span><span class="cx">         newFrame-&gt;loader().changeLocation(activeWindow.document()-&gt;securityOrigin(), completedURL, referrer, LockHistory::No, LockBackForwardList::No);
</span><span class="cx">     else if (!urlString.isEmpty()) {
</span><span class="cx">         LockHistory lockHistory = ScriptController::processingUserGesture() ? LockHistory::No : LockHistory::Yes;
</span><del>-        newFrame-&gt;navigationScheduler().scheduleLocationChange(activeWindow.document()-&gt;securityOrigin(), completedURL.string(), referrer, lockHistory, LockBackForwardList::No);
</del><ins>+        newFrame-&gt;navigationScheduler().scheduleLocationChange(activeWindow.document()-&gt;securityOrigin(), completedURL, referrer, lockHistory, LockBackForwardList::No);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // Navigating the new frame could result in it being detached from its page by a navigation policy delegate.
</span></span></pre></div>
<a id="trunkSourceWebCorepageSecurityOrigincpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SecurityOrigin.cpp        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -36,6 +36,7 @@
</span><span class="cx"> #include &quot;SecurityPolicy.h&quot;
</span><span class="cx"> #include &quot;ThreadableBlobRegistry.h&quot;
</span><span class="cx"> #include &lt;wtf/MainThread.h&gt;
</span><ins>+#include &lt;wtf/NeverDestroyed.h&gt;
</ins><span class="cx"> #include &lt;wtf/StdLibExtras.h&gt;
</span><span class="cx"> #include &lt;wtf/text/StringBuilder.h&gt;
</span><span class="cx"> 
</span><span class="lines">@@ -597,10 +598,10 @@
</span><span class="cx">     return true;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-String SecurityOrigin::urlWithUniqueSecurityOrigin()
</del><ins>+URL SecurityOrigin::urlWithUniqueSecurityOrigin()
</ins><span class="cx"> {
</span><span class="cx">     ASSERT(isMainThread());
</span><del>-    DEPRECATED_DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, (ASCIILiteral(&quot;data:,&quot;)));
</del><ins>+    static NeverDestroyed&lt;URL&gt; uniqueSecurityOriginURL(ParsedURLString, ASCIILiteral(&quot;data:,&quot;));
</ins><span class="cx">     return uniqueSecurityOriginURL;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebCorepageSecurityOriginh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SecurityOrigin.h (167855 => 167856)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SecurityOrigin.h        2014-04-27 14:07:03 UTC (rev 167855)
+++ trunk/Source/WebCore/page/SecurityOrigin.h        2014-04-27 16:06:27 UTC (rev 167856)
</span><span class="lines">@@ -205,7 +205,7 @@
</span><span class="cx">     // (and whether it was set) but considering the host. It is used for postMessage.
</span><span class="cx">     bool isSameSchemeHostPort(const SecurityOrigin*) const;
</span><span class="cx"> 
</span><del>-    static String urlWithUniqueSecurityOrigin();
</del><ins>+    static URL urlWithUniqueSecurityOrigin();
</ins><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     SecurityOrigin();
</span></span></pre>
</div>
</div>

</body>
</html>