#include "config.h"
#include "History.h"
#include "BackForwardController.h"
#include "Document.h"
#include "ExceptionCode.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "HistoryController.h"
#include "HistoryItem.h"
#include "MainFrame.h"
#include "Page.h"
#include "ScriptController.h"
#include "SecurityOrigin.h"
#include "SerializedScriptValue.h"
#include <wtf/CheckedArithmetic.h>
#include <wtf/MainThread.h>
namespace WebCore {
History::History(Frame* frame)
: DOMWindowProperty(frame)
, m_lastStateObjectRequested(nullptr)
{
}
unsigned History::length() const
{
if (!m_frame)
return 0;
if (!m_frame->page())
return 0;
return m_frame->page()->backForward().count();
}
PassRefPtr<SerializedScriptValue> History::state()
{
m_lastStateObjectRequested = stateInternal();
return m_lastStateObjectRequested;
}
PassRefPtr<SerializedScriptValue> History::stateInternal() const
{
if (!m_frame)
return 0;
if (HistoryItem* historyItem = m_frame->loader().history().currentItem())
return historyItem->stateObject();
return 0;
}
bool History::stateChanged() const
{
return m_lastStateObjectRequested != stateInternal();
}
bool History::isSameAsCurrentState(SerializedScriptValue* state) const
{
return state == stateInternal().get();
}
void History::back()
{
go(-1);
}
void History::back(ScriptExecutionContext* context)
{
go(context, -1);
}
void History::forward()
{
go(1);
}
void History::forward(ScriptExecutionContext* context)
{
go(context, 1);
}
void History::go(int distance)
{
if (!m_frame)
return;
m_frame->navigationScheduler().scheduleHistoryNavigation(distance);
}
void History::go(ScriptExecutionContext* context, int distance)
{
if (!m_frame)
return;
ASSERT(isMainThread());
Document* activeDocument = downcast<Document>(context);
if (!activeDocument)
return;
if (!activeDocument->canNavigate(m_frame))
return;
m_frame->navigationScheduler().scheduleHistoryNavigation(distance);
}
URL History::urlForState(const String& urlString)
{
URL baseURL = m_frame->document()->baseURL();
if (urlString.isEmpty())
return baseURL;
return URL(baseURL, urlString);
}
void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& title, const String& urlString, StateObjectType stateObjectType, ExceptionCode& ec)
{
static uint32_t totalStateObjectPayloadLimit = 0x4000000;
static unsigned perUserGestureStateObjectLimit = 100;
if (!m_frame || !m_frame->page())
return;
URL fullURL = urlForState(urlString);
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->canRequest(fullURL)) {
ec = SECURITY_ERR;
return;
}
Document* mainDocument = m_frame->page()->mainFrame().document();
History* mainHistory = nullptr;
if (mainDocument) {
if (auto* mainDOMWindow = mainDocument->domWindow())
mainHistory = mainDOMWindow->history();
}
if (!mainHistory)
return;
bool processingUserGesture = ScriptController::processingUserGesture();
if (!processingUserGesture && mainHistory->m_nonUserGestureObjectsAdded >= perUserGestureStateObjectLimit) {
ec = SECURITY_ERR;
return;
}
double userGestureTimestamp = mainDocument->lastHandledUserGestureTimestamp();
if (processingUserGesture) {
if (mainHistory->m_currentUserGestureTimestamp < userGestureTimestamp) {
mainHistory->m_currentUserGestureTimestamp = userGestureTimestamp;
mainHistory->m_currentUserGestureObjectsAdded = 0;
}
if (mainHistory->m_currentUserGestureObjectsAdded >= perUserGestureStateObjectLimit) {
ec = SECURITY_ERR;
return;
}
}
Checked<unsigned> titleSize = title.length();
titleSize *= 2;
Checked<unsigned> urlSize = fullURL.string().length();
urlSize *= 2;
Checked<uint64_t> payloadSize = titleSize;
payloadSize += urlSize;
payloadSize += data ? data->data().size() : 0;
Checked<uint64_t> newTotalUsage = mainHistory->m_totalStateObjectUsage;
if (stateObjectType == StateObjectType::Replace)
newTotalUsage -= m_mostRecentStateObjectUsage;
newTotalUsage += payloadSize;
if (newTotalUsage > totalStateObjectPayloadLimit) {
ec = QUOTA_EXCEEDED_ERR;
return;
}
m_mostRecentStateObjectUsage = payloadSize.unsafeGet();
mainHistory->m_totalStateObjectUsage = newTotalUsage.unsafeGet();
if (processingUserGesture)
++mainHistory->m_currentUserGestureObjectsAdded;
else
++mainHistory->m_nonUserGestureObjectsAdded;
if (!urlString.isEmpty())
m_frame->document()->updateURLForPushOrReplaceState(fullURL);
if (stateObjectType == StateObjectType::Push) {
m_frame->loader().history().pushState(data, title, fullURL.string());
m_frame->loader().client().dispatchDidPushStateWithinPage();
} else if (stateObjectType == StateObjectType::Replace) {
m_frame->loader().history().replaceState(data, title, fullURL.string());
m_frame->loader().client().dispatchDidReplaceStateWithinPage();
}
}
}