Changeset 44135 in webkit

Timestamp:

May 25, 2009 2:33:33 PM (15 years ago)

Author:

abarth@webkit.org

Message:

WebCore:

2009-05-25 Adam Barth <​abarth@webkit.org>

Reviewed by Sam Weinig.

​https://bugs.webkit.org/show_bug.cgi?id=26006

Sort out our use of dynamicGlobalObject and lexicalGlobalObject for
window.location. The correct use appears to be as follows:

1) Use dynamicGlobalObject to find the user gesture.
2) Use dynamicGlobalObject to complete URLs.
3) Use lexicalGlobalObject to find the referrer.
4) Use lexicalGlobalObject for the frame navigation checks.
5) Use lexicalGlobalObject for the XSS checks.

Tests: http/tests/security/frameNavigation/context-for-location-assign.html

http/tests/security/frameNavigation/context-for-location-href.html
http/tests/security/frameNavigation/context-for-location.html

• bindings/js/JSDOMBinding.cpp: (WebCore::shouldAllowNavigation): (WebCore::toLexicalFrame): (WebCore::processingUserGesture): (WebCore::completeURL):
• bindings/js/JSDOMBinding.h:
• bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::setLocation):
• bindings/js/JSLocationCustom.cpp: (WebCore::navigateIfAllowed): (WebCore::JSLocation::setHref): (WebCore::JSLocation::replace): (WebCore::JSLocation::reload): (WebCore::JSLocation::assign): (WebCore::JSLocation::toString): (WebCore::JSLocationPrototype::customPut):
• bindings/v8/V8Utilities.cpp: (WebCore::processingUserGesture): (WebCore::shouldAllowNavigation): (WebCore::completeURL): (WebCore::navigateIfAllowed):
• bindings/v8/V8Utilities.h:
• bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::V8Custom::WindowSetLocation):
• bindings/v8/custom/V8LocationCustom.cpp: (WebCore::ACCESSOR_SETTER): (WebCore::CALLBACK_FUNC_DECL):

LayoutTests:

2009-05-25 Adam Barth <​abarth@webkit.og>

Reviewed by Sam Weinig.

​https://bugs.webkit.org/show_bug.cgi?id=26006

Test our use of dynamicGlobalObject and lexicalGlobalObject for
window.location.

• http/tests/security/frameNavigation/context-for-location-assign-expected.txt: Added.
• http/tests/security/frameNavigation/context-for-location-assign.html: Added.
• http/tests/security/frameNavigation/context-for-location-expected.txt: Added.
• http/tests/security/frameNavigation/context-for-location-href-expected.txt: Added.
• http/tests/security/frameNavigation/context-for-location-href.html: Added.
• http/tests/security/frameNavigation/context-for-location.html: Added.
• http/tests/security/frameNavigation/resources/middle-frame-for-location.html: Added.
• http/tests/security/frameNavigation/resources/target-for-location.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/frameNavigation/context-for-location-assign-expected.txt (added)
• LayoutTests/http/tests/security/frameNavigation/context-for-location-assign.html (added)
• LayoutTests/http/tests/security/frameNavigation/context-for-location-expected.txt (added)
• LayoutTests/http/tests/security/frameNavigation/context-for-location-href-expected.txt (added)
• LayoutTests/http/tests/security/frameNavigation/context-for-location-href.html (added)
• LayoutTests/http/tests/security/frameNavigation/context-for-location.html (added)
• LayoutTests/http/tests/security/frameNavigation/resources/middle-frame-for-location.html (added)
• LayoutTests/http/tests/security/frameNavigation/resources/target-for-location.html (added)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/bindings/js/JSDOMBinding.cpp (modified) (2 diffs)
• WebCore/bindings/js/JSDOMBinding.h (modified) (1 diff)
• WebCore/bindings/js/JSDOMWindowCustom.cpp (modified) (3 diffs)
• WebCore/bindings/js/JSLocationCustom.cpp (modified) (5 diffs)
• WebCore/bindings/v8/V8Utilities.cpp (modified) (2 diffs)
• WebCore/bindings/v8/V8Utilities.h (modified) (2 diffs)
• WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp (modified) (2 diffs)
• WebCore/bindings/v8/custom/V8LocationCustom.cpp (modified) (6 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2009-05-25  Adam Barth  <abarth@webkit.og>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26006
+
+        Test our use of dynamicGlobalObject and lexicalGlobalObject for
+        window.location.
+
+        * http/tests/security/frameNavigation/context-for-location-assign-expected.txt: Added.
+        * http/tests/security/frameNavigation/context-for-location-assign.html: Added.
+        * http/tests/security/frameNavigation/context-for-location-expected.txt: Added.
+        * http/tests/security/frameNavigation/context-for-location-href-expected.txt: Added.
+        * http/tests/security/frameNavigation/context-for-location-href.html: Added.
+        * http/tests/security/frameNavigation/context-for-location.html: Added.
+        * http/tests/security/frameNavigation/resources/middle-frame-for-location.html: Added.
+        * http/tests/security/frameNavigation/resources/target-for-location.html: Added.
+
 2009-05-25  Adam Barth  <abarth@webkit.org>
 

trunk/WebCore/ChangeLog

@@ +1 @@
+2009-05-25  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26006
+
+        Sort out our use of dynamicGlobalObject and lexicalGlobalObject for
+        window.location.  The correct use appears to be as follows:
+
+        1) Use dynamicGlobalObject to find the user gesture.
+        2) Use dynamicGlobalObject to complete URLs.
+        3) Use lexicalGlobalObject to find the referrer.
+        4) Use lexicalGlobalObject for the frame navigation checks.
+        5) Use lexicalGlobalObject for the XSS checks.
+
+        Tests: http/tests/security/frameNavigation/context-for-location-assign.html
+               http/tests/security/frameNavigation/context-for-location-href.html
+               http/tests/security/frameNavigation/context-for-location.html
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::shouldAllowNavigation):
+        (WebCore::toLexicalFrame):
+        (WebCore::processingUserGesture):
+        (WebCore::completeURL):
+        * bindings/js/JSDOMBinding.h:
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::setLocation):
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::navigateIfAllowed):
+        (WebCore::JSLocation::setHref):
+        (WebCore::JSLocation::replace):
+        (WebCore::JSLocation::reload):
+        (WebCore::JSLocation::assign):
+        (WebCore::JSLocation::toString):
+        (WebCore::JSLocationPrototype::customPut):
+        * bindings/v8/V8Utilities.cpp:
+        (WebCore::processingUserGesture):
+        (WebCore::shouldAllowNavigation):
+        (WebCore::completeURL):
+        (WebCore::navigateIfAllowed):
+        * bindings/v8/V8Utilities.h:
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::V8Custom::WindowSetLocation):
+        * bindings/v8/custom/V8LocationCustom.cpp:
+        (WebCore::ACCESSOR_SETTER):
+        (WebCore::CALLBACK_FUNC_DECL):
+
 2009-05-25  Fridrich Strba  <fridrich.strba@bluewin.ch>
 

trunk/WebCore/bindings/js/JSDOMBinding.cpp

@@ -505 +505 @@
 }
 
+bool shouldAllowNavigation(ExecState* exec, Frame* frame)
+{
+    Frame* lexicalFrame = toLexicalFrame(exec);
+    return lexicalFrame && lexicalFrame->loader()->shouldAllowNavigation(frame);
+}
+
 void printErrorMessageForFrame(Frame* frame, const String& message)
 {
@@ -512 +518 @@
         window->printErrorMessage(message);
 }
+
+Frame* toLexicalFrame(ExecState* exec)
+{
+    return asJSDOMWindow(exec->lexicalGlobalObject())->impl()->frame();
+}
+
+bool processingUserGesture(ExecState* exec)
+{
+    Frame* frame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
+    return frame && frame->script()->processingUserGesture();
+}
+
+KURL completeURL(ExecState* exec, const String& relativeURL)
+{
+    // For histoical reasons, we need to complete the URL using the dynamic frame.
+    Frame* frame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
+    if (!frame)
+        return KURL();
+    return frame->loader()->completeURL(relativeURL);
+}
+
 
 JSValue objectToStringFunctionGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot&)

trunk/WebCore/bindings/js/JSDOMBinding.h

@@ -184 +184 @@
     bool allowsAccessFromFrame(JSC::ExecState*, Frame*);
     bool allowsAccessFromFrame(JSC::ExecState*, Frame*, String& message);
+    bool shouldAllowNavigation(JSC::ExecState*, Frame*);
     void printErrorMessageForFrame(Frame*, const String& message);
     JSC::JSValue objectToStringFunctionGetter(JSC::ExecState*, const JSC::Identifier& propertyName, const JSC::PropertySlot&);
+
+    Frame* toLexicalFrame(JSC::ExecState*);
+    bool processingUserGesture(JSC::ExecState*);
+    KURL completeURL(JSC::ExecState*, const String& relativeURL);
 
 } // namespace WebCore

trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp

@@ -180 +180 @@
 void JSDOMWindow::setLocation(ExecState* exec, JSValue value)
 {
-    Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
-    if (!activeFrame)
+    Frame* lexicalFrame = toLexicalFrame(exec);
+    if (!lexicalFrame)
         return;
 
@@ -187 +187 @@
     // To avoid breaking old widgets, make "var location =" in a top-level frame create
     // a property named "location" instead of performing a navigation (<rdar://problem/5688039>).
-    if (Settings* settings = activeFrame->settings()) {
-        if (settings->usesDashboardBackwardCompatibilityMode() && !activeFrame->tree()->parent()) {
+    if (Settings* settings = lexicalFrame->settings()) {
+        if (settings->usesDashboardBackwardCompatibilityMode() && !lexicalFrame->tree()->parent()) {
             if (allowsAccessFrom(exec))
                 putDirect(Identifier(exec, "location"), value);
@@ -196 +196 @@
 #endif
 
-    if (!activeFrame->loader()->shouldAllowNavigation(impl()->frame()))
+    Frame* frame = impl()->frame();
+    ASSERT(frame);
+
+    if (!shouldAllowNavigation(exec, frame))
         return;
-    String dstUrl = activeFrame->loader()->completeURL(value.toString(exec)).string();
-    if (!protocolIsJavaScript(dstUrl) || allowsAccessFrom(exec)) {
-        bool userGesture = activeFrame->script()->processingUserGesture();
+
+    KURL url = completeURL(exec, value.toString(exec));
+    if (url.isNull())
+        return;
+
+    if (!protocolIsJavaScript(url) || allowsAccessFrom(exec)) {
         // We want a new history item if this JS was called via a user gesture
-        impl()->frame()->loader()->scheduleLocationChange(dstUrl, activeFrame->loader()->outgoingReferrer(), !activeFrame->script()->anyPageIsProcessingUserGesture(), false, userGesture);
+        frame->loader()->scheduleLocationChange(url, lexicalFrame->loader()->outgoingReferrer(), !lexicalFrame->script()->anyPageIsProcessingUserGesture(), false, processingUserGesture(exec));
     }
 }

trunk/WebCore/bindings/js/JSLocationCustom.cpp

@@ -146 +146 @@
 static void navigateIfAllowed(ExecState* exec, Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList)
 {
-    Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
-    if (!protocolIsJavaScript(url) || allowsAccessFromFrame(exec, frame)) {
-        bool userGesture = activeFrame->script()->processingUserGesture();
-        frame->loader()->scheduleLocationChange(url.string(), activeFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, userGesture);
-    }
+    Frame* lexicalFrame = toLexicalFrame(exec);
+    if (!lexicalFrame)
+        return;
+
+    if (!protocolIsJavaScript(url) || allowsAccessFromFrame(exec, frame))
+        frame->loader()->scheduleLocationChange(url.string(), lexicalFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, processingUserGesture(exec));
 }
 
@@ -158 +159 @@
     ASSERT(frame);
 
-    Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
-    if (!activeFrame)
-        return;
-    if (!activeFrame->loader()->shouldAllowNavigation(frame))
-        return;
-
-    KURL url = activeFrame->loader()->completeURL(value.toString(exec));
+    if (!shouldAllowNavigation(exec, frame))
+        return;
+
+    KURL url = completeURL(exec, value.toString(exec));
+    if (url.isNull())
+        return;
+
     navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
 }
@@ -262 +263 @@
         return jsUndefined();
 
-    Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
-    if (!activeFrame) 
-        return jsUndefined();
-    if (!activeFrame->loader()->shouldAllowNavigation(frame))
-        return jsUndefined();
-
-    navigateIfAllowed(exec, frame, activeFrame->loader()->completeURL(args.at(0).toString(exec)), true, true);
+    if (!shouldAllowNavigation(exec, frame))
+        return jsUndefined();
+
+    KURL url = completeURL(exec, args.at(0).toString(exec));
+    if (url.isNull())
+        return jsUndefined();
+
+    navigateIfAllowed(exec, frame, url, true, true);
     return jsUndefined();
 }
@@ -275 +277 @@
 {
     Frame* frame = impl()->frame();
+    if (!frame || !allowsAccessFromFrame(exec, frame))
+        return jsUndefined();
+
+    if (!protocolIsJavaScript(frame->loader()->url()))
+        frame->loader()->scheduleRefresh(processingUserGesture(exec));
+    return jsUndefined();
+}
+
+JSValue JSLocation::assign(ExecState* exec, const ArgList& args)
+{
+    Frame* frame = impl()->frame();
     if (!frame)
         return jsUndefined();
 
-    JSDOMWindow* window = toJSDOMWindow(frame);
-    if (!window->allowsAccessFrom(exec))
-        return jsUndefined();
-
-    if (!protocolIsJavaScript(frame->loader()->url()) || (window && window->allowsAccessFrom(exec))) {
-        bool userGesture = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame()->script()->processingUserGesture();
-        frame->loader()->scheduleRefresh(userGesture);
-    }
+    if (!shouldAllowNavigation(exec, frame))
+        return jsUndefined();
+
+    KURL url = completeURL(exec, args.at(0).toString(exec));
+    if (url.isNull())
+        return jsUndefined();
+
+    // We want a new history item if this JS was called via a user gesture
+    navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
     return jsUndefined();
 }
 
-JSValue JSLocation::assign(ExecState* exec, const ArgList& args)
-{
-    Frame* frame = impl()->frame();
-    if (!frame)
-        return jsUndefined();
-
-    Frame* activeFrame = asJSDOMWindow(exec->dynamicGlobalObject())->impl()->frame();
-    if (!activeFrame)
-        return jsUndefined();
-    if (!activeFrame->loader()->shouldAllowNavigation(frame))
-        return jsUndefined();
-
-    // We want a new history item if this JS was called via a user gesture
-    navigateIfAllowed(exec, frame, activeFrame->loader()->completeURL(args.at(0).toString(exec)), !frame->script()->anyPageIsProcessingUserGesture(), false);
-    return jsUndefined();
-}
-
 JSValue JSLocation::toString(ExecState* exec, const ArgList&)
 {
     Frame* frame = impl()->frame();
-    if (!frame)
-        return jsUndefined();
-    if (!allowsAccessFromFrame(exec, frame))
+    if (!frame || !allowsAccessFromFrame(exec, frame))
         return jsUndefined();
 
@@ -319 +314 @@
 bool JSLocationPrototype::customPut(ExecState* exec, const Identifier& propertyName, JSValue, PutPropertySlot&)
 {
+    return (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf);
+}
+
+void JSLocationPrototype::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction)
+{
     if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
-        return true;
-    return false;
-}
-
-void JSLocationPrototype::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction)
-{
-    if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf)
         return;
     Base::defineGetter(exec, propertyName, getterFunction);

trunk/WebCore/bindings/v8/V8Utilities.cpp

@@ -38 +38 @@
 
 #include <wtf/Assertions.h>
+#include "Frame.h"
 
 namespace WebCore {
@@ -72 +73 @@
 }
 
+bool processingUserGesture()
+{
+    Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
+    return frame && frame->script()->processingUserGesture();
+}
+
+bool shouldAllowNavigation(Frame* frame)
+{
+    Frame* callingFrame = V8Proxy::retrieveFrameForCallingContext();
+    return callingFrame && callingFrame->loader()->shouldAllowNavigation(frame);
+}
+
+KURL completeURL(const String& relativeURL)
+{
+    // For histoical reasons, we need to complete the URL using the dynamic frame.
+    Frame* frame = V8Proxy::retrieveFrameForEnteredContext();
+    if (!frame)
+        return KURL();
+    return frame->loader()->completeURL(relativeURL);
+}
+
+void navigateIfAllowed(Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList)
+{
+    Frame* callingFrame = V8Proxy::retrieveFrameForCallingContext();
+    if (!callingFrame)
+        return;
+
+    if (!protocolIsJavaScript(url) || ScriptController::isSafeScript(frame))
+        frame->loader()->scheduleLocationChange(url.string(), callingFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, processingUserGesture());
+}
+
 } // namespace WebCore

trunk/WebCore/bindings/v8/V8Utilities.h

@@ -36 +36 @@
 namespace WebCore {
 
+class Frame;
+class KURL;
+class String;
+
 // Use an array to hold dependents. It works like a ref-counted scheme.
 // A value can be added more than once to the DOM object.
@@ -41 +45 @@
 void removeHiddenDependency(v8::Local<v8::Object>, v8::Local<v8::Value>, int cacheIndex);
 
+bool processingUserGesture();
+bool shouldAllowNavigation(Frame* frame);
+KURL completeURL(const String& relativeURL);
+void navigateIfAllowed(Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList);
+
 } // namespace WebCore
 

trunk/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp

@@ -36 +36 @@
 #include "V8CustomEventListener.h"
 #include "V8Proxy.h"
+#include "V8Utilities.h"
 
 #include "Base64.h"
@@ -802 +803 @@
 
 
-void V8Custom::WindowSetLocation(DOMWindow* window, const String& v)
-{
-    if (!window->frame())
+void V8Custom::WindowSetLocation(DOMWindow* window, const String& relativeURL)
+{
+    Frame* frame = window->frame();
+    if (!frame)
         return;
 
-    Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!activeFrame)
+    if (!shouldAllowNavigation(frame))
         return;
 
-    if (!activeFrame->loader()->shouldAllowNavigation(window->frame()))
+    KURL url = completeURL(relativeURL);
+    if (url.isNull())
         return;
 
-    if (!parseURL(v).startsWith("javascript:", false)
-        || ScriptController::isSafeScript(window->frame())) {
-        String completedUrl = activeFrame->loader()->completeURL(v).string();
-  
-        // FIXME: The JSC bindings pass !anyPageIsProcessingUserGesture() for
-        // the lockHistory parameter.  We should probably do something similar.
-  
-        window->frame()->loader()->scheduleLocationChange(completedUrl,
-            activeFrame->loader()->outgoingReferrer(), false, false,
-            activeFrame->script()->processingUserGesture());
-    }
+    navigateIfAllowed(frame, url, false, false);
 }
 

trunk/WebCore/bindings/v8/custom/V8LocationCustom.cpp

@@ -36 +36 @@
 #include "V8CustomEventListener.h"
 #include "V8Location.h"
+#include "V8Utilities.h"
 #include "V8Proxy.h"
 
@@ -52 +53 @@
 // methods to the scriptController, we should be able to unify the code
 // between JSC and V8:
-//    retrieveActiveFrame()   - in JSC, this needs an ExecState.
+//    toCallingFrame()   - in JSC, this needs an ExecState.
 //    isSafeScript()
-// Since JSC and V8 have different mechanisms for getting at the ActiveFrame,
+// Since JSC and V8 have different mechanisms for getting at the calling frame,
 // we're just making all these custom for now.  The functionality is simple
 // and mirrors JSLocationCustom.cpp.
-
-static void navigateIfAllowed(Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList)
-{
-    if (url.isEmpty())
-        return;
-
-    Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!activeFrame)
-        return;
-
-    if (!url.protocolIs("javascript") || ScriptController::isSafeScript(frame)) {
-        bool userGesture = activeFrame->script()->processingUserGesture();
-        frame->loader()->scheduleLocationChange(url.string(), activeFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, userGesture);
-    }
-}
 
 ACCESSOR_SETTER(LocationHash)
@@ -138 +124 @@
     v8::Handle<v8::Object> holder = info.Holder();
     Location* imp = V8Proxy::ToNativeObject<Location>(V8ClassIndex::LOCATION, holder);
-    String href = toWebCoreString(value);
-
-    Frame* frame = imp->frame();
-    if (!frame)
-        return;
-
-    Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!activeFrame)
-        return;
-
-    if (!activeFrame->loader()->shouldAllowNavigation(frame))
-        return;
-
-    navigateIfAllowed(frame, activeFrame->loader()->completeURL(href), false, false);
+
+    Frame* frame = imp->frame();
+    if (!frame)
+        return;
+
+    if (!shouldAllowNavigation(frame))
+        return;
+
+    KURL url = completeURL(toWebCoreString(value));
+    if (url.isNull())
+        return;
+
+    navigateIfAllowed(frame, url, false, false);
 }
 
@@ -286 +271 @@
 
     Frame* frame = imp->frame();
-    if (!frame)
-        return v8::Undefined();
-
-    Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!activeFrame)
-        return v8::Undefined();
-
-    if (!ScriptController::isSafeScript(frame))
-        return v8::Undefined();
-
-    bool userGesture = activeFrame->script()->processingUserGesture();
-    frame->loader()->scheduleRefresh(userGesture);
+    if (!frame || !ScriptController::isSafeScript(frame))
+        return v8::Undefined();
+
+    if (!protocolIsJavaScript(frame->loader()->url()))
+        frame->loader()->scheduleRefresh(processingUserGesture());
     return v8::Undefined();
 }
@@ -306 +284 @@
     v8::Handle<v8::Value> holder = args.Holder();
     Location* imp = V8Proxy::ToNativeObject<Location>(V8ClassIndex::LOCATION, holder);
-    String url = toWebCoreString(args[0]);
-
-    Frame* frame = imp->frame();
-    if (!frame)
-        return v8::Undefined();
-
-    Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!activeFrame)
-        return v8::Undefined();
-
-    if (!activeFrame->loader()->shouldAllowNavigation(frame))
-        return v8::Undefined();
-
-    navigateIfAllowed(frame, activeFrame->loader()->completeURL(url), true, true);
+
+    Frame* frame = imp->frame();
+    if (!frame)
+        return v8::Undefined();
+
+    if (!shouldAllowNavigation(frame))
+        return v8::Undefined();
+
+    KURL url = completeURL(toWebCoreString(args[0]));
+    if (url.isNull())
+        return v8::Undefined();
+
+    navigateIfAllowed(frame, url, true, true);
     return v8::Undefined();
 }
@@ -328 +305 @@
     v8::Handle<v8::Value> holder = args.Holder();
     Location* imp = V8Proxy::ToNativeObject<Location>(V8ClassIndex::LOCATION, holder);
-    String url = toWebCoreString(args[0]);
-
-    Frame* frame = imp->frame();
-    if (!frame)
-        return v8::Undefined();
-
-    Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext();
-    if (!activeFrame)
-        return v8::Undefined();
-
-    if (!activeFrame->loader()->shouldAllowNavigation(frame))
-        return v8::Undefined();
-
-    navigateIfAllowed(frame, activeFrame->loader()->completeURL(url), false, false);
+
+    Frame* frame = imp->frame();
+    if (!frame)
+        return v8::Undefined();
+
+    if (!shouldAllowNavigation(frame))
+        return v8::Undefined();
+
+    KURL url = completeURL(toWebCoreString(args[0]));
+    if (url.isNull())
+        return v8::Undefined();
+
+    navigateIfAllowed(frame, url, false, false);
     return v8::Undefined();
 }