Ignore:
Timestamp:
Mar 25, 2016, 1:37:49 PM (10 years ago)
Author:
[email protected]
Message:

Soften push/replaceState frequency restrictions.
<rdar://problem/25228439> and https://bugs.webkit.org/show_bug.cgi?id=155901
.:

Rubber-stamped by Timothy Hatcher.

  • ManualTests/state-objects-time-limit.html: Added.

Source/WebCore:

Rubber-stamped by Timothy Hatcher.

Covered by existing LayoutTests and a new Manual Test.

  • page/History.cpp:

(WebCore::History::stateObjectAdded): Allow 100 state object operations every 30 seconds.

  • page/History.h:

LayoutTests:

Rubber-stamped by Timothy Hatcher.

  • fast/loader/stateobjects/pushstate-frequency-with-user-gesture-expected.txt: Removed.
  • fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html: Removed.
  • fast/loader/stateobjects/replacestate-frequency-with-user-gesture-expected.txt: Removed.
  • fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html: Removed.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/page/History.cpp

    r198102 r198687  
    141141    // Each unique main-frame document is only allowed to send 64mb of state object payload to the UI client/process.
    142142    static uint32_t totalStateObjectPayloadLimit = 0x4000000;
    143     static unsigned perUserGestureStateObjectLimit = 100;
     143    static double stateObjectTimeSpan = 30.0;
     144    static unsigned perStateObjectTimeSpanLimit = 100;
    144145
    145146    if (!m_frame || !m_frame->page())
     
    162163        return;
    163164
    164     bool processingUserGesture = ScriptController::processingUserGesture();
    165     if (!processingUserGesture && mainHistory->m_nonUserGestureObjectsAdded >= perUserGestureStateObjectLimit) {
     165    double currentTimestamp = currentTime();
     166    if (currentTimestamp - mainHistory->m_currentStateObjectTimeSpanStart > stateObjectTimeSpan) {
     167        mainHistory->m_currentStateObjectTimeSpanStart = currentTimestamp;
     168        mainHistory->m_currentStateObjectTimeSpanObjectsAdded = 0;
     169    }
     170   
     171    if (mainHistory->m_currentStateObjectTimeSpanObjectsAdded >= perStateObjectTimeSpanLimit) {
    166172        ec.code = SECURITY_ERR;
    167173        if (stateObjectType == StateObjectType::Replace)
    168             ec.message = String::format("Attempt to use history.replaceState() more than %u times without a user gesture", perUserGestureStateObjectLimit);
     174            ec.message = String::format("Attempt to use history.replaceState() more than %u times per %f seconds", perStateObjectTimeSpanLimit, stateObjectTimeSpan);
    169175        else
    170             ec.message = String::format("Attempt to use history.pushState() more than %u times without a user gesture", perUserGestureStateObjectLimit);
    171         return;
    172     }
    173 
    174     double userGestureTimestamp = mainDocument->lastHandledUserGestureTimestamp();
    175     if (processingUserGesture) {
    176         if (mainHistory->m_currentUserGestureTimestamp < userGestureTimestamp) {
    177             mainHistory->m_currentUserGestureTimestamp = userGestureTimestamp;
    178             mainHistory->m_currentUserGestureObjectsAdded = 0;
    179         }
    180 
    181         if (mainHistory->m_currentUserGestureObjectsAdded >= perUserGestureStateObjectLimit) {
    182             ec.code = SECURITY_ERR;
    183             if (stateObjectType == StateObjectType::Replace)
    184                 ec.message = String::format("Attempt to use history.replaceState() more than %u times per gesture", perUserGestureStateObjectLimit);
    185             else
    186                 ec.message = String::format("Attempt to use history.pushState() more than %u times per user gesture", perUserGestureStateObjectLimit);
    187             return;
    188         }
     176            ec.message = String::format("Attempt to use history.pushState() more than %u times per %f seconds", perStateObjectTimeSpanLimit, stateObjectTimeSpan);
     177        return;
    189178    }
    190179
     
    217206
    218207    mainHistory->m_totalStateObjectUsage = newTotalUsage.unsafeGet();
    219     if (processingUserGesture)
    220         ++mainHistory->m_currentUserGestureObjectsAdded;
    221     else
    222         ++mainHistory->m_nonUserGestureObjectsAdded;
     208    ++mainHistory->m_currentStateObjectTimeSpanObjectsAdded;
    223209
    224210    if (!urlString.isEmpty())
Note: See TracChangeset for help on using the changeset viewer.