-
Ali Juma authored
The injected implementations of pushState and replaceState stringify the given state using JSON.stringify. This behavior is non-standard, and leaks to the web when JSON.stringify fails and throws a TypeError. This happens when the given state object has a cycle. To prevent leaking this implementation detail, this CL catches exceptions thrown by JSON.stringify, and then throws a standard DataCloneError instead. This fixes subtests in the following two Web Platform Tests that currently fail in Chrome but pass in Safari: html/browsers/histoy/the-history-interface/001.html html/browsers/histoy/the-history-interface/002.html Longer term, we should remove the stringification all together. This is blocked on deleting legacy navigation and finding an alternate solution to crbug.com/949305 that doesn't involve capturing and replaying the state passed to pushState or replaceState. Bug: 769945 Change-Id: I945251ffe09ecac79f086ca75030dc366ef99286 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1866870Reviewed-by:
Eugene But <eugenebut@chromium.org> Commit-Queue: Ali Juma <ajuma@chromium.org> Cr-Commit-Position: refs/heads/master@{#707022}
e982f201
