Maximum call stack size exceeded in the native `kagi._history_*` userscript

wayne

The kagi._history_* functions have a bug where they lose the binding to the correct window.history object, so when .apply(this, arguments) is called it ends up calling the replaced method again instead of the native one, causing an infinite recursion and a "Maximum call stack size exceeded error"

You can replicate this by downloading the https://github.com/philc/vimium plugin and triggering the history navigation keybindings (shift-h for back for example).

I was able to verify this by changing the vimimum implementation to go up the protype chain and access the history object directly, i.e.

  goBack(count) { return History.prototype.back.apply(window.history); },
  goForward(count) { return History.prototype.forward.apply(window.history); },

here https://github.com/philc/vimium/blob/3c4e6da46a6ebae93232ae6dddb65c293e97611a/content_scripts/mode_normal.js#L129

the code that needs to be changed is around this block:

kagi._history_back = function() {
    kagi.history_back.apply(this, arguments);
    window.webkit.messageHandlers.base.postMessage(["historyUpdated", -1]);
}
kagi._history_forward = function() {
    kagi.history_forward.apply(this, arguments);
    window.webkit.messageHandlers.base.postMessage(["historyUpdated", 1]);
}
kagi._history_go = function() {
    kagi.history_go.apply(this, arguments);
    var navigationIndex = 0;
    if (arguments.length > 0) {
        navigationIndex = arguments[0];
    }
    window.webkit.messageHandlers.base.postMessage(["historyUpdated", navigationIndex]);
}

kagi.history_back = window.history.back;
window.history.back = kagi._history_back;
kagi.history_forward = window.history.forward;
window.history.forward = kagi._history_forward;
kagi.history_go = window.history.go;
window.history.go = kagi._history_go;

it should be something like this:

kagi.history_back = window.history.back.bind(window.history);
window.history.back = kagi._history_back;

kagi.history_forward = window.history.forward.bind(window.history);
window.history.forward = kagi._history_forward;

kagi.history_go = window.history.go.bind(window.history);
window.history.go = kagi._history_go;

This will fix the vimium history navigation bug.

Version 0.99.136-beta (WebKit 622.1.15.19.2)
Tahoe (26)