void Page::userStyleSheetLocationChanged()
{
// FIXME: Eventually we will move to a model of just being handed the sheet
// text instead of loading the URL ourselves.
KURL url = m_settings->userStyleSheetLocation();
// Allow any local file URL scheme to be loaded.
if (SchemeRegistry::shouldTreatURLSchemeAsLocal(url.protocol()))
m_userStyleSheetPath = url.fileSystemPath();
else
m_userStyleSheetPath = String();
m_didLoadUserStyleSheet = false;
m_userStyleSheet = String();
m_userStyleSheetModificationTime = 0;
// Data URLs with base64-encoded UTF-8 style sheets are common. We can process them
// synchronously and avoid using a loader.
if (url.protocolIsData() && url.string().startsWith("data:text/css;charset=utf-8;base64,")) {
m_didLoadUserStyleSheet = true;
Vector<char> styleSheetAsUTF8;
if (base64Decode(decodeURLEscapeSequences(url.string().substring(35)), styleSheetAsUTF8, Base64IgnoreWhitespace))
m_userStyleSheet = String::fromUTF8(styleSheetAsUTF8.data(), styleSheetAsUTF8.size());
}
for (Frame* frame = mainFrame(); frame; frame = frame->tree()->traverseNext()) {
if (frame->document())
frame->document()->styleSheetCollection()->updatePageUserSheet();
}
}
bool WebProcessProxy::checkURLReceivedFromWebProcess(const KURL& url)
{
// FIXME: Consider checking that the URL is valid. Currently, WebProcess sends invalid URLs in many cases, but it probably doesn't have good reasons to do that.
// Any other non-file URL is OK.
if (!url.isLocalFile())
return true;
// Any file URL is also OK if we've loaded a file URL through API before, granting universal read access.
if (m_mayHaveUniversalFileReadSandboxExtension)
return true;
// If we loaded a string with a file base URL before, loading resources from that subdirectory is fine.
// There are no ".." components, because all URLs received from WebProcess are parsed with KURL, which removes those.
String path = url.fileSystemPath();
for (HashSet<String>::const_iterator iter = m_localPathsWithAssumedReadAccess.begin(); iter != m_localPathsWithAssumedReadAccess.end(); ++iter) {
if (path.startsWith(*iter))
return true;
}
// Items in back/forward list have been already checked.
// One case where we don't have sandbox extensions for file URLs in b/f list is if the list has been reinstated after a crash or a browser restart.
for (WebBackForwardListItemMap::iterator iter = m_backForwardListItemMap.begin(), end = m_backForwardListItemMap.end(); iter != end; ++iter) {
if (KURL(KURL(), iter->value->url()).fileSystemPath() == path)
return true;
if (KURL(KURL(), iter->value->originalURL()).fileSystemPath() == path)
return true;
}
// A Web process that was never asked to load a file URL should not ever ask us to do anything with a file URL.
WTFLogAlways("Received an unexpected URL from the web process: '%s'\n", url.string().utf8().data());
return false;
}
void Page::userStyleSheetLocationChanged()
{
// FIXME: Eventually we will move to a model of just being handed the sheet
// text instead of loading the URL ourselves.
KURL url = m_settings->userStyleSheetLocation();
if (url.isLocalFile())
m_userStyleSheetPath = url.fileSystemPath();
else
m_userStyleSheetPath = String();
m_didLoadUserStyleSheet = false;
m_userStyleSheet = String();
m_userStyleSheetModificationTime = 0;
// Data URLs with base64-encoded UTF-8 style sheets are common. We can process them
// synchronously and avoid using a loader.
if (url.protocolIs("data") && url.string().startsWith("data:text/css;charset=utf-8;base64,")) {
m_didLoadUserStyleSheet = true;
const unsigned prefixLength = 35;
Vector<char> encodedData(url.string().length() - prefixLength);
for (unsigned i = prefixLength; i < url.string().length(); ++i)
encodedData[i - prefixLength] = static_cast<char>(url.string()[i]);
Vector<char> styleSheetAsUTF8;
if (base64Decode(encodedData, styleSheetAsUTF8))
m_userStyleSheet = String::fromUTF8(styleSheetAsUTF8.data(), styleSheetAsUTF8.size());
}
for (Frame* frame = mainFrame(); frame; frame = frame->tree()->traverseNext()) {
if (frame->document())
frame->document()->clearPageUserSheet();
}
}