TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) {
KURL base;
CSPSource source(csp.get(), "http", "example.com", 80, "/",
CSPSource::NoWildcard, CSPSource::NoWildcard);
EXPECT_TRUE(source.matches(KURL(base, "http://example.com/")));
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/")));
EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/")));
EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/")));
EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/")));
EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/")));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/")));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/")));
EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/")));
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/")));
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/")));
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/")));
}
void PakProtocol::get(const KURL &url) {
kdDebug(PAK_DEBUG_ID) << "ArchiveProtocol::get " << url << endl;
QString path;
KIO::Error errorNum;
if ( !checkNewFile( url, path, errorNum ) )
{
if ( errorNum == KIO::ERR_CANNOT_OPEN_FOR_READING )
{
// If we cannot open, it might be a problem with the archive header (e.g. unsupported format)
// Therefore give a more specific error message
error( KIO::ERR_SLAVE_DEFINED,
i18n( "Could not open the file, probably due to an unsupported file format.\n%1")
.arg( url.prettyURL() ) );
return;
}
else
{
// We have any other error
error( errorNum, url.prettyURL() );
return;
}
}
kdDebug(PAK_DEBUG_ID) << "Continue getting" << endl;
path = QString::fromLocal8Bit(remoteEncoding()->encode(path));
kdDebug(PAK_DEBUG_ID) << "Path > " << path << endl;
const KArchiveDirectory* root = _pakFile->directory();
const KArchiveEntry* archiveEntry = root->entry( path );
kdDebug(PAK_DEBUG_ID) << "Check if no archiveEntry > " << archiveEntry << endl;
if ( !archiveEntry )
{
error( KIO::ERR_DOES_NOT_EXIST, url.prettyURL() );
return;
}
kdDebug(PAK_DEBUG_ID) << "archiveEntry::name > " << archiveEntry->name() << endl;
if ( archiveEntry->isDirectory() )
{
error( KIO::ERR_IS_DIRECTORY, url.prettyURL() );
return;
}
const KArchiveFile* archiveFileEntry = static_cast<const KArchiveFile *>(archiveEntry);
if ( !archiveEntry->symlink().isEmpty() )
{
kdDebug(7109) << "Redirection to " << archiveEntry->symlink() << endl;
KURL realURL;
if (archiveEntry->symlink().startsWith("/")) { // absolute path
realURL.setPath(archiveEntry->symlink() ); // goes out of tar:/, back into file:
} else {
realURL = KURL( url, archiveEntry->symlink() );
}
kdDebug(7109) << "realURL= " << realURL << endl;
redirection( realURL );
finished();
return;
}
//kdDebug(7109) << "Preparing to get the archive data" << endl;
/*
* The easy way would be to get the data by calling archiveFileEntry->data()
* However this has drawbacks:
* - the complete file must be read into the memory
* - errors are skipped, resulting in an empty file
*/
QIODevice* io = 0;
// Getting the device is hard, as archiveFileEntry->device() is not virtual!
if ( url.protocol() == "pak" )
{
io = archiveFileEntry->device();
}
else
{
// Wrong protocol? Why was this not catched by checkNewFile?
kdWarning(7109) << "Protocol " << url.protocol() << " not supported by this IOSlave; " << k_funcinfo << endl;
error( KIO::ERR_UNSUPPORTED_PROTOCOL, url.protocol() );
return;
}
if (!io)
{
error( KIO::ERR_SLAVE_DEFINED,
i18n( "The archive file could not be opened, perhaps because the format is unsupported.\n%1" )
.arg( url.prettyURL() ) );
return;
}
if ( !io->open( IO_ReadOnly ) )
{
error( KIO::ERR_CANNOT_OPEN_FOR_READING, url.prettyURL() );
return;
}
totalSize( archiveFileEntry->size() );
// Size of a QIODevice read. It must be large enough so that the mime type check will not fail
const int maxSize = 0x100000; // 1MB
int bufferSize = kMin( maxSize, archiveFileEntry->size() );
QByteArray buffer ( bufferSize );
if ( buffer.isEmpty() && bufferSize > 0 )
{
// Something went wrong
error( KIO::ERR_OUT_OF_MEMORY, url.prettyURL() );
return;
}
bool firstRead = true;
// How much file do we still have to process?
int fileSize = archiveFileEntry->size();
KIO::filesize_t processed = 0;
while ( !io->atEnd() && fileSize > 0 )
{
if ( !firstRead )
{
bufferSize = kMin( maxSize, fileSize );
buffer.resize( bufferSize, QGArray::SpeedOptim );
}
const Q_LONG read = io->readBlock( buffer.data(), buffer.size() ); // Avoid to use bufferSize here, in case something went wrong.
if ( read != bufferSize )
{
kdWarning(7109) << "Read " << read << " bytes but expected " << bufferSize << endl;
error( KIO::ERR_COULD_NOT_READ, url.prettyURL() );
return;
}
if ( firstRead )
{
// We use the magic one the first data read
// (As magic detection is about fixed positions, we can be sure that it is enough data.)
KMimeMagicResult * result = KMimeMagic::self()->findBufferFileType( buffer, path );
kdDebug(7109) << "Emitting mimetype " << result->mimeType() << endl;
mimeType( result->mimeType() );
firstRead = false;
}
data( buffer );
processed += read;
processedSize( processed );
fileSize -= bufferSize;
}
io->close();
delete io;
data( QByteArray() );
finished();
/*kdDebug(PAK_DEBUG_ID) << "Entering get()" << endl;
mimetype("text/plain");
QCString str("Hello Pak World!!");
data(str);
finished();
kdDebug(PAK_DEBUG_ID) << "Exiting get()" << endl;*/
}
String InspectorDebuggerAgent::sourceMapURLForScript(const Script& script)
{
DEFINE_STATIC_LOCAL(String, sourceMapHTTPHeader, (ASCIILiteral("SourceMap")));
DEFINE_STATIC_LOCAL(String, sourceMapHTTPHeaderDeprecated, (ASCIILiteral("X-SourceMap")));
if (!script.url.isEmpty()) {
if (InspectorPageAgent* pageAgent = m_instrumentingAgents->inspectorPageAgent()) {
CachedResource* resource = pageAgent->cachedResource(pageAgent->mainFrame(), KURL(ParsedURLString, script.url));
if (resource) {
String sourceMapHeader = resource->response().httpHeaderField(sourceMapHTTPHeader);
if (!sourceMapHeader.isEmpty())
return sourceMapHeader;
sourceMapHeader = resource->response().httpHeaderField(sourceMapHTTPHeaderDeprecated);
if (!sourceMapHeader.isEmpty())
return sourceMapHeader;
}
}
}
return ContentSearchUtils::findScriptSourceMapURL(script.source);
}
static unsigned logCanCacheFrameDecision(Frame* frame, int indentLevel)
{
PCLOG("+---");
if (!frame->loader().documentLoader()) {
PCLOG(" -There is no DocumentLoader object");
return 1 << NoDocumentLoader;
}
KURL currentURL = frame->loader().documentLoader()->url();
KURL newURL = frame->loader().provisionalDocumentLoader() ? frame->loader().provisionalDocumentLoader()->url() : KURL();
if (!newURL.isEmpty())
PCLOG(" Determining if frame can be cached navigating from (", currentURL.string(), ") to (", newURL.string(), "):");
else
PCLOG(" Determining if subframe with URL (", currentURL.string(), ") can be cached:");
unsigned rejectReasons = 0;
if (!frame->loader().documentLoader()->mainDocumentError().isNull()) {
PCLOG(" -Main document has an error");
rejectReasons |= 1 << MainDocumentError;
}
if (frame->loader().documentLoader()->substituteData().isValid() && frame->loader().documentLoader()->substituteData().failingURL().isEmpty()) {
PCLOG(" -Frame is an error page");
rejectReasons |= 1 << IsErrorPage;
}
if (frame->loader().subframeLoader()->containsPlugins() && !frame->page()->settings().pageCacheSupportsPlugins()) {
PCLOG(" -Frame contains plugins");
rejectReasons |= 1 << HasPlugins;
}
if (frame->document()->url().protocolIs("https")
&& (frame->loader().documentLoader()->response().cacheControlContainsNoCache()
|| frame->loader().documentLoader()->response().cacheControlContainsNoStore())) {
PCLOG(" -Frame is HTTPS, and cache control prohibits caching or storing");
rejectReasons |= 1 << IsHttpsAndCacheControlled;
}
if (frame->document()->domWindow() && frame->document()->domWindow()->hasEventListeners(eventNames().unloadEvent)) {
PCLOG(" -Frame has an unload event listener");
rejectReasons |= 1 << HasUnloadListener;
}
#if ENABLE(SQL_DATABASE)
if (DatabaseManager::manager().hasOpenDatabases(frame->document())) {
PCLOG(" -Frame has open database handles");
rejectReasons |= 1 << HasDatabaseHandles;
}
#endif
#if ENABLE(SHARED_WORKERS)
if (SharedWorkerRepository::hasSharedWorkers(frame->document())) {
PCLOG(" -Frame has associated SharedWorkers");
rejectReasons |= 1 << HasSharedWorkers;
}
#endif
if (!frame->loader().history().currentItem()) {
PCLOG(" -No current history item");
rejectReasons |= 1 << NoHistoryItem;
}
if (frame->loader().quickRedirectComing()) {
PCLOG(" -Quick redirect is coming");
rejectReasons |= 1 << QuickRedirectComing;
}
if (frame->loader().documentLoader()->isLoadingInAPISense()) {
PCLOG(" -DocumentLoader is still loading in API sense");
rejectReasons |= 1 << IsLoadingInAPISense;
}
if (frame->loader().documentLoader()->isStopping()) {
PCLOG(" -DocumentLoader is in the middle of stopping");
rejectReasons |= 1 << IsStopping;
}
if (!frame->document()->canSuspendActiveDOMObjects()) {
PCLOG(" -The document cannot suspect its active DOM Objects");
rejectReasons |= 1 << CannotSuspendActiveDOMObjects;
}
if (!frame->loader().documentLoader()->applicationCacheHost()->canCacheInPageCache()) {
PCLOG(" -The DocumentLoader uses an application cache");
rejectReasons |= 1 << DocumentLoaderUsesApplicationCache;
}
if (!frame->loader().client().canCachePage()) {
PCLOG(" -The client says this frame cannot be cached");
rejectReasons |= 1 << ClientDeniesCaching;
}
HistogramSupport::histogramEnumeration("PageCache.FrameCacheable", !rejectReasons, 2);
int reasonCount = 0;
for (int i = 0; i < NumberOfReasonsFramesCannotBeInPageCache; ++i) {
if (rejectReasons & (1 << i)) {
++reasonCount;
HistogramSupport::histogramEnumeration("PageCache.FrameRejectReason", i, NumberOfReasonsFramesCannotBeInPageCache);
}
}
HistogramSupport::histogramEnumeration("PageCache.FrameRejectReasonCount", reasonCount, 1 + NumberOfReasonsFramesCannotBeInPageCache);
for (Frame* child = frame->tree().firstChild(); child; child = child->tree().nextSibling())
rejectReasons |= logCanCacheFrameDecision(child, indentLevel + 1);
PCLOG(rejectReasons ? " Frame CANNOT be cached" : " Frame CAN be cached");
PCLOG("+---");
return rejectReasons;
}
FrameFetchContextUpgradeTest()
: exampleOrigin(SecurityOrigin::create(KURL(ParsedURLString, "https://example.test/")))
, secureOrigin(SecurityOrigin::create(KURL(ParsedURLString, "https://secureorigin.test/image.png")))
{
}
KURL HistoryItem::url() const
{
return KURL(m_urlString);
}
KURL HistoryItem::originalURL() const
{
return KURL(ParsedURLString, m_originalURLString);
}
static PassRefPtr<ArchiveResource> createResource(CFDictionaryRef dictionary)
{
ASSERT(dictionary);
if (!dictionary)
return 0;
CFDataRef resourceData = static_cast<CFDataRef>(CFDictionaryGetValue(dictionary, LegacyWebArchiveResourceDataKey));
if (resourceData && CFGetTypeID(resourceData) != CFDataGetTypeID()) {
LOG(Archives, "LegacyWebArchive - Resource data is not of type CFData, cannot create invalid resource");
return 0;
}
CFStringRef frameName = static_cast<CFStringRef>(CFDictionaryGetValue(dictionary, LegacyWebArchiveResourceFrameNameKey));
if (frameName && CFGetTypeID(frameName) != CFStringGetTypeID()) {
LOG(Archives, "LegacyWebArchive - Frame name is not of type CFString, cannot create invalid resource");
return 0;
}
CFStringRef mimeType = static_cast<CFStringRef>(CFDictionaryGetValue(dictionary, LegacyWebArchiveResourceMIMETypeKey));
if (mimeType && CFGetTypeID(mimeType) != CFStringGetTypeID()) {
LOG(Archives, "LegacyWebArchive - MIME type is not of type CFString, cannot create invalid resource");
return 0;
}
CFStringRef url = static_cast<CFStringRef>(CFDictionaryGetValue(dictionary, LegacyWebArchiveResourceURLKey));
if (url && CFGetTypeID(url) != CFStringGetTypeID()) {
LOG(Archives, "LegacyWebArchive - URL is not of type CFString, cannot create invalid resource");
return 0;
}
CFStringRef textEncoding = static_cast<CFStringRef>(CFDictionaryGetValue(dictionary, LegacyWebArchiveResourceTextEncodingNameKey));
if (textEncoding && CFGetTypeID(textEncoding) != CFStringGetTypeID()) {
LOG(Archives, "LegacyWebArchive - Text encoding is not of type CFString, cannot create invalid resource");
return 0;
}
ResourceResponse response;
CFDataRef resourceResponseData = static_cast<CFDataRef>(CFDictionaryGetValue(dictionary, LegacyWebArchiveResourceResponseKey));
if (resourceResponseData) {
if (CFGetTypeID(resourceResponseData) != CFDataGetTypeID()) {
LOG(Archives, "LegacyWebArchive - Resource response data is not of type CFData, cannot create invalid resource");
return 0;
}
CFStringRef resourceResponseVersion = static_cast<CFStringRef>(CFDictionaryGetValue(dictionary, LegacyWebArchiveResourceResponseVersionKey));
if (resourceResponseVersion && CFGetTypeID(resourceResponseVersion) != CFStringGetTypeID()) {
LOG(Archives, "LegacyWebArchive - Resource response version is not of type CFString, cannot create invalid resource");
return 0;
}
response = createResourceResponseFromPropertyListData(resourceResponseData, resourceResponseVersion);
}
return ArchiveResource::create(SharedBuffer::create(CFDataGetBytePtr(resourceData), CFDataGetLength(resourceData)), KURL(url), mimeType, textEncoding, frameName, response);
}
PassRefPtr<LegacyWebArchive> LegacyWebArchive::create(const String& markupString, Frame* frame, Vector<Node*>& nodes)
{
ASSERT(frame);
const ResourceResponse& response = frame->loader()->documentLoader()->response();
KURL responseURL = response.url();
// it's possible to have a response without a URL here
// <rdar://problem/5454935>
if (responseURL.isNull())
responseURL = KURL("");
PassRefPtr<ArchiveResource> mainResource = ArchiveResource::create(utf8Buffer(markupString), responseURL, response.mimeType(), "UTF-8", frame->tree()->name());
Vector<PassRefPtr<LegacyWebArchive> > subframeArchives;
Vector<PassRefPtr<ArchiveResource> > subresources;
HashSet<KURL> uniqueSubresources;
Vector<Node*>::iterator it = nodes.begin();
Vector<Node*>::iterator end = nodes.end();
for (; it != end; ++it) {
Frame* childFrame;
if (((*it)->hasTagName(HTMLNames::frameTag) || (*it)->hasTagName(HTMLNames::iframeTag) || (*it)->hasTagName(HTMLNames::objectTag)) &&
(childFrame = static_cast<HTMLFrameOwnerElement*>(*it)->contentFrame())) {
RefPtr<LegacyWebArchive> subframeArchive;
if (Document* document = childFrame->document())
subframeArchive = LegacyWebArchive::create(document);
else
subframeArchive = create(childFrame);
if (subframeArchive)
subframeArchives.append(subframeArchive);
else
LOG_ERROR("Unabled to archive subframe %s", childFrame->tree()->name().string().utf8().data());
} else {
ListHashSet<KURL> subresourceURLs;
(*it)->getSubresourceURLs(subresourceURLs);
DocumentLoader* documentLoader = frame->loader()->documentLoader();
ListHashSet<KURL>::iterator iterEnd = subresourceURLs.end();
for (ListHashSet<KURL>::iterator iter = subresourceURLs.begin(); iter != iterEnd; ++iter) {
const KURL& subresourceURL = *iter;
if (uniqueSubresources.contains(subresourceURL))
continue;
uniqueSubresources.add(subresourceURL);
RefPtr<ArchiveResource> resource = documentLoader->subresource(subresourceURL);
if (resource) {
subresources.append(resource.release());
continue;
}
CachedResource *cachedResource = cache()->resourceForURL(subresourceURL);
if (cachedResource) {
resource = ArchiveResource::create(cachedResource->data(), subresourceURL, cachedResource->response());
if (resource) {
subresources.append(resource.release());
continue;
}
}
// FIXME: should do something better than spew to console here
LOG_ERROR("Failed to archive subresource for %s", subresourceURL.string().utf8().data());
}
}
}
// Add favicon if one exists for this page
if (iconDatabase() && iconDatabase()->isEnabled()) {
const String& iconURL = iconDatabase()->iconURLForPageURL(responseURL);
if (!iconURL.isEmpty() && iconDatabase()->iconDataKnownForIconURL(iconURL)) {
if (Image* iconImage = iconDatabase()->iconForPageURL(responseURL, IntSize(16, 16))) {
RefPtr<ArchiveResource> resource = ArchiveResource::create(iconImage->data(), KURL(iconURL), "image/x-icon", "", "");
subresources.append(resource.release());
}
}
}
return create(mainResource, subresources, subframeArchives);
}
String Navigator::userAgent() const
{
if (!m_frame)
return String();
return m_frame->loader()->userAgent(m_frame->document() ? m_frame->document()->url() : KURL());
}
void WebSharedWorkerImpl::initializeLoader(const WebURL& url)
{
// Create 'shadow page'. This page is never displayed, it is used to proxy the
// loading requests from the worker context to the rest of WebKit and Chromium
// infrastructure.
ASSERT(!m_webView);
m_webView = WebView::create(0);
m_webView->settings()->setOfflineWebApplicationCacheEnabled(WebRuntimeFeatures::isApplicationCacheEnabled());
// FIXME: Settings information should be passed to the Worker process from Browser process when the worker
// is created (similar to RenderThread::OnCreateNewView).
m_mainFrame = WebFrame::create(this);
m_webView->setMainFrame(m_mainFrame);
WebFrameImpl* webFrame = toWebFrameImpl(m_webView->mainFrame());
// Construct substitute data source for the 'shadow page'. We only need it
// to have same origin as the worker so the loading checks work correctly.
CString content("");
int length = static_cast<int>(content.length());
RefPtr<SharedBuffer> buffer(SharedBuffer::create(content.data(), length));
webFrame->frame()->loader().load(FrameLoadRequest(0, ResourceRequest(url), SubstituteData(buffer, "text/html", "UTF-8", KURL())));
// This document will be used as 'loading context' for the worker.
m_loadingDocument = webFrame->frame()->document();
}
PassRefPtr<Document> XSLTProcessor::createDocumentFromSource(const String& sourceString,
const String& sourceEncoding, const String& sourceMIMEType, Node* sourceNode, Frame* frame)
{
RefPtr<Document> ownerDocument = &sourceNode->document();
bool sourceIsDocument = (sourceNode == ownerDocument.get());
String documentSource = sourceString;
RefPtr<Document> result;
if (sourceMIMEType == "text/plain") {
result = Document::create(DocumentInit(sourceIsDocument ? ownerDocument->url() : KURL(), frame));
transformTextStringToXHTMLDocumentString(documentSource);
} else
result = DOMImplementation::createDocument(sourceMIMEType, frame, sourceIsDocument ? ownerDocument->url() : KURL(), false);
// Before parsing, we need to save & detach the old document and get the new document
// in place. We have to do this only if we're rendering the result document.
if (frame) {
if (FrameView* view = frame->view())
view->clear();
if (Document* oldDocument = frame->document()) {
result->setTransformSourceDocument(oldDocument);
result->setSecurityOrigin(oldDocument->securityOrigin());
result->setCookieURL(oldDocument->cookieURL());
result->contentSecurityPolicy()->copyStateFrom(oldDocument->contentSecurityPolicy());
}
frame->domWindow()->setDocument(result);
}
result->setEncoding(sourceEncoding.isEmpty() ? UTF8Encoding() : WTF::TextEncoding(sourceEncoding));
result->setContent(documentSource);
return result.release();
}
bool URLInputType::typeMismatchFor(const String& value) const
{
return !value.isEmpty() && !KURL(KURL(), value).isValid();
}
void MainResourceLoader::didReceiveData(const char* data, int length, long long encodedDataLength, bool allAtOnce)
{
ASSERT(data);
ASSERT(length != 0);
ASSERT(!m_response.isNull());
#if USE(CFNETWORK) || PLATFORM(MAC)
// Workaround for <rdar://problem/6060782>
if (m_response.isNull()) {
m_response = ResourceResponse(KURL(), "text/html", 0, String(), String());
if (DocumentLoader* documentLoader = frameLoader()->activeDocumentLoader())
documentLoader->setResponse(m_response);
}
#endif
// There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
// See <rdar://problem/6304600> for more details.
#if !USE(CF)
ASSERT(!defersLoading());
#endif
#if PLATFORM(MAC) && !PLATFORM(IOS) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
if (m_filter) {
ASSERT(!wkFilterWasBlocked(m_filter));
const char* blockedData = wkFilterAddData(m_filter, data, &length);
// If we don't have blockedData, that means we're still accumulating data
if (!blockedData) {
// Transition to committed state.
ResourceLoader::didReceiveData("", 0, 0, false);
return;
}
data = blockedData;
encodedDataLength = -1;
}
#endif
documentLoader()->applicationCacheHost()->mainResourceDataReceived(data, length, encodedDataLength, allAtOnce);
// The additional processing can do anything including possibly removing the last
// reference to this object; one example of this is 3266216.
RefPtr<MainResourceLoader> protect(this);
m_timeOfLastDataReceived = monotonicallyIncreasingTime();
ResourceLoader::didReceiveData(data, length, encodedDataLength, allAtOnce);
#if PLATFORM(MAC) && !PLATFORM(IOS) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
if (WebFilterEvaluator *filter = m_filter) {
// If we got here, it means we know if we were blocked or not. If we were blocked, we're
// done loading the page altogether. Either way, we don't need the filter anymore.
// Remove this->m_filter early so didFinishLoading doesn't see it.
m_filter = 0;
if (wkFilterWasBlocked(filter))
cancel();
wkFilterRelease(filter);
}
#endif
}
void DocumentWriter::begin()
{
begin(KURL());
}
StyleCachedImage* CSSImageValue::cachedImage(DocLoader* loader, const String& url)
{
if (!m_accessedImage) {
m_accessedImage = true;
CachedImage* cachedImage = 0;
if (loader)
cachedImage = loader->requestImage(url);
else {
// FIXME: Should find a way to make these images sit in their own memory partition, since they are user agent images.
cachedImage = static_cast<CachedImage*>(cache()->requestResource(0, CachedResource::ImageResource, KURL(ParsedURLString, url), String()));
}
if (cachedImage) {
cachedImage->addClient(this);
m_image = StyleCachedImage::create(cachedImage);
}
}
return m_image.get();
}
// In general, extracting the inner URL varies by scheme. It just so happens
// that all the URL schemes we currently support that use inner URLs for their
// security origin can be parsed using this algorithm.
static KURL extractInnerURL(const KURL& url)
{
// FIXME: Update this callsite to use the innerURL member function when
// we finish implementing it.
return KURL(ParsedURLString, decodeURLEscapeSequences(url.path()));
}
PassRefPtr<RTCConfiguration> RTCPeerConnection::parseConfiguration(const Dictionary& configuration, ExceptionState& exceptionState)
{
if (configuration.isUndefinedOrNull())
return nullptr;
ArrayValue iceServers;
bool ok = configuration.get("iceServers", iceServers);
if (!ok || iceServers.isUndefinedOrNull()) {
exceptionState.throwTypeError("Malformed RTCConfiguration");
return nullptr;
}
size_t numberOfServers;
ok = iceServers.length(numberOfServers);
if (!ok) {
exceptionState.throwTypeError("Malformed RTCConfiguration");
return nullptr;
}
RefPtr<RTCConfiguration> rtcConfiguration = RTCConfiguration::create();
for (size_t i = 0; i < numberOfServers; ++i) {
Dictionary iceServer;
ok = iceServers.get(i, iceServer);
if (!ok) {
exceptionState.throwTypeError("Malformed RTCIceServer");
return nullptr;
}
Vector<String> names;
iceServer.getOwnPropertyNames(names);
Vector<String> urlStrings;
if (names.contains("urls")) {
if (!iceServer.get("urls", urlStrings) || !urlStrings.size()) {
String urlString;
if (iceServer.get("urls", urlString)) {
urlStrings.append(urlString);
} else {
exceptionState.throwTypeError("Malformed RTCIceServer");
return nullptr;
}
}
} else if (names.contains("url")) {
String urlString;
if (iceServer.get("url", urlString)) {
urlStrings.append(urlString);
} else {
exceptionState.throwTypeError("Malformed RTCIceServer");
return nullptr;
}
} else {
exceptionState.throwTypeError("Malformed RTCIceServer");
return nullptr;
}
String username, credential;
iceServer.get("username", username);
iceServer.get("credential", credential);
for (Vector<String>::iterator iter = urlStrings.begin(); iter != urlStrings.end(); ++iter) {
KURL url(KURL(), *iter);
if (!url.isValid() || !(url.protocolIs("turn") || url.protocolIs("turns") || url.protocolIs("stun"))) {
exceptionState.throwTypeError("Malformed URL");
return nullptr;
}
rtcConfiguration->appendServer(RTCIceServer::create(url, username, credential));
}
}
return rtcConfiguration.release();
}
KURL HistoryItem::url() const
{
return KURL(ParsedURLString, m_urlString);
}
void WebSocket::connect(const String& url, const Vector<String>& protocols, ExceptionState& exceptionState)
{
WTF_LOG(Network, "WebSocket %p connect() url='%s'", this, url.utf8().data());
m_url = KURL(KURL(), url);
if (!m_url.isValid()) {
m_state = CLOSED;
exceptionState.throwDOMException(SyntaxError, "The URL '" + url + "' is invalid.");
return;
}
if (!m_url.protocolIs("ws") && !m_url.protocolIs("wss")) {
m_state = CLOSED;
exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed.");
return;
}
if (MixedContentChecker::isMixedContent(executionContext()->securityOrigin(), m_url)) {
// FIXME: Throw an exception and close the connection.
String message = "Connecting to a non-secure WebSocket server from a secure origin is deprecated.";
executionContext()->addConsoleMessage(JSMessageSource, WarningMessageLevel, message);
}
if (m_url.hasFragmentIdentifier()) {
m_state = CLOSED;
exceptionState.throwDOMException(SyntaxError, "The URL contains a fragment identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are not allowed in WebSocket URLs.");
return;
}
if (!portAllowed(m_url)) {
m_state = CLOSED;
exceptionState.throwSecurityError("The port " + String::number(m_url.port()) + " is not allowed.");
return;
}
// FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
bool shouldBypassMainWorldContentSecurityPolicy = false;
if (executionContext()->isDocument()) {
Document* document = toDocument(executionContext());
shouldBypassMainWorldContentSecurityPolicy = document->frame()->script().shouldBypassMainWorldContentSecurityPolicy();
}
if (!shouldBypassMainWorldContentSecurityPolicy && !executionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
m_state = CLOSED;
// The URL is safe to expose to JavaScript, as this check happens synchronously before redirection.
exceptionState.throwSecurityError("Refused to connect to '" + m_url.elidedString() + "' because it violates the document's Content Security Policy.");
return;
}
m_channel = WebSocketChannel::create(executionContext(), this);
// FIXME: There is a disagreement about restriction of subprotocols between WebSocket API and hybi-10 protocol
// draft. The former simply says "only characters in the range U+0021 to U+007E are allowed," while the latter
// imposes a stricter rule: "the elements MUST be non-empty strings with characters as defined in [RFC2616],
// and MUST all be unique strings."
//
// Here, we throw SyntaxError if the given protocols do not meet the latter criteria. This behavior does not
// comply with WebSocket API specification, but it seems to be the only reasonable way to handle this conflict.
for (size_t i = 0; i < protocols.size(); ++i) {
if (!isValidProtocolString(protocols[i])) {
m_state = CLOSED;
exceptionState.throwDOMException(SyntaxError, "The subprotocol '" + encodeProtocolString(protocols[i]) + "' is invalid.");
releaseChannel();
return;
}
}
HashSet<String> visited;
for (size_t i = 0; i < protocols.size(); ++i) {
if (!visited.add(protocols[i]).isNewEntry) {
m_state = CLOSED;
exceptionState.throwDOMException(SyntaxError, "The subprotocol '" + encodeProtocolString(protocols[i]) + "' is duplicated.");
releaseChannel();
return;
}
}
String protocolString;
if (!protocols.isEmpty())
protocolString = joinStrings(protocols, subProtocolSeperator());
m_channel->connect(m_url, protocolString);
}
static void logCanCachePageDecision(Page* page)
{
// Only bother logging for main frames that have actually loaded and have content.
if (page->mainFrame().loader().stateMachine()->creatingInitialEmptyDocument())
return;
KURL currentURL = page->mainFrame().loader().documentLoader() ? page->mainFrame().loader().documentLoader()->url() : KURL();
if (currentURL.isEmpty())
return;
int indentLevel = 0;
PCLOG("--------\n Determining if page can be cached:");
unsigned rejectReasons = 0;
unsigned frameRejectReasons = logCanCacheFrameDecision(&page->mainFrame(), indentLevel+1);
if (frameRejectReasons)
rejectReasons |= 1 << FrameCannotBeInPageCache;
if (!page->backForward()->isActive()) {
PCLOG(" -The back/forward list is disabled or has 0 capacity");
rejectReasons |= 1 << DisabledBackForwardList;
}
if (!page->settings().usesPageCache()) {
PCLOG(" -Page settings says b/f cache disabled");
rejectReasons |= 1 << DisabledPageCache;
}
#if ENABLE(DEVICE_ORIENTATION)
if (DeviceMotionController::isActiveAt(page)) {
PCLOG(" -Page is using DeviceMotion");
rejectReasons |= 1 << UsesDeviceMotion;
}
if (DeviceOrientationController::isActiveAt(page)) {
PCLOG(" -Page is using DeviceOrientation");
rejectReasons |= 1 << UsesDeviceOrientation;
}
#endif
#if ENABLE(PROXIMITY_EVENTS)
if (DeviceProximityController::isActiveAt(page)) {
PCLOG(" -Page is using DeviceProximity");
rejectReasons |= 1 << UsesDeviceMotion;
}
#endif
FrameLoadType loadType = page->mainFrame().loader().loadType();
if (loadType == FrameLoadTypeReload) {
PCLOG(" -Load type is: Reload");
rejectReasons |= 1 << IsReload;
}
if (loadType == FrameLoadTypeReloadFromOrigin) {
PCLOG(" -Load type is: Reload from origin");
rejectReasons |= 1 << IsReloadFromOrigin;
}
if (loadType == FrameLoadTypeSame) {
PCLOG(" -Load type is: Same");
rejectReasons |= 1 << IsSameLoad;
}
PCLOG(rejectReasons ? " Page CANNOT be cached\n--------" : " Page CAN be cached\n--------");
HistogramSupport::histogramEnumeration("PageCache.PageCacheable", !rejectReasons, 2);
int reasonCount = 0;
for (int i = 0; i < NumberOfReasonsPagesCannotBeInPageCache; ++i) {
if (rejectReasons & (1 << i)) {
++reasonCount;
HistogramSupport::histogramEnumeration("PageCache.PageRejectReason", i, NumberOfReasonsPagesCannotBeInPageCache);
}
}
HistogramSupport::histogramEnumeration("PageCache.PageRejectReasonCount", reasonCount, 1 + NumberOfReasonsPagesCannotBeInPageCache);
const bool settingsDisabledPageCache = rejectReasons & (1 << DisabledPageCache);
HistogramSupport::histogramEnumeration("PageCache.PageRejectReasonCountExcludingSettings", reasonCount - settingsDisabledPageCache, NumberOfReasonsPagesCannotBeInPageCache);
// Report also on the frame reasons by page; this is distinct from the per frame statistics since it coalesces the
// causes from all subframes together.
HistogramSupport::histogramEnumeration("PageCache.FrameCacheableByPage", !frameRejectReasons, 2);
int frameReasonCount = 0;
for (int i = 0; i <= NumberOfReasonsFramesCannotBeInPageCache; ++i) {
if (frameRejectReasons & (1 << i)) {
++frameReasonCount;
HistogramSupport::histogramEnumeration("PageCache.FrameRejectReasonByPage", i, NumberOfReasonsFramesCannotBeInPageCache);
}
}
HistogramSupport::histogramEnumeration("PageCache.FrameRejectReasonCountByPage", frameReasonCount, 1 + NumberOfReasonsFramesCannotBeInPageCache);
}
void WebSocket::connect(const String& url, const Vector<String>& protocols, ExceptionCode& ec)
{
LOG(Network, "WebSocket %p connect to %s", this, url.utf8().data());
m_url = KURL(KURL(), url);
if (!m_url.isValid()) {
scriptExecutionContext()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Invalid url for WebSocket " + m_url.string(), scriptExecutionContext()->securityOrigin()->toString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
if (!m_url.protocolIs("ws") && !m_url.protocolIs("wss")) {
scriptExecutionContext()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Wrong url scheme for WebSocket " + m_url.string(), scriptExecutionContext()->securityOrigin()->toString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
if (m_url.hasFragmentIdentifier()) {
scriptExecutionContext()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "URL has fragment component " + m_url.string(), scriptExecutionContext()->securityOrigin()->toString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
if (!portAllowed(m_url)) {
scriptExecutionContext()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "WebSocket port " + String::number(m_url.port()) + " blocked", scriptExecutionContext()->securityOrigin()->toString());
m_state = CLOSED;
ec = SECURITY_ERR;
return;
}
if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectFromSource(m_url)) {
m_state = CLOSED;
// FIXME: Should this be throwing an exception?
ec = SECURITY_ERR;
return;
}
m_channel = ThreadableWebSocketChannel::create(scriptExecutionContext(), this);
m_useHixie76Protocol = m_channel->useHixie76Protocol();
String protocolString;
if (m_useHixie76Protocol) {
if (!protocols.isEmpty()) {
// Emulate JavaScript's Array.toString() behavior.
protocolString = joinStrings(protocols, ",");
}
if (!isValidProtocolStringHixie76(protocolString)) {
scriptExecutionContext()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Wrong protocol for WebSocket '" + encodeProtocolString(protocolString) + "'", scriptExecutionContext()->securityOrigin()->toString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
} else {
// FIXME: There is a disagreement about restriction of subprotocols between WebSocket API and hybi-10 protocol
// draft. The former simply says "only characters in the range U+0021 to U+007E are allowed," while the latter
// imposes a stricter rule: "the elements MUST be non-empty strings with characters as defined in [RFC2616],
// and MUST all be unique strings."
//
// Here, we throw SYNTAX_ERR if the given protocols do not meet the latter criteria. This behavior does not
// comply with WebSocket API specification, but it seems to be the only reasonable way to handle this conflict.
for (size_t i = 0; i < protocols.size(); ++i) {
if (!isValidProtocolString(protocols[i])) {
scriptExecutionContext()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Wrong protocol for WebSocket '" + encodeProtocolString(protocols[i]) + "'", scriptExecutionContext()->securityOrigin()->toString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
}
HashSet<String> visited;
for (size_t i = 0; i < protocols.size(); ++i) {
if (visited.contains(protocols[i])) {
scriptExecutionContext()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "WebSocket protocols contain duplicates: '" + encodeProtocolString(protocols[i]) + "'", scriptExecutionContext()->securityOrigin()->toString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
visited.add(protocols[i]);
}
if (!protocols.isEmpty())
protocolString = joinStrings(protocols, ", ");
}
m_channel->connect(m_url, protocolString);
ActiveDOMObject::setPendingActivity(this);
}
PassRefPtr<DOMFileSystem> InspectorFrontendHost::isolatedFileSystem(const String& fileSystemName, const String& rootURL)
{
ScriptExecutionContext* context = m_frontendPage->mainFrame()->document();
return DOMFileSystem::create(context, fileSystemName, FileSystemTypeIsolated, KURL(ParsedURLString, rootURL), AsyncFileSystem::create());
}
bool MockPagePopup::initialize()
{
const char scriptToSetUpPagePopupController[] = "<script>window.pagePopupController = parent.internals.pagePopupController;</script>";
RefPtr<SharedBuffer> data = SharedBuffer::create(scriptToSetUpPagePopupController, sizeof(scriptToSetUpPagePopupController));
m_popupClient->writeDocument(data.get());
LocalFrame* localFrame = toLocalFrame(m_iframe->contentFrame());
if (!localFrame)
return false;
localFrame->loader().load(FrameLoadRequest(0, blankURL(), SubstituteData(data, "text/html", "UTF-8", KURL(), ForceSynchronousLoad)));
return true;
}
PassRefPtr<SecurityOrigin> SecurityOrigin::createFromString(const String& originString)
{
return SecurityOrigin::create(KURL(KURL(), originString));
}
void ResourceRequest::initializePlatformRequest(NetworkRequest& platformRequest, bool cookiesEnabled, bool isInitial, bool isRedirect) const
{
// If this is the initial load, skip the request body and headers.
if (isInitial)
platformRequest.setRequestInitial(timeoutInterval());
else {
platformRequest.setRequestUrl(url().string().utf8().data(),
httpMethod().latin1().data(),
platformCachePolicyForRequest(*this),
platformTargetTypeForRequest(*this),
timeoutInterval());
platformRequest.setConditional(isConditional());
if (httpBody() && !httpBody()->isEmpty()) {
const Vector<FormDataElement>& elements = httpBody()->elements();
// Use setData for simple forms because it is slightly more efficient.
if (elements.size() == 1 && elements[0].m_type == FormDataElement::data)
platformRequest.setData(elements[0].m_data.data(), elements[0].m_data.size());
else {
for (unsigned i = 0; i < elements.size(); ++i) {
const FormDataElement& element = elements[i];
if (element.m_type == FormDataElement::data)
platformRequest.addMultipartData(element.m_data.data(), element.m_data.size());
else if (element.m_type == FormDataElement::encodedFile)
platformRequest.addMultipartFilename(element.m_filename.characters(), element.m_filename.length());
#if ENABLE(BLOB)
else if (element.m_type == FormDataElement::encodedBlob) {
RefPtr<BlobStorageData> blobData = static_cast<BlobRegistryImpl&>(blobRegistry()).getBlobDataFromURL(KURL(ParsedURLString, element.m_blobURL));
if (blobData) {
for (size_t j = 0; j < blobData->items().size(); ++j) {
const BlobDataItem& blobItem = blobData->items()[j];
if (blobItem.type == BlobDataItem::Data)
platformRequest.addMultipartData(blobItem.data->data() + static_cast<int>(blobItem.offset), static_cast<int>(blobItem.length));
else {
ASSERT(blobItem.type == BlobDataItem::File);
platformRequest.addMultipartFilename(blobItem.path.characters(), blobItem.path.length(), blobItem.offset, blobItem.length, blobItem.expectedModificationTime);
}
}
}
}
#endif
else
ASSERT_NOT_REACHED(); // unknown type
}
}
}
// When ResourceRequest is reused by CacheResourceLoader, page refreshing or redirection, its cookies may be dirtied. We won't use these cookies any more.
bool cookieHeaderMayBeDirty = isRedirect || cachePolicy() == WebCore::ReloadIgnoringCacheData || cachePolicy() == WebCore::ReturnCacheDataElseLoad;
for (HTTPHeaderMap::const_iterator it = httpHeaderFields().begin(); it != httpHeaderFields().end(); ++it) {
String key = it->first;
String value = it->second;
if (!key.isEmpty()) {
// We need to check the encoding and encode the cookie's value using latin1 or utf8 to support unicode characters.
// We wo't use the old cookies of resourceRequest for new location because these cookies may be changed by redirection.
if (!equalIgnoringCase(key, "Cookie"))
platformRequest.addHeader(key.latin1().data(), value.latin1().data());
else if (!cookieHeaderMayBeDirty)
platformRequest.addHeader(key.latin1().data(), value.containsOnlyLatin1() ? value.latin1().data() : value.utf8().data());
}
}
// If request's cookies may be dirty, they must be set again.
// If there aren't cookies in the header list, we need trying to add cookies.
if (cookiesEnabled && (cookieHeaderMayBeDirty || !httpHeaderFields().contains("Cookie")) && !url().isNull()) {
// Prepare a cookie header if there are cookies related to this url.
String cookiePairs = cookieManager().getCookie(url(), WithHttpOnlyCookies);
if (!cookiePairs.isEmpty())
platformRequest.addHeader("Cookie", cookiePairs.containsOnlyLatin1() ? cookiePairs.latin1().data() : cookiePairs.utf8().data());
}
if (!httpHeaderFields().contains("Accept-Language")) {
// Locale has the form "en-US". Construct accept language like "en-US, en;q=0.8".
std::string locale = BlackBerry::Platform::Client::get()->getLocale();
// POSIX locale has '_' instead of '-'.
// Replace to conform to HTTP spec.
size_t underscore = locale.find('_');
if (underscore != std::string::npos)
locale.replace(underscore, 1, "-");
std::string acceptLanguage = locale + ", " + locale.substr(0, 2) + ";q=0.8";
platformRequest.addHeader("Accept-Language", acceptLanguage.c_str());
}
}
}
KURL IconController::url()
{
IconURLs iconURLs = urlsForTypes(Favicon);
return iconURLs.isEmpty() ? KURL() : iconURLs[0].m_iconURL;
}
void PageSerializer::serializeFrame(Frame* frame)
{
Document* document = frame->document();
KURL url = document->url();
if (!url.isValid() || url.protocolIs("about")) {
// For blank frames we generate a fake URL so they can be referenced by their containing frame.
url = urlForBlankFrame(frame);
}
if (m_resourceURLs.contains(url)) {
// FIXME: We could have 2 frame with the same URL but which were dynamically changed and have now
// different content. So we should serialize both and somehow rename the frame src in the containing
// frame. Arg!
return;
}
Vector<Node*> nodes;
SerializerMarkupAccumulator accumulator(this, document, &nodes);
TextEncoding textEncoding(document->charset());
CString data;
if (!textEncoding.isValid()) {
// FIXME: iframes used as images trigger this. We should deal with them correctly.
return;
}
String text = accumulator.serializeNodes(document->documentElement(), 0, IncludeNode);
CString frameHTML = textEncoding.encode(text.characters(), text.length(), EntitiesForUnencodables);
m_resources->append(Resource(url, document->suggestedMIMEType(), SharedBuffer::create(frameHTML.data(), frameHTML.length())));
m_resourceURLs.add(url);
for (Vector<Node*>::iterator iter = nodes.begin(); iter != nodes.end(); ++iter) {
Node* node = *iter;
if (!node->isElementNode())
continue;
Element* element = toElement(node);
// We have to process in-line style as it might contain some resources (typically background images).
if (element->isStyledElement())
retrieveResourcesForProperties(static_cast<StyledElement*>(element)->inlineStyle(), document);
if (element->hasTagName(HTMLNames::imgTag)) {
HTMLImageElement* imageElement = static_cast<HTMLImageElement*>(element);
KURL url = document->completeURL(imageElement->getAttribute(HTMLNames::srcAttr));
CachedImage* cachedImage = imageElement->cachedImage();
addImageToResources(cachedImage, imageElement->renderer(), url);
} else if (element->hasTagName(HTMLNames::linkTag)) {
HTMLLinkElement* linkElement = static_cast<HTMLLinkElement*>(element);
if (CSSStyleSheet* sheet = linkElement->sheet()) {
KURL url = document->completeURL(linkElement->getAttribute(HTMLNames::hrefAttr));
serializeCSSStyleSheet(sheet, url);
ASSERT(m_resourceURLs.contains(url));
}
} else if (element->hasTagName(HTMLNames::styleTag)) {
HTMLStyleElement* styleElement = static_cast<HTMLStyleElement*>(element);
if (CSSStyleSheet* sheet = styleElement->sheet())
serializeCSSStyleSheet(sheet, KURL());
}
}
for (Frame* childFrame = frame->tree()->firstChild(); childFrame; childFrame = childFrame->tree()->nextSibling())
serializeFrame(childFrame);
}
PassRefPtrWillBeRawPtr<Document> DOMParser::parseFromString(const String& str, const String& type)
{
RefPtrWillBeRawPtr<Document> doc = DOMImplementation::createDocument(type, DocumentInit(KURL(), nullptr, m_contextDocument), false);
doc->setContent(str);
return doc.release();
}
void SetUp() override {
m_pageHolder = DummyPageHolder::create(IntSize(800, 600));
m_pageHolder->document().setURL(KURL(KURL(), "https://example.com"));
m_performance = Performance::create(&m_pageHolder->frame());
}