// source = scheme ":" // / ( [ scheme "://" ] host [ port ] [ path ] ) // / "'self'" bool CSPSourceList::parseSource(const UChar* begin, const UChar* end, String& scheme, String& host, int& port, String& path, CSPSource::WildcardDisposition& hostWildcard, CSPSource::WildcardDisposition& portWildcard) { if (begin == end) return false; if (equalIgnoringCase("'none'", begin, end - begin)) return false; if (end - begin == 1 && *begin == '*') { addSourceStar(); return true; } if (equalIgnoringCase("'self'", begin, end - begin)) { addSourceSelf(); return true; } if (equalIgnoringCase("'unsafe-inline'", begin, end - begin)) { addSourceUnsafeInline(); return true; } if (equalIgnoringCase("'unsafe-eval'", begin, end - begin)) { addSourceUnsafeEval(); return true; } String nonce; if (!parseNonce(begin, end, nonce)) return false; if (!nonce.isNull()) { addSourceNonce(nonce); return true; } DigestValue hash; ContentSecurityPolicyHashAlgorithm algorithm = ContentSecurityPolicyHashAlgorithmNone; if (!parseHash(begin, end, hash, algorithm)) return false; if (hash.size() > 0) { addSourceHash(algorithm, hash); return true; } const UChar* position = begin; const UChar* beginHost = begin; const UChar* beginPath = end; const UChar* beginPort = 0; skipWhile<UChar, isNotColonOrSlash>(position, end); if (position == end) { // host // ^ return parseHost(beginHost, position, host, hostWildcard); } if (position < end && *position == '/') { // host/path || host/ || / // ^ ^ ^ return parseHost(beginHost, position, host, hostWildcard) && parsePath(position, end, path); } if (position < end && *position == ':') { if (end - position == 1) { // scheme: // ^ return parseScheme(begin, position, scheme); } if (position[1] == '/') { // scheme://host || scheme:// // ^ ^ if (!parseScheme(begin, position, scheme) || !skipExactly<UChar>(position, end, ':') || !skipExactly<UChar>(position, end, '/') || !skipExactly<UChar>(position, end, '/')) return false; if (position == end) return false; beginHost = position; skipWhile<UChar, isNotColonOrSlash>(position, end); } if (position < end && *position == ':') { // host:port || scheme://host:port // ^ ^ beginPort = position; skipUntil<UChar>(position, end, '/'); } } if (position < end && *position == '/') { // scheme://host/path || scheme://host:port/path // ^ ^ if (position == beginHost) return false; beginPath = position; } if (!parseHost(beginHost, beginPort ? beginPort : beginPath, host, hostWildcard)) return false; if (beginPort) { if (!parsePort(beginPort, beginPath, port, portWildcard)) return false; } else { port = 0; } if (beginPath != end) { if (!parsePath(beginPath, end, path)) return false; } return true; }
static bool equal(const AtomicString& key, const char* cString) { return equalIgnoringCase(key, cString); }
bool HTMLElement::draggable() const { return equalIgnoringCase(getAttribute(draggableAttr), "true"); }
void MainResourceLoader::continueAfterContentPolicy(PolicyAction contentPolicy, const ResourceResponse& r) { KURL url = request().url(); const String& mimeType = r.mimeType(); switch (contentPolicy) { case PolicyUse: { // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255). bool isRemoteWebArchive = (equalIgnoringCase("application/x-webarchive", mimeType) #if PLATFORM(GTK) || equalIgnoringCase("message/rfc822", mimeType) #endif || equalIgnoringCase("multipart/related", mimeType)) && !m_substituteData.isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(url.protocol()); if (!frameLoader()->client()->canShowMIMEType(mimeType) || isRemoteWebArchive) { frameLoader()->policyChecker()->cannotShowMIMEType(r); // Check reachedTerminalState since the load may have already been canceled inside of _handleUnimplementablePolicyWithErrorCode::. stopLoadingForPolicyChange(); return; } break; } case PolicyDownload: { // m_resource can be null, e.g. when loading a substitute resource from application cache. if (!m_resource) { receivedError(frameLoader()->client()->cannotShowURLError(request())); return; } InspectorInstrumentation::continueWithPolicyDownload(m_documentLoader->frame(), documentLoader(), identifier(), r); // When starting the request, we didn't know that it would result in download and not navigation. Now we know that main document URL didn't change. // Download may use this knowledge for purposes unrelated to cookies, notably for setting file quarantine data. ResourceRequest request = this->request(); frameLoader()->setOriginalURLForDownloadRequest(request); frameLoader()->client()->convertMainResourceLoadToDownload(this, request, r); // It might have gone missing if (loader()) loader()->didFail(interruptedForPolicyChangeError()); return; } case PolicyIgnore: InspectorInstrumentation::continueWithPolicyIgnore(m_documentLoader->frame(), documentLoader(), identifier(), r); stopLoadingForPolicyChange(); return; default: ASSERT_NOT_REACHED(); } RefPtr<MainResourceLoader> protect(this); if (r.isHTTP()) { int status = r.httpStatusCode(); if (status < 200 || status >= 300) { bool hostedByObject = frameLoader()->isHostedByObjectElement(); frameLoader()->handleFallbackContent(); // object elements are no longer rendered after we fallback, so don't // keep trying to process data from their load if (hostedByObject) cancel(); } } if (!m_documentLoader->isStopping() && m_substituteData.isValid()) { if (m_substituteData.content()->size()) dataReceived(0, m_substituteData.content()->data(), m_substituteData.content()->size()); if (m_documentLoader->isLoadingMainResource()) didFinishLoading(0); } }
// FIXME: This function should not deal with url or serviceType! void HTMLObjectElement::parametersForPlugin(Vector<String>& paramNames, Vector<String>& paramValues, String& url, String& serviceType) { HashSet<StringImpl*, CaseFoldingHash> uniqueParamNames; String urlParameter; // Scan the PARAM children and store their name/value pairs. // Get the URL and type from the params if we don't already have them. for (Node* child = firstChild(); child; child = child->nextSibling()) { if (!child->hasTagName(paramTag)) continue; HTMLParamElement* p = static_cast<HTMLParamElement*>(child); String name = p->name(); if (name.isEmpty()) continue; uniqueParamNames.add(name.impl()); paramNames.append(p->name()); paramValues.append(p->value()); // FIXME: url adjustment does not belong in this function. if (url.isEmpty() && urlParameter.isEmpty() && (equalIgnoringCase(name, "src") || equalIgnoringCase(name, "movie") || equalIgnoringCase(name, "code") || equalIgnoringCase(name, "url"))) urlParameter = stripLeadingAndTrailingHTMLSpaces(p->value()); // FIXME: serviceType calculation does not belong in this function. if (serviceType.isEmpty() && equalIgnoringCase(name, "type")) { serviceType = p->value(); size_t pos = serviceType.find(";"); if (pos != notFound) serviceType = serviceType.left(pos); } } // When OBJECT is used for an applet via Sun's Java plugin, the CODEBASE attribute in the tag // points to the Java plugin itself (an ActiveX component) while the actual applet CODEBASE is // in a PARAM tag. See <http://java.sun.com/products/plugin/1.2/docs/tags.html>. This means // we have to explicitly suppress the tag's CODEBASE attribute if there is none in a PARAM, // else our Java plugin will misinterpret it. [4004531] String codebase; if (MIMETypeRegistry::isJavaAppletMIMEType(serviceType)) { codebase = "codebase"; uniqueParamNames.add(codebase.impl()); // pretend we found it in a PARAM already } // Turn the attributes of the <object> element into arrays, but don't override <param> values. NamedNodeMap* attributes = this->attributes(true); if (attributes) { for (unsigned i = 0; i < attributes->length(); ++i) { Attribute* it = attributes->attributeItem(i); const AtomicString& name = it->name().localName(); if (!uniqueParamNames.contains(name.impl())) { paramNames.append(name.string()); paramValues.append(it->value().string()); } } } mapDataParamToSrc(¶mNames, ¶mValues); // HTML5 says that an object resource's URL is specified by the object's data // attribute, not by a param element. However, for compatibility, allow the // resource's URL to be given by a param named "src", "movie", "code" or "url" // if we know that resource points to a plug-in. if (url.isEmpty() && !urlParameter.isEmpty()) { SubframeLoader* loader = document()->frame()->loader()->subframeLoader(); if (loader->resourceWillUsePlugin(urlParameter, serviceType)) url = urlParameter; } }
bool FontCustomPlatformData::supportsFormat(const String& format) { return equalIgnoringCase(format, "truetype") || equalIgnoringCase(format, "opentype") || equalIgnoringCase(format, "woff"); }
bool XMLHttpRequest::isAllowedHTTPMethod(const String& method) { return !equalIgnoringCase(method, "TRACE") && !equalIgnoringCase(method, "TRACK") && !equalIgnoringCase(method, "CONNECT"); }
void MainResourceLoader::continueAfterContentPolicy(PolicyAction contentPolicy, const ResourceResponse& r) { KURL url = request().url(); const String& mimeType = r.mimeType(); switch (contentPolicy) { case PolicyUse: { // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255). bool isRemoteWebArchive = equalIgnoringCase("application/x-webarchive", mimeType) && !m_substituteData.isValid() && !url.isLocalFile(); if (!frameLoader()->canShowMIMEType(mimeType) || isRemoteWebArchive) { frameLoader()->policyChecker()->cannotShowMIMEType(r); // Check reachedTerminalState since the load may have already been cancelled inside of _handleUnimplementablePolicyWithErrorCode::. if (!reachedTerminalState()) stopLoadingForPolicyChange(); return; } break; } case PolicyDownload: // m_handle can be null, e.g. when loading a substitute resource from application cache. if (!m_handle) { receivedError(cannotShowURLError()); return; } frameLoader()->client()->download(m_handle.get(), request(), m_handle.get()->request(), r); // It might have gone missing if (frameLoader()) receivedError(interruptionForPolicyChangeError()); return; case PolicyIgnore: stopLoadingForPolicyChange(); return; default: ASSERT_NOT_REACHED(); } RefPtr<MainResourceLoader> protect(this); if (r.isHTTP()) { int status = r.httpStatusCode(); if (status < 200 || status >= 300) { bool hostedByObject = frameLoader()->isHostedByObjectElement(); frameLoader()->handleFallbackContent(); // object elements are no longer rendered after we fallback, so don't // keep trying to process data from their load if (hostedByObject) cancel(); } } // we may have cancelled this load as part of switching to fallback content if (!reachedTerminalState()) ResourceLoader::didReceiveResponse(r); if (frameLoader() && !frameLoader()->isStopping()) { if (m_substituteData.isValid()) { if (m_substituteData.content()->size()) didReceiveData(m_substituteData.content()->data(), m_substituteData.content()->size(), m_substituteData.content()->size(), true); if (frameLoader() && !frameLoader()->isStopping()) didFinishLoading(); } else if (shouldLoadAsEmptyDocument(url) || frameLoader()->representationExistsForURLScheme(url.protocol())) didFinishLoading(); } }
void FetchRequest::setCrossOriginAccessControl(SecurityOrigin* origin, const AtomicString& crossOriginMode) { setCrossOriginAccessControl(origin, equalIgnoringCase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials); }
static bool shouldLoadAsEmptyDocument(const KURL& url) { return url.isEmpty() || equalIgnoringCase(String(url.protocol()), "about"); }
void ImageLoader::updateFromElement() { // If we're not making renderers for the page, then don't load images. We don't want to slow // down the raw HTML parsing case by loading images we don't intend to display. Document& document = element().document(); if (!document.hasLivingRenderTree()) return; AtomicString attr = element().imageSourceURL(); if (attr == m_failedLoadURL) return; // Do not load any image if the 'src' attribute is missing or if it is // an empty string. CachedResourceHandle<CachedImage> newImage = 0; if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) { CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr)))); request.setInitiator(&element()); String crossOriginMode = element().fastGetAttribute(HTMLNames::crossoriginAttr); if (!crossOriginMode.isNull()) { StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials; updateRequestForAccessControl(request.mutableResourceRequest(), document.securityOrigin(), allowCredentials); } if (m_loadManually) { bool autoLoadOtherImages = document.cachedResourceLoader()->autoLoadImages(); document.cachedResourceLoader()->setAutoLoadImages(false); newImage = new CachedImage(request.resourceRequest(), m_element.document().page()->sessionID()); newImage->setLoading(true); newImage->setOwningCachedResourceLoader(document.cachedResourceLoader()); document.cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage.get()); document.cachedResourceLoader()->setAutoLoadImages(autoLoadOtherImages); } else newImage = document.cachedResourceLoader()->requestImage(request); // If we do not have an image here, it means that a cross-site // violation occurred, or that the image was blocked via Content // Security Policy, or the page is being dismissed. Trigger an // error event if the page is not being dismissed. if (!newImage && !pageIsBeingDismissed(document)) { m_failedLoadURL = attr; m_hasPendingErrorEvent = true; errorEventSender().dispatchEventSoon(*this); } else clearFailedLoadURL(); } else if (!attr.isNull()) { // Fire an error event if the url is empty. m_failedLoadURL = attr; m_hasPendingErrorEvent = true; errorEventSender().dispatchEventSoon(*this); } CachedImage* oldImage = m_image.get(); if (newImage != oldImage) { if (m_hasPendingBeforeLoadEvent) { beforeLoadEventSender().cancelEvent(*this); m_hasPendingBeforeLoadEvent = false; } if (m_hasPendingLoadEvent) { loadEventSender().cancelEvent(*this); m_hasPendingLoadEvent = false; } // Cancel error events that belong to the previous load, which is now cancelled by changing the src attribute. // If newImage is null and m_hasPendingErrorEvent is true, we know the error event has been just posted by // this load and we should not cancel the event. // FIXME: If both previous load and this one got blocked with an error, we can receive one error event instead of two. if (m_hasPendingErrorEvent && newImage) { errorEventSender().cancelEvent(*this); m_hasPendingErrorEvent = false; } m_image = newImage; m_hasPendingBeforeLoadEvent = !document.isImageDocument() && newImage; m_hasPendingLoadEvent = newImage; m_imageComplete = !newImage; if (newImage) { if (!document.isImageDocument()) { if (!document.hasListenerType(Document::BEFORELOAD_LISTENER)) dispatchPendingBeforeLoadEvent(); else beforeLoadEventSender().dispatchEventSoon(*this); } else updateRenderer(); // If newImage is cached, addClient() will result in the load event // being queued to fire. Ensure this happens after beforeload is // dispatched. newImage->addClient(this); } if (oldImage) oldImage->removeClient(this); } if (RenderImageResource* imageResource = renderImageResource()) imageResource->resetAnimation(); // Only consider updating the protection ref-count of the Element immediately before returning // from this function as doing so might result in the destruction of this ImageLoader. updatedHasPendingEvent(); }
void DOMSelection::modify(const String& alterString, const String& directionString, const String& granularityString) { if (!m_frame) return; FrameSelection::EAlteration alter; if (equalIgnoringCase(alterString, "extend")) alter = FrameSelection::AlterationExtend; else if (equalIgnoringCase(alterString, "move")) alter = FrameSelection::AlterationMove; else return; SelectionDirection direction; if (equalIgnoringCase(directionString, "forward")) direction = DirectionForward; else if (equalIgnoringCase(directionString, "backward")) direction = DirectionBackward; else if (equalIgnoringCase(directionString, "left")) direction = DirectionLeft; else if (equalIgnoringCase(directionString, "right")) direction = DirectionRight; else return; TextGranularity granularity; if (equalIgnoringCase(granularityString, "character")) granularity = CharacterGranularity; else if (equalIgnoringCase(granularityString, "word")) granularity = WordGranularity; else if (equalIgnoringCase(granularityString, "sentence")) granularity = SentenceGranularity; else if (equalIgnoringCase(granularityString, "line")) granularity = LineGranularity; else if (equalIgnoringCase(granularityString, "paragraph")) granularity = ParagraphGranularity; else if (equalIgnoringCase(granularityString, "lineboundary")) granularity = LineBoundary; else if (equalIgnoringCase(granularityString, "sentenceboundary")) granularity = SentenceBoundary; else if (equalIgnoringCase(granularityString, "paragraphboundary")) granularity = ParagraphBoundary; else if (equalIgnoringCase(granularityString, "documentboundary")) granularity = DocumentBoundary; else return; m_frame->selection()->modify(alter, direction, granularity); }
bool WebSocketHandshake::checkResponseHeaders() { const String& serverWebSocketLocation = this->serverWebSocketLocation(); const String& serverWebSocketOrigin = this->serverWebSocketOrigin(); const String& serverWebSocketProtocol = this->serverWebSocketProtocol(); const String& serverUpgrade = this->serverUpgrade(); const String& serverConnection = this->serverConnection(); const String& serverWebSocketAccept = this->serverWebSocketAccept(); if (serverUpgrade.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Upgrade' header is missing"; return false; } if (serverConnection.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Connection' header is missing"; return false; } if (m_useHixie76Protocol) { if (serverWebSocketOrigin.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Origin' header is missing"; return false; } if (serverWebSocketLocation.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Location' header is missing"; return false; } } else { if (serverWebSocketAccept.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Accept' header is missing"; return false; } } if (!equalIgnoringCase(serverUpgrade, "websocket")) { m_failureReason = "Error during WebSocket handshake: 'Upgrade' header value is not 'WebSocket'"; return false; } if (!equalIgnoringCase(serverConnection, "upgrade")) { m_failureReason = "Error during WebSocket handshake: 'Connection' header value is not 'Upgrade'"; return false; } if (m_useHixie76Protocol) { if (clientOrigin() != serverWebSocketOrigin) { m_failureReason = "Error during WebSocket handshake: origin mismatch: " + clientOrigin() + " != " + serverWebSocketOrigin; return false; } if (clientLocation() != serverWebSocketLocation) { m_failureReason = "Error during WebSocket handshake: location mismatch: " + clientLocation() + " != " + serverWebSocketLocation; return false; } if (!m_clientProtocol.isEmpty() && m_clientProtocol != serverWebSocketProtocol) { m_failureReason = "Error during WebSocket handshake: protocol mismatch: " + m_clientProtocol + " != " + serverWebSocketProtocol; return false; } } else { if (serverWebSocketAccept != m_expectedAccept) { m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Accept mismatch"; return false; } } return true; }
const char* WebSocketHandshake::readHTTPHeaders(const char* start, const char* end) { m_response.clearHeaderFields(); Vector<char> name; Vector<char> value; bool sawSecWebSocketAcceptHeaderField = false; for (const char* p = start; p < end; p++) { name.clear(); value.clear(); for (; p < end; p++) { switch (*p) { case '\r': if (name.isEmpty()) { if (p + 1 < end && *(p + 1) == '\n') return p + 2; m_failureReason = "CR doesn't follow LF at " + trimConsoleMessage(p, end - p); return 0; } m_failureReason = "Unexpected CR in name at " + trimConsoleMessage(name.data(), name.size()); return 0; case '\n': m_failureReason = "Unexpected LF in name at " + trimConsoleMessage(name.data(), name.size()); return 0; case ':': break; default: name.append(*p); continue; } if (*p == ':') { ++p; break; } } for (; p < end && *p == 0x20; p++) { } for (; p < end; p++) { switch (*p) { case '\r': break; case '\n': m_failureReason = "Unexpected LF in value at " + trimConsoleMessage(value.data(), value.size()); return 0; default: value.append(*p); } if (*p == '\r') { ++p; break; } } if (p >= end || *p != '\n') { m_failureReason = "CR doesn't follow LF after value at " + trimConsoleMessage(p, end - p); return 0; } AtomicString nameStr = AtomicString::fromUTF8(name.data(), name.size()); String valueStr = String::fromUTF8(value.data(), value.size()); if (nameStr.isNull()) { m_failureReason = "Invalid UTF-8 sequence in header name"; return 0; } if (valueStr.isNull()) { m_failureReason = "Invalid UTF-8 sequence in header value"; return 0; } LOG(Network, "name=%s value=%s", nameStr.string().utf8().data(), valueStr.utf8().data()); // Sec-WebSocket-Extensions may be split. We parse and check the // header value every time the header appears. if (equalIgnoringCase("sec-websocket-extensions", nameStr)) { if (!m_extensionDispatcher.processHeaderValue(valueStr)) { m_failureReason = m_extensionDispatcher.failureReason(); return 0; } } else if (equalIgnoringCase("Sec-WebSocket-Accept", nameStr)) { if (sawSecWebSocketAcceptHeaderField) { m_failureReason = "The Sec-WebSocket-Accept header MUST NOT appear more than once in an HTTP response"; return 0; } m_response.addHeaderField(nameStr, valueStr); sawSecWebSocketAcceptHeaderField = true; } else m_response.addHeaderField(nameStr, valueStr); } ASSERT_NOT_REACHED(); return 0; }
static bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name) { return equalIgnoringCase(name, "accept") || equalIgnoringCase(name, "accept-language") || equalIgnoringCase(name, "content-type"); }
void HTMLElement::parseMappedAttribute(MappedAttribute *attr) { if (attr->name() == idAttr || attr->name() == classAttr || attr->name() == styleAttr) return StyledElement::parseMappedAttribute(attr); String indexstring; if (attr->name() == alignAttr) { if (equalIgnoringCase(attr->value(), "middle")) addCSSProperty(attr, CSSPropertyTextAlign, "center"); else addCSSProperty(attr, CSSPropertyTextAlign, attr->value()); } else if (attr->name() == contenteditableAttr) { setContentEditable(attr); } else if (attr->name() == tabindexAttr) { indexstring = getAttribute(tabindexAttr); if (indexstring.length()) { bool parsedOK; int tabindex = indexstring.toIntStrict(&parsedOK); if (parsedOK) // Clamp tabindex to the range of 'short' to match Firefox's behavior. setTabIndexExplicitly(max(static_cast<int>(std::numeric_limits<short>::min()), min(tabindex, static_cast<int>(std::numeric_limits<short>::max())))); } } else if (attr->name() == langAttr) { // FIXME: Implement } else if (attr->name() == dirAttr) { addCSSProperty(attr, CSSPropertyDirection, attr->value()); addCSSProperty(attr, CSSPropertyUnicodeBidi, hasLocalName(bdoTag) ? CSSValueBidiOverride : CSSValueEmbed); } // standard events else if (attr->name() == onclickAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().clickEvent, attr); } else if (attr->name() == oncontextmenuAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().contextmenuEvent, attr); } else if (attr->name() == ondblclickAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dblclickEvent, attr); } else if (attr->name() == onmousedownAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().mousedownEvent, attr); } else if (attr->name() == onmousemoveAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().mousemoveEvent, attr); } else if (attr->name() == onmouseoutAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().mouseoutEvent, attr); } else if (attr->name() == onmouseoverAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().mouseoverEvent, attr); } else if (attr->name() == onmouseupAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().mouseupEvent, attr); } else if (attr->name() == onmousewheelAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().mousewheelEvent, attr); } else if (attr->name() == onfocusAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().focusEvent, attr); } else if (attr->name() == onblurAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().blurEvent, attr); } else if (attr->name() == onkeydownAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().keydownEvent, attr); } else if (attr->name() == onkeypressAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().keypressEvent, attr); } else if (attr->name() == onkeyupAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().keyupEvent, attr); } else if (attr->name() == onscrollAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().scrollEvent, attr); } else if (attr->name() == onbeforecutAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().beforecutEvent, attr); } else if (attr->name() == oncutAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().cutEvent, attr); } else if (attr->name() == onbeforecopyAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().beforecopyEvent, attr); } else if (attr->name() == oncopyAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().copyEvent, attr); } else if (attr->name() == onbeforepasteAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().beforepasteEvent, attr); } else if (attr->name() == onpasteAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().pasteEvent, attr); } else if (attr->name() == ondragenterAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dragenterEvent, attr); } else if (attr->name() == ondragoverAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dragoverEvent, attr); } else if (attr->name() == ondragleaveAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dragleaveEvent, attr); } else if (attr->name() == ondropAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dropEvent, attr); } else if (attr->name() == ondragstartAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dragstartEvent, attr); } else if (attr->name() == ondragAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dragEvent, attr); } else if (attr->name() == ondragendAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().dragendEvent, attr); } else if (attr->name() == onselectstartAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().selectstartEvent, attr); } else if (attr->name() == onsubmitAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().submitEvent, attr); } else if (attr->name() == onerrorAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().errorEvent, attr); } else if (attr->name() == onwebkitanimationstartAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().webkitAnimationStartEvent, attr); } else if (attr->name() == onwebkitanimationiterationAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().webkitAnimationIterationEvent, attr); } else if (attr->name() == onwebkitanimationendAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().webkitAnimationEndEvent, attr); } else if (attr->name() == onwebkittransitionendAttr) { setInlineEventListenerForTypeAndAttribute(eventNames().webkitTransitionEndEvent, attr); } }
WTFLogChannel* getChannelFromName(const String& channelName) { if (!(channelName.length() >= 2)) return 0; if (equalIgnoringCase(channelName, String("BackForward"))) return &LogBackForward; if (equalIgnoringCase(channelName, String("Editing"))) return &LogEditing; if (equalIgnoringCase(channelName, String("Events"))) return &LogEvents; if (equalIgnoringCase(channelName, String("Frames"))) return &LogFrames; if (equalIgnoringCase(channelName, String("FTP"))) return &LogFTP; if (equalIgnoringCase(channelName, String("History"))) return &LogHistory; if (equalIgnoringCase(channelName, String("IconDatabase"))) return &LogIconDatabase; if (equalIgnoringCase(channelName, String("Loading"))) return &LogLoading; if (equalIgnoringCase(channelName, String("Media"))) return &LogMedia; if (equalIgnoringCase(channelName, String("Network"))) return &LogNetwork; if (equalIgnoringCase(channelName, String("NotYetImplemented"))) return &LogNotYetImplemented; if (equalIgnoringCase(channelName, String("PlatformLeaks"))) return &LogPlatformLeaks; if (equalIgnoringCase(channelName, String("ResourceLoading"))) return &LogResourceLoading; if (equalIgnoringCase(channelName, String("Plugins"))) return &LogPlugins; if (equalIgnoringCase(channelName, String("PopupBlocking"))) return &LogPopupBlocking; if (equalIgnoringCase(channelName, String("Progress"))) return &LogProgress; if (equalIgnoringCase(channelName, String("SpellingAndGrammar"))) return &LogSpellingAndGrammar; if (equalIgnoringCase(channelName, String("SQLDatabase"))) return &LogSQLDatabase; if (equalIgnoringCase(channelName, String("StorageAPI"))) return &LogStorageAPI; if (equalIgnoringCase(channelName, String("LiveConnect"))) return &LogLiveConnect; if (equalIgnoringCase(channelName, String("Threading"))) return &LogThreading; if (equalIgnoringCase(channelName, String("FileAPI"))) return &LogFileAPI; if (equalIgnoringCase(channelName, String("WebAudio"))) return &LogWebAudio; if (equalIgnoringCase(channelName, String("Compositing"))) return &LogCompositing; if (equalIgnoringCase(channelName, String("Gamepad"))) return &LogGamepad; if (equalIgnoringCase(channelName, String("ScriptedAnimationController"))) return &LogScriptedAnimationController; if (equalIgnoringCase(channelName, String("Timers"))) return &LogTimers; return 0; }
// static bool WebFontDecoder::supportsFormat(const String& format) { return equalIgnoringCase(format, "woff") || equalIgnoringCase(format, "woff2"); }
bool NetscapePlugin::initialize(const Parameters& parameters) { uint16_t mode = parameters.isFullFramePlugin ? NP_FULL : NP_EMBED; m_shouldUseManualLoader = parameters.shouldUseManualLoader; CString mimeTypeCString = parameters.mimeType.utf8(); ASSERT(parameters.names.size() == parameters.values.size()); Vector<CString> paramNames; Vector<CString> paramValues; for (size_t i = 0; i < parameters.names.size(); ++i) { String parameterName = parameters.names[i]; #if PLUGIN_ARCHITECTURE(MAC) if (m_pluginModule->pluginQuirks().contains(PluginQuirks::WantsLowercaseParameterNames)) parameterName = parameterName.lower(); #endif paramNames.append(parameterName.utf8()); paramValues.append(parameters.values[i].utf8()); } // The strings that these pointers point to are kept alive by paramNames and paramValues. Vector<const char*> names; Vector<const char*> values; for (size_t i = 0; i < paramNames.size(); ++i) { names.append(paramNames[i].data()); values.append(paramValues[i].data()); } #if PLUGIN_ARCHITECTURE(MAC) if (m_pluginModule->pluginQuirks().contains(PluginQuirks::MakeOpaqueUnlessTransparentSilverlightBackgroundAttributeExists)) { for (size_t i = 0; i < parameters.names.size(); ++i) { if (equalIgnoringCase(parameters.names[i], "background")) { setIsTransparent(isTransparentSilverlightBackgroundValue(parameters.values[i].lower())); break; } } } m_layerHostingMode = parameters.layerHostingMode; #endif platformPreInitialize(); NetscapePlugin* previousNPPNewPlugin = currentNPPNewPlugin; m_inNPPNew = true; currentNPPNewPlugin = this; NPError error = NPP_New(const_cast<char*>(mimeTypeCString.data()), mode, names.size(), const_cast<char**>(names.data()), const_cast<char**>(values.data()), 0); m_inNPPNew = false; currentNPPNewPlugin = previousNPPNewPlugin; if (error != NPERR_NO_ERROR) return false; m_isStarted = true; // FIXME: This is not correct in all cases. m_npWindow.type = NPWindowTypeDrawable; if (!platformPostInitialize()) { destroy(); return false; } // Load the src URL if needed. if (!parameters.shouldUseManualLoader && !parameters.url.isEmpty() && shouldLoadSrcURL()) loadURL("GET", parameters.url.string(), String(), HTTPHeaderMap(), Vector<uint8_t>(), false, 0); return true; }
static inline bool isValidDirAttribute(const AtomicString& value) { return equalIgnoringCase(value, "auto") || equalIgnoringCase(value, "ltr") || equalIgnoringCase(value, "rtl"); }
String XMLHttpRequest::uppercaseKnownHTTPMethod(const String& method) { if (equalIgnoringCase(method, "COPY") || equalIgnoringCase(method, "DELETE") || equalIgnoringCase(method, "GET") || equalIgnoringCase(method, "HEAD") || equalIgnoringCase(method, "INDEX") || equalIgnoringCase(method, "LOCK") || equalIgnoringCase(method, "M-POST") || equalIgnoringCase(method, "MKCOL") || equalIgnoringCase(method, "MOVE") || equalIgnoringCase(method, "OPTIONS") || equalIgnoringCase(method, "POST") || equalIgnoringCase(method, "PROPFIND") || equalIgnoringCase(method, "PROPPATCH") || equalIgnoringCase(method, "PUT") || equalIgnoringCase(method, "UNLOCK")) { return method.upper(); } return method; }
bool operator==(const FontPlatformDataCacheKey& other) const { return equalIgnoringCase(m_family, other.m_family) && m_fontDescriptionKey == other.m_fontDescriptionKey; }
void CookieManager::getRawCookies(Vector<ParsedCookie*> &stackOfCookies, const KURL& requestURL, CookieFilter filter) const { CookieLog("CookieManager - getRawCookies - processing url with domain - %s & protocol: %s & path: %s\n", requestURL.host().utf8().data(), requestURL.protocol().utf8().data(), requestURL.path().utf8().data()); const bool invalidScheme = shouldIgnoreScheme(requestURL.protocol()); const bool specialCaseForWebWorks = invalidScheme && m_shouldDumpAllCookies; const bool isConnectionSecure = requestURL.protocolIs("https") || requestURL.protocolIs("wss") || specialCaseForWebWorks; Vector<ParsedCookie*> cookieCandidates; Vector<CookieMap*> protocolsToSearch; // Special Case: If a server sets a "secure" cookie over a non-secure channel and tries to access the cookie // over a secure channel, it will not succeed because the secure protocol isn't mapped to the insecure protocol yet. // Set the map to the non-secure version, so it'll search the mapping for a secure cookie. CookieMap* targetMap = m_managerMap.get(requestURL.protocol()); if (!targetMap && isConnectionSecure) { CookieLog("CookieManager - special case: secure protocol are not linked yet."); if (requestURL.protocolIs("https")) targetMap = m_managerMap.get("http"); else if (requestURL.protocolIs("wss")) targetMap = m_managerMap.get("ws"); } // Decide which scheme tree we should look at. // Return on invalid schemes. cookies are currently disabled on file and local. // We only want to enable them for WebWorks that enabled a special flag. if (specialCaseForWebWorks) copyValuesToVector(m_managerMap, protocolsToSearch); else if (invalidScheme) return; else { protocolsToSearch.append(targetMap); // FIXME: this is a hack for webworks apps; RFC 6265 says "Cookies do not provide isolation by scheme" // so we should not be checking protocols at all. See PR 135595 if (m_shouldDumpAllCookies) { protocolsToSearch.append(m_managerMap.get("file")); protocolsToSearch.append(m_managerMap.get("local")); } } Vector<String> delimitedHost; // IP addresses are stored in a particular format (due to ipv6). Reduce the ip address so we can match // it with the one in memory. string canonicalIP = BlackBerry::Platform::getCanonicalIPFormat(requestURL.host().utf8().data()); if (!canonicalIP.empty()) delimitedHost.append(String(canonicalIP.c_str())); else requestURL.host().lower().split(".", true, delimitedHost); // Go through all the protocol trees that we need to search for // and get all cookies that are valid for this domain for (size_t k = 0; k < protocolsToSearch.size(); k++) { CookieMap* currentMap = protocolsToSearch[k]; // if no cookies exist for this protocol, break right away if (!currentMap) continue; CookieLog("CookieManager - looking at protocol map %s \n", currentMap->getName().utf8().data()); // Special case for local and files - because WebApps expect to get ALL cookies from the backing-store on local protocol if (specialCaseForWebWorks) { CookieLog("CookieManager - special case find in protocol map - %s\n", currentMap->getName().utf8().data()); currentMap->getAllChildCookies(&cookieCandidates); } else { // Get cookies from the null domain map currentMap->getAllCookies(&cookieCandidates); // Get cookies from the valid domain maps int i = delimitedHost.size() - 1; while (i >= 0) { CookieLog("CookieManager - finding %s in currentmap\n", delimitedHost[i].utf8().data()); currentMap = currentMap->getSubdomainMap(delimitedHost[i]); // if this subdomain/domain does not exist in our mapping then we simply exit if (!currentMap) { CookieLog("CookieManager - cannot find next map exiting the while loop.\n"); break; } CookieLog("CookieManager - found the map, grabbing cookies from this map\n"); currentMap->getAllCookies(&cookieCandidates); i--; } } } CookieLog("CookieManager - there are %d cookies in candidate\n", cookieCandidates.size()); for (size_t i = 0; i < cookieCandidates.size(); ++i) { ParsedCookie* cookie = cookieCandidates[i]; // According to the path-matches rules in RFC6265, section 5.1.4, // we should add a '/' at the end of cookie-path for comparison if the cookie-path is not end with '/'. String path = cookie->path(); CookieLog("CookieManager - comparing cookie path %s (len %d) to request path %s (len %d)", path.utf8().data(), path.length(), requestURL.path().utf8().data(), path.length()); if (!equalIgnoringCase(path, requestURL.path()) && !path.endsWith("/", false)) path = path + "/"; // Only secure connections have access to secure cookies. Unless specialCaseForWebWorks is true. // Get the cookies filtering out HttpOnly cookies if requested. if (requestURL.path().startsWith(path, false) && (isConnectionSecure || !cookie->isSecure()) && (filter == WithHttpOnlyCookies || !cookie->isHttpOnly())) { CookieLog("CookieManager - cookie chosen - %s\n", cookie->toString().utf8().data()); cookie->setLastAccessed(currentTime()); stackOfCookies.append(cookie); } } std::stable_sort(stackOfCookies.begin(), stackOfCookies.end(), cookieSorter); }
bool ResourceHandle::start(NetworkingContext* context) { if (firstRequest().url().isLocalFile() || firstRequest().url().protocolIsData()) { ref(); // balanced by deref in fileLoadTimer if (d->m_loadSynchronously) fileLoadTimer(0); else d->m_fileLoadTimer.startOneShot(0.0); return true; } if (!d->m_internetHandle) d->m_internetHandle = asynchronousInternetHandle(context->userAgent()); if (!d->m_internetHandle) return false; DWORD flags = INTERNET_FLAG_KEEP_CONNECTION | INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS | INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP | INTERNET_FLAG_DONT_CACHE | INTERNET_FLAG_RELOAD; d->m_connectHandle = InternetConnectW(d->m_internetHandle, firstRequest().url().host().charactersWithNullTermination(), firstRequest().url().port(), 0, 0, INTERNET_SERVICE_HTTP, flags, reinterpret_cast<DWORD_PTR>(this)); if (!d->m_connectHandle) return false; String urlStr = firstRequest().url().path(); String urlQuery = firstRequest().url().query(); if (!urlQuery.isEmpty()) { urlStr.append('?'); urlStr.append(urlQuery); } String httpMethod = firstRequest().httpMethod(); String httpReferrer = firstRequest().httpReferrer(); LPCWSTR httpAccept[] = { L"*/*", 0 }; d->m_requestHandle = HttpOpenRequestW(d->m_connectHandle, httpMethod.charactersWithNullTermination(), urlStr.charactersWithNullTermination(), 0, httpReferrer.charactersWithNullTermination(), httpAccept, flags, reinterpret_cast<DWORD_PTR>(this)); if (!d->m_requestHandle) { InternetCloseHandle(d->m_connectHandle); return false; } if (firstRequest().httpBody()) { firstRequest().httpBody()->flatten(d->m_formData); d->m_bytesRemainingToWrite = d->m_formData.size(); } Vector<UChar> httpHeaders; const HTTPHeaderMap& httpHeaderFields = firstRequest().httpHeaderFields(); for (HTTPHeaderMap::const_iterator it = httpHeaderFields.begin(); it != httpHeaderFields.end(); ++it) { if (equalIgnoringCase(it->first, "Accept") || equalIgnoringCase(it->first, "Referer") || equalIgnoringCase(it->first, "User-Agent")) continue; if (!httpHeaders.isEmpty()) httpHeaders.append('\n'); httpHeaders.append(it->first.characters(), it->first.length()); httpHeaders.append(':'); httpHeaders.append(it->second.characters(), it->second.length()); } INTERNET_BUFFERSW internetBuffers; ZeroMemory(&internetBuffers, sizeof(internetBuffers)); internetBuffers.dwStructSize = sizeof(internetBuffers); internetBuffers.lpcszHeader = httpHeaders.data(); internetBuffers.dwHeadersLength = httpHeaders.size(); internetBuffers.dwBufferTotal = d->m_bytesRemainingToWrite; HttpSendRequestExW(d->m_requestHandle, &internetBuffers, 0, 0, reinterpret_cast<DWORD_PTR>(this)); ref(); // balanced by deref in onRequestComplete if (d->m_loadSynchronously) while (onRequestComplete()) { // Loop until finished. } return true; }
static bool isDangerousHTTPEquiv(const String& value) { String equiv = value.stripWhiteSpace(); return equalIgnoringCase(equiv, "refresh") || equalIgnoringCase(equiv, "set-cookie"); }
bool operator==(const FontPlatformDataCacheKey& other) const { return equalIgnoringCase(m_family, other.m_family) && m_size == other.m_size && m_bold == other.m_bold && m_italic == other.m_italic; }
static inline bool equalIgnoringCase(const AtomicString& a, const SkString& b) { return equalIgnoringCase(a, AtomicString::fromUTF8(b.c_str())); }
// FIXME: This function should not deal with url or serviceType! void HTMLObjectElement::parametersForPlugin(Vector<String>& paramNames, Vector<String>& paramValues, String& url, String& serviceType) { HashSet<StringImpl*, CaseFoldingHash> uniqueParamNames; String urlParameter; // Scan the PARAM children and store their name/value pairs. // Get the URL and type from the params if we don't already have them. for (auto& param : childrenOfType<HTMLParamElement>(*this)) { String name = param.name(); if (name.isEmpty()) continue; uniqueParamNames.add(name.impl()); paramNames.append(param.name()); paramValues.append(param.value()); // FIXME: url adjustment does not belong in this function. if (url.isEmpty() && urlParameter.isEmpty() && (equalIgnoringCase(name, "src") || equalIgnoringCase(name, "movie") || equalIgnoringCase(name, "code") || equalIgnoringCase(name, "url"))) urlParameter = stripLeadingAndTrailingHTMLSpaces(param.value()); // FIXME: serviceType calculation does not belong in this function. if (serviceType.isEmpty() && equalIgnoringCase(name, "type")) { serviceType = param.value(); size_t pos = serviceType.find(";"); if (pos != notFound) serviceType = serviceType.left(pos); } } // When OBJECT is used for an applet via Sun's Java plugin, the CODEBASE attribute in the tag // points to the Java plugin itself (an ActiveX component) while the actual applet CODEBASE is // in a PARAM tag. See <http://java.sun.com/products/plugin/1.2/docs/tags.html>. This means // we have to explicitly suppress the tag's CODEBASE attribute if there is none in a PARAM, // else our Java plugin will misinterpret it. [4004531] String codebase; if (MIMETypeRegistry::isJavaAppletMIMEType(serviceType)) { codebase = "codebase"; uniqueParamNames.add(codebase.impl()); // pretend we found it in a PARAM already } // Turn the attributes of the <object> element into arrays, but don't override <param> values. if (hasAttributes()) { for (const Attribute& attribute : attributesIterator()) { const AtomicString& name = attribute.name().localName(); if (!uniqueParamNames.contains(name.impl())) { paramNames.append(name.string()); paramValues.append(attribute.value().string()); } } } mapDataParamToSrc(¶mNames, ¶mValues); // HTML5 says that an object resource's URL is specified by the object's data // attribute, not by a param element. However, for compatibility, allow the // resource's URL to be given by a param named "src", "movie", "code" or "url" // if we know that resource points to a plug-in. #if PLATFORM(IOS) if (shouldNotPerformURLAdjustment()) return; #endif if (url.isEmpty() && !urlParameter.isEmpty()) { SubframeLoader& loader = document().frame()->loader().subframeLoader(); if (loader.resourceWillUsePlugin(urlParameter, serviceType, shouldPreferPlugInsForImages())) url = urlParameter; } }
bool HTMLElement::hasDirectionAuto() const { const AtomicString& direction = fastGetAttribute(dirAttr); return (hasTagName(bdiTag) && direction == nullAtom) || equalIgnoringCase(direction, "auto"); }
void ImageLoader::updateFromElement() { // If we're not making renderers for the page, then don't load images. We don't want to slow // down the raw HTML parsing case by loading images we don't intend to display. Document* document = m_element->document(); if (!document->renderer()) return; AtomicString attr = m_element->getAttribute(m_element->imageSourceAttributeName()); if (attr == m_failedLoadURL) return; // Do not load any image if the 'src' attribute is missing or if it is // an empty string referring to a local file. The latter condition is // a quirk that preserves old behavior that Dashboard widgets // need (<rdar://problem/5994621>). CachedImage* newImage = 0; // CAPPFIX_WEB_IMG_SRC_NULL #if 1 if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) { #else if (!(attr.isNull() || (attr.isEmpty() && document->baseURI().isLocalFile()))) { #endif ResourceRequest request = ResourceRequest(document->completeURL(sourceURI(attr))); String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr); if (!crossOriginMode.isNull()) { bool allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials"); updateRequestForAccessControl(request, document->securityOrigin(), allowCredentials); } if (m_loadManually) { bool autoLoadOtherImages = document->cachedResourceLoader()->autoLoadImages(); document->cachedResourceLoader()->setAutoLoadImages(false); newImage = new CachedImage(request); newImage->setLoading(true); newImage->setOwningCachedResourceLoader(document->cachedResourceLoader()); document->cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage); document->cachedResourceLoader()->setAutoLoadImages(autoLoadOtherImages); } else newImage = document->cachedResourceLoader()->requestImage(request); // If we do not have an image here, it means that a cross-site // violation occurred. m_failedLoadURL = !newImage ? attr : AtomicString(); // CAPPFIX_WEB_IMG_SRC_NULL #if 1 } else if (!attr.isNull()) // Fire an error event if the url is empty. m_element->dispatchEvent(Event::create(eventNames().errorEvent, false, false)); #else } #endif CachedImage* oldImage = m_image.get(); if (newImage != oldImage) { if (!m_firedBeforeLoad) beforeLoadEventSender().cancelEvent(this); if (!m_firedLoad) loadEventSender().cancelEvent(this); m_image = newImage; m_firedBeforeLoad = !newImage; m_firedLoad = !newImage; m_imageComplete = !newImage; if (newImage) { newImage->addClient(this); if (!m_element->document()->hasListenerType(Document::BEFORELOAD_LISTENER)) dispatchPendingBeforeLoadEvent(); else beforeLoadEventSender().dispatchEventSoon(this); } if (oldImage) oldImage->removeClient(this); } if (RenderImageResource* imageResource = renderImageResource()) imageResource->resetAnimation(); }