1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // NOTE: based loosely on mozilla's nsDataChannel.cpp
6
7 #include "net/base/data_url.h"
8
9 #include "base/base64.h"
10 #include "base/containers/cxx20_erase.h"
11 #include "base/feature_list.h"
12 #include "base/features.h"
13 #include "base/ranges/algorithm.h"
14 #include "base/strings/escape.h"
15 #include "base/strings/string_piece.h"
16 #include "base/strings/string_split.h"
17 #include "base/strings/string_util.h"
18 #include "net/base/mime_util.h"
19 #include "net/http/http_response_headers.h"
20 #include "net/http/http_util.h"
21 #include "url/gurl.h"
22
23 namespace net {
24 namespace {
25
26 // https://infra.spec.whatwg.org/#ascii-whitespace, which is referenced by
27 // https://infra.spec.whatwg.org/#forgiving-base64, does not include \v in the
28 // set of ASCII whitespace characters the way Unicode does.
IsBase64Whitespace(char c)29 bool IsBase64Whitespace(char c) {
30 return c != '\v' && base::IsAsciiWhitespace(c);
31 }
32
33 // A data URL is ready for decode if it:
34 // - Doesn't need any extra padding.
35 // - Does not have any escaped characters.
36 // - Does not have any whitespace.
IsDataURLReadyForDecode(base::StringPiece body)37 bool IsDataURLReadyForDecode(base::StringPiece body) {
38 return (body.length() % 4) == 0 && base::ranges::none_of(body, [](char c) {
39 return c == '%' || IsBase64Whitespace(c);
40 });
41 }
42
43 } // namespace
44
Parse(const GURL & url,std::string * mime_type,std::string * charset,std::string * data)45 bool DataURL::Parse(const GURL& url,
46 std::string* mime_type,
47 std::string* charset,
48 std::string* data) {
49 if (!url.is_valid() || !url.has_scheme())
50 return false;
51
52 DCHECK(mime_type->empty());
53 DCHECK(charset->empty());
54 DCHECK(!data || data->empty());
55
56 base::StringPiece content;
57 std::string content_string;
58 if (base::FeatureList::IsEnabled(base::features::kOptimizeDataUrls)) {
59 // Avoid copying the URL content which can be expensive for large URLs.
60 content = url.GetContentPiece();
61 } else {
62 content_string = url.GetContent();
63 content = content_string;
64 }
65
66 base::StringPiece::const_iterator comma = base::ranges::find(content, ',');
67 if (comma == content.end())
68 return false;
69
70 std::vector<base::StringPiece> meta_data =
71 base::SplitStringPiece(base::MakeStringPiece(content.begin(), comma), ";",
72 base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
73
74 // These are moved to |mime_type| and |charset| on success.
75 std::string mime_type_value;
76 std::string charset_value;
77 auto iter = meta_data.cbegin();
78 if (iter != meta_data.cend()) {
79 mime_type_value = base::ToLowerASCII(*iter);
80 ++iter;
81 }
82
83 static constexpr base::StringPiece kBase64Tag("base64");
84 static constexpr base::StringPiece kCharsetTag("charset=");
85
86 bool base64_encoded = false;
87 for (; iter != meta_data.cend(); ++iter) {
88 if (!base64_encoded &&
89 base::EqualsCaseInsensitiveASCII(*iter, kBase64Tag)) {
90 base64_encoded = true;
91 } else if (charset_value.empty() &&
92 base::StartsWith(*iter, kCharsetTag,
93 base::CompareCase::INSENSITIVE_ASCII)) {
94 charset_value = std::string(iter->substr(kCharsetTag.size()));
95 // The grammar for charset is not specially defined in RFC2045 and
96 // RFC2397. It just needs to be a token.
97 if (!HttpUtil::IsToken(charset_value))
98 return false;
99 }
100 }
101
102 if (mime_type_value.empty()) {
103 // Fallback to the default if nothing specified in the mediatype part as
104 // specified in RFC2045. As specified in RFC2397, we use |charset| even if
105 // |mime_type| is empty.
106 mime_type_value = "text/plain";
107 if (charset_value.empty())
108 charset_value = "US-ASCII";
109 } else if (!ParseMimeTypeWithoutParameter(mime_type_value, nullptr,
110 nullptr)) {
111 // Fallback to the default as recommended in RFC2045 when the mediatype
112 // value is invalid. For this case, we don't respect |charset| but force it
113 // set to "US-ASCII".
114 mime_type_value = "text/plain";
115 charset_value = "US-ASCII";
116 }
117
118 // The caller may not be interested in receiving the data.
119 if (data) {
120 // Preserve spaces if dealing with text or xml input, same as mozilla:
121 // https://bugzilla.mozilla.org/show_bug.cgi?id=138052
122 // but strip them otherwise:
123 // https://bugzilla.mozilla.org/show_bug.cgi?id=37200
124 // (Spaces in a data URL should be escaped, which is handled below, so any
125 // spaces now are wrong. People expect to be able to enter them in the URL
126 // bar for text, and it can't hurt, so we allow it.)
127 //
128 // TODO(mmenke): Is removing all spaces reasonable? GURL removes trailing
129 // spaces itself, anyways. Should we just trim leading spaces instead?
130 // Allowing random intermediary spaces seems unnecessary.
131
132 auto raw_body = base::MakeStringPiece(comma + 1, content.end());
133
134 // For base64, we may have url-escaped whitespace which is not part
135 // of the data, and should be stripped. Otherwise, the escaped whitespace
136 // could be part of the payload, so don't strip it.
137 if (base64_encoded) {
138 // If the data URL is well formed, we can decode it immediately.
139 if (base::FeatureList::IsEnabled(base::features::kOptimizeDataUrls) &&
140 IsDataURLReadyForDecode(raw_body)) {
141 if (!base::Base64Decode(raw_body, data))
142 return false;
143 } else {
144 std::string unescaped_body = base::UnescapeBinaryURLComponent(raw_body);
145 if (!base::Base64Decode(unescaped_body, data,
146 base::Base64DecodePolicy::kForgiving))
147 return false;
148 }
149 } else {
150 // Strip whitespace for non-text MIME types.
151 std::string temp;
152 if (!(mime_type_value.compare(0, 5, "text/") == 0 ||
153 mime_type_value.find("xml") != std::string::npos)) {
154 temp = std::string(raw_body);
155 base::EraseIf(temp, base::IsAsciiWhitespace<char>);
156 raw_body = temp;
157 }
158
159 *data = base::UnescapeBinaryURLComponent(raw_body);
160 }
161 }
162
163 *mime_type = std::move(mime_type_value);
164 *charset = std::move(charset_value);
165 return true;
166 }
167
BuildResponse(const GURL & url,base::StringPiece method,std::string * mime_type,std::string * charset,std::string * data,scoped_refptr<HttpResponseHeaders> * headers)168 Error DataURL::BuildResponse(const GURL& url,
169 base::StringPiece method,
170 std::string* mime_type,
171 std::string* charset,
172 std::string* data,
173 scoped_refptr<HttpResponseHeaders>* headers) {
174 DCHECK(data);
175 DCHECK(!*headers);
176
177 if (!DataURL::Parse(url, mime_type, charset, data))
178 return ERR_INVALID_URL;
179
180 // |mime_type| set by DataURL::Parse() is guaranteed to be in
181 // token "/" token
182 // form. |charset| can be an empty string.
183 DCHECK(!mime_type->empty());
184
185 // "charset" in the Content-Type header is specified explicitly to follow
186 // the "token" ABNF in the HTTP spec. When the DataURL::Parse() call is
187 // successful, it's guaranteed that the string in |charset| follows the
188 // "token" ABNF.
189 std::string content_type = *mime_type;
190 if (!charset->empty())
191 content_type.append(";charset=" + *charset);
192 // The terminal double CRLF isn't needed by TryToCreate().
193 *headers = HttpResponseHeaders::TryToCreate(
194 "HTTP/1.1 200 OK\r\n"
195 "Content-Type:" +
196 content_type);
197 // Above line should always succeed - TryToCreate() only fails when there are
198 // nulls in the string, and DataURL::Parse() can't return nulls in anything
199 // but the |data| argument.
200 DCHECK(*headers);
201
202 if (base::EqualsCaseInsensitiveASCII(method, "HEAD"))
203 data->clear();
204
205 return OK;
206 }
207
208 } // namespace net
209