1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "url/url_util.h"
6
7 #include <stddef.h>
8 #include <string.h>
9
10 #include <atomic>
11 #include <ostream>
12
13 #include "base/check_op.h"
14 #include "base/compiler_specific.h"
15 #include "base/containers/contains.h"
16 #include "base/no_destructor.h"
17 #include "base/strings/string_util.h"
18 #include "url/url_canon_internal.h"
19 #include "url/url_constants.h"
20 #include "url/url_file.h"
21 #include "url/url_util_internal.h"
22
23 namespace url {
24
25 namespace {
26
27 // A pair for representing a standard scheme name and the SchemeType for it.
28 struct SchemeWithType {
29 std::string scheme;
30 SchemeType type;
31 };
32
33 // A pair for representing a scheme and a custom protocol handler for it.
34 //
35 // This pair of strings must be normalized protocol handler parameters as
36 // described in the Custom Handler specification.
37 // https://html.spec.whatwg.org/multipage/system-state.html#normalize-protocol-handler-parameters
38 struct SchemeWithHandler {
39 std::string scheme;
40 std::string handler;
41 };
42
43 // List of currently registered schemes and associated properties.
44 struct SchemeRegistry {
45 // Standard format schemes (see header for details).
46 std::vector<SchemeWithType> standard_schemes = {
47 {kHttpsScheme, SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION},
48 {kHttpScheme, SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION},
49 // Yes, file URLs can have a hostname, so file URLs should be handled as
50 // "standard". File URLs never have a port as specified by the SchemeType
51 // field. Unlike other SCHEME_WITH_HOST schemes, the 'host' in a file
52 // URL may be empty, a behavior which is special-cased during
53 // canonicalization.
54 {kFileScheme, SCHEME_WITH_HOST},
55 {kFtpScheme, SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION},
56 {kWssScheme,
57 SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION}, // WebSocket secure.
58 {kWsScheme, SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION}, // WebSocket.
59 {kFileSystemScheme, SCHEME_WITHOUT_AUTHORITY},
60 };
61
62 // Schemes that are allowed for referrers.
63 //
64 // WARNING: Adding (1) a non-"standard" scheme or (2) a scheme whose URLs have
65 // opaque origins could lead to surprising behavior in some of the referrer
66 // generation logic. In order to avoid surprises, be sure to have adequate
67 // test coverage in each of the multiple code locations that compute
68 // referrers.
69 std::vector<SchemeWithType> referrer_schemes = {
70 {kHttpsScheme, SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION},
71 {kHttpScheme, SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION},
72 };
73
74 // Schemes that do not trigger mixed content warning.
75 std::vector<std::string> secure_schemes = {
76 kHttpsScheme,
77 kWssScheme,
78 kDataScheme,
79 kAboutScheme,
80 };
81
82 // Schemes that normal pages cannot link to or access (i.e., with the same
83 // security rules as those applied to "file" URLs).
84 std::vector<std::string> local_schemes = {
85 kFileScheme,
86 };
87
88 // Schemes that cause pages loaded with them to not have access to pages
89 // loaded with any other URL scheme.
90 std::vector<std::string> no_access_schemes = {
91 kAboutScheme,
92 kJavaScriptScheme,
93 kDataScheme,
94 };
95
96 // Schemes that can be sent CORS requests.
97 std::vector<std::string> cors_enabled_schemes = {
98 kHttpsScheme,
99 kHttpScheme,
100 kDataScheme,
101 };
102
103 // Schemes that can be used by web to store data (local storage, etc).
104 std::vector<std::string> web_storage_schemes = {
105 kHttpsScheme, kHttpScheme, kFileScheme, kFtpScheme, kWssScheme, kWsScheme,
106 };
107
108 // Schemes that can bypass the Content-Security-Policy (CSP) checks.
109 std::vector<std::string> csp_bypassing_schemes = {};
110
111 // Schemes that are strictly empty documents, allowing them to commit
112 // synchronously.
113 std::vector<std::string> empty_document_schemes = {
114 kAboutScheme,
115 };
116
117 // Schemes with a predefined default custom handler.
118 std::vector<SchemeWithHandler> predefined_handler_schemes;
119
120 bool allow_non_standard_schemes = false;
121 };
122
123 // See the LockSchemeRegistries declaration in the header.
124 bool scheme_registries_locked = false;
125
126 // Ensure that the schemes aren't modified after first use.
127 static std::atomic<bool> g_scheme_registries_used{false};
128
129 // Gets the scheme registry without locking the schemes. This should *only* be
130 // used for adding schemes to the registry.
GetSchemeRegistryWithoutLocking()131 SchemeRegistry* GetSchemeRegistryWithoutLocking() {
132 static base::NoDestructor<SchemeRegistry> registry;
133 return registry.get();
134 }
135
GetSchemeRegistry()136 const SchemeRegistry& GetSchemeRegistry() {
137 #if DCHECK_IS_ON()
138 g_scheme_registries_used.store(true);
139 #endif
140 return *GetSchemeRegistryWithoutLocking();
141 }
142
143 // Pass this enum through for methods which would like to know if whitespace
144 // removal is necessary.
145 enum WhitespaceRemovalPolicy {
146 REMOVE_WHITESPACE,
147 DO_NOT_REMOVE_WHITESPACE,
148 };
149
150 // This template converts a given character type to the corresponding
151 // StringPiece type.
152 template<typename CHAR> struct CharToStringPiece {
153 };
154 template<> struct CharToStringPiece<char> {
155 typedef base::StringPiece Piece;
156 };
157 template <>
158 struct CharToStringPiece<char16_t> {
159 typedef base::StringPiece16 Piece;
160 };
161
162 // Given a string and a range inside the string, compares it to the given
163 // lower-case |compare_to| buffer.
164 template<typename CHAR>
DoCompareSchemeComponent(const CHAR * spec,const Component & component,const char * compare_to)165 inline bool DoCompareSchemeComponent(const CHAR* spec,
166 const Component& component,
167 const char* compare_to) {
168 if (component.is_empty())
169 return compare_to[0] == 0; // When component is empty, match empty scheme.
170 return base::EqualsCaseInsensitiveASCII(
171 typename CharToStringPiece<CHAR>::Piece(&spec[component.begin],
172 component.len),
173 compare_to);
174 }
175
176 // Returns true and sets |type| to the SchemeType of the given scheme
177 // identified by |scheme| within |spec| if in |schemes|.
178 template<typename CHAR>
DoIsInSchemes(const CHAR * spec,const Component & scheme,SchemeType * type,const std::vector<SchemeWithType> & schemes)179 bool DoIsInSchemes(const CHAR* spec,
180 const Component& scheme,
181 SchemeType* type,
182 const std::vector<SchemeWithType>& schemes) {
183 if (scheme.is_empty())
184 return false; // Empty or invalid schemes are non-standard.
185
186 for (const SchemeWithType& scheme_with_type : schemes) {
187 if (base::EqualsCaseInsensitiveASCII(
188 typename CharToStringPiece<CHAR>::Piece(&spec[scheme.begin],
189 scheme.len),
190 scheme_with_type.scheme)) {
191 *type = scheme_with_type.type;
192 return true;
193 }
194 }
195 return false;
196 }
197
198 template<typename CHAR>
DoIsStandard(const CHAR * spec,const Component & scheme,SchemeType * type)199 bool DoIsStandard(const CHAR* spec, const Component& scheme, SchemeType* type) {
200 return DoIsInSchemes(spec, scheme, type,
201 GetSchemeRegistry().standard_schemes);
202 }
203
204
205 template<typename CHAR>
DoFindAndCompareScheme(const CHAR * str,int str_len,const char * compare,Component * found_scheme)206 bool DoFindAndCompareScheme(const CHAR* str,
207 int str_len,
208 const char* compare,
209 Component* found_scheme) {
210 // Before extracting scheme, canonicalize the URL to remove any whitespace.
211 // This matches the canonicalization done in DoCanonicalize function.
212 STACK_UNINITIALIZED RawCanonOutputT<CHAR> whitespace_buffer;
213 int spec_len;
214 const CHAR* spec =
215 RemoveURLWhitespace(str, str_len, &whitespace_buffer, &spec_len, nullptr);
216
217 Component our_scheme;
218 if (!ExtractScheme(spec, spec_len, &our_scheme)) {
219 // No scheme.
220 if (found_scheme)
221 *found_scheme = Component();
222 return false;
223 }
224 if (found_scheme)
225 *found_scheme = our_scheme;
226 return DoCompareSchemeComponent(spec, our_scheme, compare);
227 }
228
229 template <typename CHAR>
DoCanonicalize(const CHAR * spec,int spec_len,bool trim_path_end,WhitespaceRemovalPolicy whitespace_policy,CharsetConverter * charset_converter,CanonOutput * output,Parsed * output_parsed)230 bool DoCanonicalize(const CHAR* spec,
231 int spec_len,
232 bool trim_path_end,
233 WhitespaceRemovalPolicy whitespace_policy,
234 CharsetConverter* charset_converter,
235 CanonOutput* output,
236 Parsed* output_parsed) {
237 // Trim leading C0 control characters and spaces.
238 int begin = 0;
239 TrimURL(spec, &begin, &spec_len, trim_path_end);
240 DCHECK(0 <= begin && begin <= spec_len);
241 spec += begin;
242 spec_len -= begin;
243
244 output->ReserveSizeIfNeeded(spec_len);
245
246 // Remove any whitespace from the middle of the relative URL if necessary.
247 // Possibly this will result in copying to the new buffer.
248 STACK_UNINITIALIZED RawCanonOutputT<CHAR> whitespace_buffer;
249 if (whitespace_policy == REMOVE_WHITESPACE) {
250 spec = RemoveURLWhitespace(spec, spec_len, &whitespace_buffer, &spec_len,
251 &output_parsed->potentially_dangling_markup);
252 }
253
254 Parsed parsed_input;
255 #ifdef WIN32
256 // For Windows, we allow things that look like absolute Windows paths to be
257 // fixed up magically to file URLs. This is done for IE compatibility. For
258 // example, this will change "c:/foo" into a file URL rather than treating
259 // it as a URL with the protocol "c". It also works for UNC ("\\foo\bar.txt").
260 // There is similar logic in url_canon_relative.cc for
261 //
262 // For Max & Unix, we don't do this (the equivalent would be "/foo/bar" which
263 // has no meaning as an absolute path name. This is because browsers on Mac
264 // & Unix don't generally do this, so there is no compatibility reason for
265 // doing so.
266 if (DoesBeginUNCPath(spec, 0, spec_len, false) ||
267 DoesBeginWindowsDriveSpec(spec, 0, spec_len)) {
268 ParseFileURL(spec, spec_len, &parsed_input);
269 return CanonicalizeFileURL(spec, spec_len, parsed_input, charset_converter,
270 output, output_parsed);
271 }
272 #endif
273
274 Component scheme;
275 if (!ExtractScheme(spec, spec_len, &scheme))
276 return false;
277
278 // This is the parsed version of the input URL, we have to canonicalize it
279 // before storing it in our object.
280 bool success;
281 SchemeType scheme_type = SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION;
282 if (DoCompareSchemeComponent(spec, scheme, url::kFileScheme)) {
283 // File URLs are special.
284 ParseFileURL(spec, spec_len, &parsed_input);
285 success = CanonicalizeFileURL(spec, spec_len, parsed_input,
286 charset_converter, output, output_parsed);
287 } else if (DoCompareSchemeComponent(spec, scheme, url::kFileSystemScheme)) {
288 // Filesystem URLs are special.
289 ParseFileSystemURL(spec, spec_len, &parsed_input);
290 success = CanonicalizeFileSystemURL(spec, spec_len, parsed_input,
291 charset_converter, output,
292 output_parsed);
293
294 } else if (DoIsStandard(spec, scheme, &scheme_type)) {
295 // All "normal" URLs.
296 ParseStandardURL(spec, spec_len, &parsed_input);
297 success = CanonicalizeStandardURL(spec, spec_len, parsed_input, scheme_type,
298 charset_converter, output, output_parsed);
299
300 } else if (DoCompareSchemeComponent(spec, scheme, url::kMailToScheme)) {
301 // Mailto URLs are treated like standard URLs, with only a scheme, path,
302 // and query.
303 ParseMailtoURL(spec, spec_len, &parsed_input);
304 success = CanonicalizeMailtoURL(spec, spec_len, parsed_input, output,
305 output_parsed);
306
307 } else {
308 // "Weird" URLs like data: and javascript:.
309 ParsePathURL(spec, spec_len, trim_path_end, &parsed_input);
310 success = CanonicalizePathURL(spec, spec_len, parsed_input, output,
311 output_parsed);
312 }
313 return success;
314 }
315
316 template<typename CHAR>
DoResolveRelative(const char * base_spec,int base_spec_len,const Parsed & base_parsed,const CHAR * in_relative,int in_relative_length,CharsetConverter * charset_converter,CanonOutput * output,Parsed * output_parsed)317 bool DoResolveRelative(const char* base_spec,
318 int base_spec_len,
319 const Parsed& base_parsed,
320 const CHAR* in_relative,
321 int in_relative_length,
322 CharsetConverter* charset_converter,
323 CanonOutput* output,
324 Parsed* output_parsed) {
325 // Remove any whitespace from the middle of the relative URL, possibly
326 // copying to the new buffer.
327 STACK_UNINITIALIZED RawCanonOutputT<CHAR> whitespace_buffer;
328 int relative_length;
329 const CHAR* relative = RemoveURLWhitespace(
330 in_relative, in_relative_length, &whitespace_buffer, &relative_length,
331 &output_parsed->potentially_dangling_markup);
332
333 bool base_is_authority_based = false;
334 bool base_is_hierarchical = false;
335 if (base_spec &&
336 base_parsed.scheme.is_nonempty()) {
337 int after_scheme = base_parsed.scheme.end() + 1; // Skip past the colon.
338 int num_slashes = CountConsecutiveSlashes(base_spec, after_scheme,
339 base_spec_len);
340 base_is_authority_based = num_slashes > 1;
341 base_is_hierarchical = num_slashes > 0;
342 }
343
344 SchemeType unused_scheme_type = SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION;
345 bool standard_base_scheme =
346 base_parsed.scheme.is_nonempty() &&
347 DoIsStandard(base_spec, base_parsed.scheme, &unused_scheme_type);
348
349 bool is_relative;
350 Component relative_component;
351 if (!IsRelativeURL(base_spec, base_parsed, relative, relative_length,
352 (base_is_hierarchical || standard_base_scheme),
353 &is_relative, &relative_component)) {
354 // Error resolving.
355 return false;
356 }
357
358 // Don't reserve buffer space here. Instead, reserve in DoCanonicalize and
359 // ReserveRelativeURL, to enable more accurate buffer sizes.
360
361 // Pretend for a moment that |base_spec| is a standard URL. Normally
362 // non-standard URLs are treated as PathURLs, but if the base has an
363 // authority we would like to preserve it.
364 if (is_relative && base_is_authority_based && !standard_base_scheme) {
365 Parsed base_parsed_authority;
366 ParseStandardURL(base_spec, base_spec_len, &base_parsed_authority);
367 if (base_parsed_authority.host.is_nonempty()) {
368 STACK_UNINITIALIZED RawCanonOutputT<char> temporary_output;
369 bool did_resolve_succeed =
370 ResolveRelativeURL(base_spec, base_parsed_authority, false, relative,
371 relative_component, charset_converter,
372 &temporary_output, output_parsed);
373 // The output_parsed is incorrect at this point (because it was built
374 // based on base_parsed_authority instead of base_parsed) and needs to be
375 // re-created.
376 DoCanonicalize(temporary_output.data(), temporary_output.length(), true,
377 REMOVE_WHITESPACE, charset_converter, output,
378 output_parsed);
379 return did_resolve_succeed;
380 }
381 } else if (is_relative) {
382 // Relative, resolve and canonicalize.
383 bool file_base_scheme = base_parsed.scheme.is_nonempty() &&
384 DoCompareSchemeComponent(base_spec, base_parsed.scheme, kFileScheme);
385 return ResolveRelativeURL(base_spec, base_parsed, file_base_scheme, relative,
386 relative_component, charset_converter, output,
387 output_parsed);
388 }
389
390 // Not relative, canonicalize the input.
391 return DoCanonicalize(relative, relative_length, true,
392 DO_NOT_REMOVE_WHITESPACE, charset_converter, output,
393 output_parsed);
394 }
395
396 template<typename CHAR>
DoReplaceComponents(const char * spec,int spec_len,const Parsed & parsed,const Replacements<CHAR> & replacements,CharsetConverter * charset_converter,CanonOutput * output,Parsed * out_parsed)397 bool DoReplaceComponents(const char* spec,
398 int spec_len,
399 const Parsed& parsed,
400 const Replacements<CHAR>& replacements,
401 CharsetConverter* charset_converter,
402 CanonOutput* output,
403 Parsed* out_parsed) {
404 // If the scheme is overridden, just do a simple string substitution and
405 // re-parse the whole thing. There are lots of edge cases that we really don't
406 // want to deal with. Like what happens if I replace "http://e:8080/foo"
407 // with a file. Does it become "file:///E:/8080/foo" where the port number
408 // becomes part of the path? Parsing that string as a file URL says "yes"
409 // but almost no sane rule for dealing with the components individually would
410 // come up with that.
411 //
412 // Why allow these crazy cases at all? Programatically, there is almost no
413 // case for replacing the scheme. The most common case for hitting this is
414 // in JS when building up a URL using the location object. In this case, the
415 // JS code expects the string substitution behavior:
416 // http://www.w3.org/TR/2008/WD-html5-20080610/structured.html#common3
417 if (replacements.IsSchemeOverridden()) {
418 // Canonicalize the new scheme so it is 8-bit and can be concatenated with
419 // the existing spec.
420 STACK_UNINITIALIZED RawCanonOutput<128> scheme_replaced;
421 Component scheme_replaced_parsed;
422 CanonicalizeScheme(replacements.sources().scheme,
423 replacements.components().scheme,
424 &scheme_replaced, &scheme_replaced_parsed);
425
426 // We can assume that the input is canonicalized, which means it always has
427 // a colon after the scheme (or where the scheme would be).
428 int spec_after_colon = parsed.scheme.is_valid() ? parsed.scheme.end() + 1
429 : 1;
430 if (spec_len - spec_after_colon > 0) {
431 scheme_replaced.Append(&spec[spec_after_colon],
432 spec_len - spec_after_colon);
433 }
434
435 // We now need to completely re-parse the resulting string since its meaning
436 // may have changed with the different scheme.
437 STACK_UNINITIALIZED RawCanonOutput<128> recanonicalized;
438 Parsed recanonicalized_parsed;
439 DoCanonicalize(scheme_replaced.data(), scheme_replaced.length(), true,
440 REMOVE_WHITESPACE, charset_converter, &recanonicalized,
441 &recanonicalized_parsed);
442
443 // Recurse using the version with the scheme already replaced. This will now
444 // use the replacement rules for the new scheme.
445 //
446 // Warning: this code assumes that ReplaceComponents will re-check all
447 // components for validity. This is because we can't fail if DoCanonicalize
448 // failed above since theoretically the thing making it fail could be
449 // getting replaced here. If ReplaceComponents didn't re-check everything,
450 // we wouldn't know if something *not* getting replaced is a problem.
451 // If the scheme-specific replacers are made more intelligent so they don't
452 // re-check everything, we should instead re-canonicalize the whole thing
453 // after this call to check validity (this assumes replacing the scheme is
454 // much much less common than other types of replacements, like clearing the
455 // ref).
456 Replacements<CHAR> replacements_no_scheme = replacements;
457 replacements_no_scheme.SetScheme(NULL, Component());
458 // If the input URL has potentially dangling markup, set the flag on the
459 // output too. Note that in some cases the replacement gets rid of the
460 // potentially dangling markup, but this ok since the check will fail
461 // closed.
462 if (parsed.potentially_dangling_markup) {
463 out_parsed->potentially_dangling_markup = true;
464 }
465 return DoReplaceComponents(recanonicalized.data(), recanonicalized.length(),
466 recanonicalized_parsed, replacements_no_scheme,
467 charset_converter, output, out_parsed);
468 }
469
470 // TODO(csharrison): We could be smarter about size to reserve if this is done
471 // in callers below, and the code checks to see which components are being
472 // replaced, and with what length. If this ends up being a hot spot it should
473 // be changed.
474 output->ReserveSizeIfNeeded(spec_len);
475
476 // If we get here, then we know the scheme doesn't need to be replaced, so can
477 // just key off the scheme in the spec to know how to do the replacements.
478 if (DoCompareSchemeComponent(spec, parsed.scheme, url::kFileScheme)) {
479 return ReplaceFileURL(spec, parsed, replacements, charset_converter, output,
480 out_parsed);
481 }
482 if (DoCompareSchemeComponent(spec, parsed.scheme, url::kFileSystemScheme)) {
483 return ReplaceFileSystemURL(spec, parsed, replacements, charset_converter,
484 output, out_parsed);
485 }
486 SchemeType scheme_type = SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION;
487 if (DoIsStandard(spec, parsed.scheme, &scheme_type)) {
488 return ReplaceStandardURL(spec, parsed, replacements, scheme_type,
489 charset_converter, output, out_parsed);
490 }
491 if (DoCompareSchemeComponent(spec, parsed.scheme, url::kMailToScheme)) {
492 return ReplaceMailtoURL(spec, parsed, replacements, output, out_parsed);
493 }
494
495 // Default is a path URL.
496 return ReplacePathURL(spec, parsed, replacements, output, out_parsed);
497 }
498
DoSchemeModificationPreamble()499 void DoSchemeModificationPreamble() {
500 // If this assert triggers, it means you've called Add*Scheme after
501 // the SchemeRegistry has been used.
502 //
503 // This normally means you're trying to set up a new scheme too late or using
504 // the SchemeRegistry too early in your application's init process.
505 DCHECK(!g_scheme_registries_used.load())
506 << "Trying to add a scheme after the lists have been used. "
507 "Make sure that you haven't added any static GURL initializers in tests.";
508
509 // If this assert triggers, it means you've called Add*Scheme after
510 // LockSchemeRegistries has been called (see the header file for
511 // LockSchemeRegistries for more).
512 //
513 // This normally means you're trying to set up a new scheme too late in your
514 // application's init process. Locate where your app does this initialization
515 // and calls LockSchemeRegistries, and add your new scheme there.
516 DCHECK(!scheme_registries_locked)
517 << "Trying to add a scheme after the lists have been locked.";
518 }
519
DoAddSchemeWithHandler(const char * new_scheme,const char * handler,std::vector<SchemeWithHandler> * schemes)520 void DoAddSchemeWithHandler(const char* new_scheme,
521 const char* handler,
522 std::vector<SchemeWithHandler>* schemes) {
523 DoSchemeModificationPreamble();
524 DCHECK(schemes);
525 DCHECK(strlen(new_scheme) > 0);
526 DCHECK(strlen(handler) > 0);
527 DCHECK_EQ(base::ToLowerASCII(new_scheme), new_scheme);
528 DCHECK(!base::Contains(*schemes, new_scheme, &SchemeWithHandler::scheme));
529 schemes->push_back({new_scheme, handler});
530 }
531
DoAddScheme(const char * new_scheme,std::vector<std::string> * schemes)532 void DoAddScheme(const char* new_scheme, std::vector<std::string>* schemes) {
533 DoSchemeModificationPreamble();
534 DCHECK(schemes);
535 DCHECK(strlen(new_scheme) > 0);
536 DCHECK_EQ(base::ToLowerASCII(new_scheme), new_scheme);
537 DCHECK(!base::Contains(*schemes, new_scheme));
538 schemes->push_back(new_scheme);
539 }
540
DoAddSchemeWithType(const char * new_scheme,SchemeType type,std::vector<SchemeWithType> * schemes)541 void DoAddSchemeWithType(const char* new_scheme,
542 SchemeType type,
543 std::vector<SchemeWithType>* schemes) {
544 DoSchemeModificationPreamble();
545 DCHECK(schemes);
546 DCHECK(strlen(new_scheme) > 0);
547 DCHECK_EQ(base::ToLowerASCII(new_scheme), new_scheme);
548 DCHECK(!base::Contains(*schemes, new_scheme, &SchemeWithType::scheme));
549 schemes->push_back({new_scheme, type});
550 }
551
552 } // namespace
553
ClearSchemesForTests()554 void ClearSchemesForTests() {
555 DCHECK(!g_scheme_registries_used.load())
556 << "Schemes already used "
557 << "(use ScopedSchemeRegistryForTests to relax for tests).";
558 DCHECK(!scheme_registries_locked)
559 << "Schemes already locked "
560 << "(use ScopedSchemeRegistryForTests to relax for tests).";
561 *GetSchemeRegistryWithoutLocking() = SchemeRegistry();
562 }
563
564 class ScopedSchemeRegistryInternal {
565 public:
ScopedSchemeRegistryInternal()566 ScopedSchemeRegistryInternal()
567 : registry_(std::make_unique<SchemeRegistry>(
568 *GetSchemeRegistryWithoutLocking())) {
569 g_scheme_registries_used.store(false);
570 scheme_registries_locked = false;
571 }
~ScopedSchemeRegistryInternal()572 ~ScopedSchemeRegistryInternal() {
573 *GetSchemeRegistryWithoutLocking() = *registry_;
574 g_scheme_registries_used.store(true);
575 scheme_registries_locked = true;
576 }
577
578 private:
579 std::unique_ptr<SchemeRegistry> registry_;
580 };
581
ScopedSchemeRegistryForTests()582 ScopedSchemeRegistryForTests::ScopedSchemeRegistryForTests()
583 : internal_(std::make_unique<ScopedSchemeRegistryInternal>()) {}
584
585 ScopedSchemeRegistryForTests::~ScopedSchemeRegistryForTests() = default;
586
EnableNonStandardSchemesForAndroidWebView()587 void EnableNonStandardSchemesForAndroidWebView() {
588 DoSchemeModificationPreamble();
589 GetSchemeRegistryWithoutLocking()->allow_non_standard_schemes = true;
590 }
591
AllowNonStandardSchemesForAndroidWebView()592 bool AllowNonStandardSchemesForAndroidWebView() {
593 return GetSchemeRegistry().allow_non_standard_schemes;
594 }
595
AddStandardScheme(const char * new_scheme,SchemeType type)596 void AddStandardScheme(const char* new_scheme, SchemeType type) {
597 DoAddSchemeWithType(new_scheme, type,
598 &GetSchemeRegistryWithoutLocking()->standard_schemes);
599 }
600
GetStandardSchemes()601 std::vector<std::string> GetStandardSchemes() {
602 std::vector<std::string> result;
603 result.reserve(GetSchemeRegistry().standard_schemes.size());
604 for (const auto& entry : GetSchemeRegistry().standard_schemes) {
605 result.push_back(entry.scheme);
606 }
607 return result;
608 }
609
AddReferrerScheme(const char * new_scheme,SchemeType type)610 void AddReferrerScheme(const char* new_scheme, SchemeType type) {
611 DoAddSchemeWithType(new_scheme, type,
612 &GetSchemeRegistryWithoutLocking()->referrer_schemes);
613 }
614
AddSecureScheme(const char * new_scheme)615 void AddSecureScheme(const char* new_scheme) {
616 DoAddScheme(new_scheme, &GetSchemeRegistryWithoutLocking()->secure_schemes);
617 }
618
GetSecureSchemes()619 const std::vector<std::string>& GetSecureSchemes() {
620 return GetSchemeRegistry().secure_schemes;
621 }
622
AddLocalScheme(const char * new_scheme)623 void AddLocalScheme(const char* new_scheme) {
624 DoAddScheme(new_scheme, &GetSchemeRegistryWithoutLocking()->local_schemes);
625 }
626
GetLocalSchemes()627 const std::vector<std::string>& GetLocalSchemes() {
628 return GetSchemeRegistry().local_schemes;
629 }
630
AddNoAccessScheme(const char * new_scheme)631 void AddNoAccessScheme(const char* new_scheme) {
632 DoAddScheme(new_scheme,
633 &GetSchemeRegistryWithoutLocking()->no_access_schemes);
634 }
635
GetNoAccessSchemes()636 const std::vector<std::string>& GetNoAccessSchemes() {
637 return GetSchemeRegistry().no_access_schemes;
638 }
639
AddCorsEnabledScheme(const char * new_scheme)640 void AddCorsEnabledScheme(const char* new_scheme) {
641 DoAddScheme(new_scheme,
642 &GetSchemeRegistryWithoutLocking()->cors_enabled_schemes);
643 }
644
GetCorsEnabledSchemes()645 const std::vector<std::string>& GetCorsEnabledSchemes() {
646 return GetSchemeRegistry().cors_enabled_schemes;
647 }
648
AddWebStorageScheme(const char * new_scheme)649 void AddWebStorageScheme(const char* new_scheme) {
650 DoAddScheme(new_scheme,
651 &GetSchemeRegistryWithoutLocking()->web_storage_schemes);
652 }
653
GetWebStorageSchemes()654 const std::vector<std::string>& GetWebStorageSchemes() {
655 return GetSchemeRegistry().web_storage_schemes;
656 }
657
AddCSPBypassingScheme(const char * new_scheme)658 void AddCSPBypassingScheme(const char* new_scheme) {
659 DoAddScheme(new_scheme,
660 &GetSchemeRegistryWithoutLocking()->csp_bypassing_schemes);
661 }
662
GetCSPBypassingSchemes()663 const std::vector<std::string>& GetCSPBypassingSchemes() {
664 return GetSchemeRegistry().csp_bypassing_schemes;
665 }
666
AddEmptyDocumentScheme(const char * new_scheme)667 void AddEmptyDocumentScheme(const char* new_scheme) {
668 DoAddScheme(new_scheme,
669 &GetSchemeRegistryWithoutLocking()->empty_document_schemes);
670 }
671
GetEmptyDocumentSchemes()672 const std::vector<std::string>& GetEmptyDocumentSchemes() {
673 return GetSchemeRegistry().empty_document_schemes;
674 }
675
AddPredefinedHandlerScheme(const char * new_scheme,const char * handler)676 void AddPredefinedHandlerScheme(const char* new_scheme, const char* handler) {
677 DoAddSchemeWithHandler(
678 new_scheme, handler,
679 &GetSchemeRegistryWithoutLocking()->predefined_handler_schemes);
680 }
681
GetPredefinedHandlerSchemes()682 std::vector<std::pair<std::string, std::string>> GetPredefinedHandlerSchemes() {
683 std::vector<std::pair<std::string, std::string>> result;
684 result.reserve(GetSchemeRegistry().predefined_handler_schemes.size());
685 for (const SchemeWithHandler& entry :
686 GetSchemeRegistry().predefined_handler_schemes) {
687 result.emplace_back(entry.scheme, entry.handler);
688 }
689 return result;
690 }
691
LockSchemeRegistries()692 void LockSchemeRegistries() {
693 scheme_registries_locked = true;
694 }
695
IsStandard(const char * spec,const Component & scheme)696 bool IsStandard(const char* spec, const Component& scheme) {
697 SchemeType unused_scheme_type;
698 return DoIsStandard(spec, scheme, &unused_scheme_type);
699 }
700
GetStandardSchemeType(const char * spec,const Component & scheme,SchemeType * type)701 bool GetStandardSchemeType(const char* spec,
702 const Component& scheme,
703 SchemeType* type) {
704 return DoIsStandard(spec, scheme, type);
705 }
706
GetStandardSchemeType(const char16_t * spec,const Component & scheme,SchemeType * type)707 bool GetStandardSchemeType(const char16_t* spec,
708 const Component& scheme,
709 SchemeType* type) {
710 return DoIsStandard(spec, scheme, type);
711 }
712
IsStandard(const char16_t * spec,const Component & scheme)713 bool IsStandard(const char16_t* spec, const Component& scheme) {
714 SchemeType unused_scheme_type;
715 return DoIsStandard(spec, scheme, &unused_scheme_type);
716 }
717
IsReferrerScheme(const char * spec,const Component & scheme)718 bool IsReferrerScheme(const char* spec, const Component& scheme) {
719 SchemeType unused_scheme_type;
720 return DoIsInSchemes(spec, scheme, &unused_scheme_type,
721 GetSchemeRegistry().referrer_schemes);
722 }
723
FindAndCompareScheme(const char * str,int str_len,const char * compare,Component * found_scheme)724 bool FindAndCompareScheme(const char* str,
725 int str_len,
726 const char* compare,
727 Component* found_scheme) {
728 return DoFindAndCompareScheme(str, str_len, compare, found_scheme);
729 }
730
FindAndCompareScheme(const char16_t * str,int str_len,const char * compare,Component * found_scheme)731 bool FindAndCompareScheme(const char16_t* str,
732 int str_len,
733 const char* compare,
734 Component* found_scheme) {
735 return DoFindAndCompareScheme(str, str_len, compare, found_scheme);
736 }
737
DomainIs(base::StringPiece canonical_host,base::StringPiece canonical_domain)738 bool DomainIs(base::StringPiece canonical_host,
739 base::StringPiece canonical_domain) {
740 if (canonical_host.empty() || canonical_domain.empty())
741 return false;
742
743 // If the host name ends with a dot but the input domain doesn't, then we
744 // ignore the dot in the host name.
745 size_t host_len = canonical_host.length();
746 if (canonical_host.back() == '.' && canonical_domain.back() != '.')
747 --host_len;
748
749 if (host_len < canonical_domain.length())
750 return false;
751
752 // |host_first_pos| is the start of the compared part of the host name, not
753 // start of the whole host name.
754 const char* host_first_pos =
755 canonical_host.data() + host_len - canonical_domain.length();
756
757 if (base::StringPiece(host_first_pos, canonical_domain.length()) !=
758 canonical_domain) {
759 return false;
760 }
761
762 // Make sure there aren't extra characters in host before the compared part;
763 // if the host name is longer than the input domain name, then the character
764 // immediately before the compared part should be a dot. For example,
765 // www.google.com has domain "google.com", but www.iamnotgoogle.com does not.
766 if (canonical_domain[0] != '.' && host_len > canonical_domain.length() &&
767 *(host_first_pos - 1) != '.') {
768 return false;
769 }
770
771 return true;
772 }
773
HostIsIPAddress(base::StringPiece host)774 bool HostIsIPAddress(base::StringPiece host) {
775 STACK_UNINITIALIZED url::RawCanonOutputT<char, 128> ignored_output;
776 url::CanonHostInfo host_info;
777 url::CanonicalizeIPAddress(host.data(), Component(0, host.length()),
778 &ignored_output, &host_info);
779 return host_info.IsIPAddress();
780 }
781
Canonicalize(const char * spec,int spec_len,bool trim_path_end,CharsetConverter * charset_converter,CanonOutput * output,Parsed * output_parsed)782 bool Canonicalize(const char* spec,
783 int spec_len,
784 bool trim_path_end,
785 CharsetConverter* charset_converter,
786 CanonOutput* output,
787 Parsed* output_parsed) {
788 return DoCanonicalize(spec, spec_len, trim_path_end, REMOVE_WHITESPACE,
789 charset_converter, output, output_parsed);
790 }
791
Canonicalize(const char16_t * spec,int spec_len,bool trim_path_end,CharsetConverter * charset_converter,CanonOutput * output,Parsed * output_parsed)792 bool Canonicalize(const char16_t* spec,
793 int spec_len,
794 bool trim_path_end,
795 CharsetConverter* charset_converter,
796 CanonOutput* output,
797 Parsed* output_parsed) {
798 return DoCanonicalize(spec, spec_len, trim_path_end, REMOVE_WHITESPACE,
799 charset_converter, output, output_parsed);
800 }
801
ResolveRelative(const char * base_spec,int base_spec_len,const Parsed & base_parsed,const char * relative,int relative_length,CharsetConverter * charset_converter,CanonOutput * output,Parsed * output_parsed)802 bool ResolveRelative(const char* base_spec,
803 int base_spec_len,
804 const Parsed& base_parsed,
805 const char* relative,
806 int relative_length,
807 CharsetConverter* charset_converter,
808 CanonOutput* output,
809 Parsed* output_parsed) {
810 return DoResolveRelative(base_spec, base_spec_len, base_parsed,
811 relative, relative_length,
812 charset_converter, output, output_parsed);
813 }
814
ResolveRelative(const char * base_spec,int base_spec_len,const Parsed & base_parsed,const char16_t * relative,int relative_length,CharsetConverter * charset_converter,CanonOutput * output,Parsed * output_parsed)815 bool ResolveRelative(const char* base_spec,
816 int base_spec_len,
817 const Parsed& base_parsed,
818 const char16_t* relative,
819 int relative_length,
820 CharsetConverter* charset_converter,
821 CanonOutput* output,
822 Parsed* output_parsed) {
823 return DoResolveRelative(base_spec, base_spec_len, base_parsed,
824 relative, relative_length,
825 charset_converter, output, output_parsed);
826 }
827
ReplaceComponents(const char * spec,int spec_len,const Parsed & parsed,const Replacements<char> & replacements,CharsetConverter * charset_converter,CanonOutput * output,Parsed * out_parsed)828 bool ReplaceComponents(const char* spec,
829 int spec_len,
830 const Parsed& parsed,
831 const Replacements<char>& replacements,
832 CharsetConverter* charset_converter,
833 CanonOutput* output,
834 Parsed* out_parsed) {
835 return DoReplaceComponents(spec, spec_len, parsed, replacements,
836 charset_converter, output, out_parsed);
837 }
838
ReplaceComponents(const char * spec,int spec_len,const Parsed & parsed,const Replacements<char16_t> & replacements,CharsetConverter * charset_converter,CanonOutput * output,Parsed * out_parsed)839 bool ReplaceComponents(const char* spec,
840 int spec_len,
841 const Parsed& parsed,
842 const Replacements<char16_t>& replacements,
843 CharsetConverter* charset_converter,
844 CanonOutput* output,
845 Parsed* out_parsed) {
846 return DoReplaceComponents(spec, spec_len, parsed, replacements,
847 charset_converter, output, out_parsed);
848 }
849
DecodeURLEscapeSequences(const char * input,int length,DecodeURLMode mode,CanonOutputW * output)850 void DecodeURLEscapeSequences(const char* input,
851 int length,
852 DecodeURLMode mode,
853 CanonOutputW* output) {
854 if (length <= 0)
855 return;
856
857 STACK_UNINITIALIZED RawCanonOutputT<char> unescaped_chars;
858 size_t length_size_t = static_cast<size_t>(length);
859 for (size_t i = 0; i < length_size_t; i++) {
860 if (input[i] == '%') {
861 unsigned char ch;
862 if (DecodeEscaped(input, &i, length_size_t, &ch)) {
863 unescaped_chars.push_back(ch);
864 } else {
865 // Invalid escape sequence, copy the percent literal.
866 unescaped_chars.push_back('%');
867 }
868 } else {
869 // Regular non-escaped 8-bit character.
870 unescaped_chars.push_back(input[i]);
871 }
872 }
873
874 int output_initial_length = output->length();
875 // Convert that 8-bit to UTF-16. It's not clear IE does this at all to
876 // JavaScript URLs, but Firefox and Safari do.
877 size_t unescaped_length = unescaped_chars.length();
878 for (size_t i = 0; i < unescaped_length; i++) {
879 unsigned char uch = static_cast<unsigned char>(unescaped_chars.at(i));
880 if (uch < 0x80) {
881 // Non-UTF-8, just append directly
882 output->push_back(uch);
883 } else {
884 // next_ch will point to the last character of the decoded
885 // character.
886 size_t next_character = i;
887 base_icu::UChar32 code_point;
888 if (ReadUTFChar(unescaped_chars.data(), &next_character, unescaped_length,
889 &code_point)) {
890 // Valid UTF-8 character, convert to UTF-16.
891 AppendUTF16Value(code_point, output);
892 i = next_character;
893 } else if (mode == DecodeURLMode::kUTF8) {
894 DCHECK_EQ(code_point, 0xFFFD);
895 AppendUTF16Value(code_point, output);
896 i = next_character;
897 } else {
898 // If there are any sequences that are not valid UTF-8, we
899 // revert |output| changes, and promote any bytes to UTF-16. We
900 // copy all characters from the beginning to the end of the
901 // identified sequence.
902 output->set_length(output_initial_length);
903 for (size_t j = 0; j < unescaped_chars.length(); ++j)
904 output->push_back(static_cast<unsigned char>(unescaped_chars.at(j)));
905 break;
906 }
907 }
908 }
909 }
910
EncodeURIComponent(const char * input,int length,CanonOutput * output)911 void EncodeURIComponent(const char* input, int length, CanonOutput* output) {
912 for (int i = 0; i < length; ++i) {
913 unsigned char c = static_cast<unsigned char>(input[i]);
914 if (IsComponentChar(c))
915 output->push_back(c);
916 else
917 AppendEscapedChar(c, output);
918 }
919 }
920
CompareSchemeComponent(const char * spec,const Component & component,const char * compare_to)921 bool CompareSchemeComponent(const char* spec,
922 const Component& component,
923 const char* compare_to) {
924 return DoCompareSchemeComponent(spec, component, compare_to);
925 }
926
CompareSchemeComponent(const char16_t * spec,const Component & component,const char * compare_to)927 bool CompareSchemeComponent(const char16_t* spec,
928 const Component& component,
929 const char* compare_to) {
930 return DoCompareSchemeComponent(spec, component, compare_to);
931 }
932
933 } // namespace url
934