1 /*
2 * Copyright (C) 2010 Apple Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
26
27 #include "config.h"
28 #include "platform/weborigin/SchemeRegistry.h"
29
30 #include "wtf/MainThread.h"
31
32 namespace WebCore {
33
localURLSchemes()34 static URLSchemesMap& localURLSchemes()
35 {
36 DEFINE_STATIC_LOCAL(URLSchemesMap, localSchemes, ());
37
38 if (localSchemes.isEmpty())
39 localSchemes.add("file");
40
41 return localSchemes;
42 }
43
displayIsolatedURLSchemes()44 static URLSchemesMap& displayIsolatedURLSchemes()
45 {
46 DEFINE_STATIC_LOCAL(URLSchemesMap, displayIsolatedSchemes, ());
47 return displayIsolatedSchemes;
48 }
49
secureSchemes()50 static URLSchemesMap& secureSchemes()
51 {
52 DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ());
53
54 if (secureSchemes.isEmpty()) {
55 secureSchemes.add("https");
56 secureSchemes.add("about");
57 secureSchemes.add("data");
58 }
59
60 return secureSchemes;
61 }
62
schemesWithUniqueOrigins()63 static URLSchemesMap& schemesWithUniqueOrigins()
64 {
65 DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
66
67 if (schemesWithUniqueOrigins.isEmpty()) {
68 schemesWithUniqueOrigins.add("about");
69 schemesWithUniqueOrigins.add("javascript");
70 // This is a willful violation of HTML5.
71 // See https://bugs.webkit.org/show_bug.cgi?id=11885
72 schemesWithUniqueOrigins.add("data");
73 }
74
75 return schemesWithUniqueOrigins;
76 }
77
emptyDocumentSchemes()78 static URLSchemesMap& emptyDocumentSchemes()
79 {
80 DEFINE_STATIC_LOCAL(URLSchemesMap, emptyDocumentSchemes, ());
81
82 if (emptyDocumentSchemes.isEmpty())
83 emptyDocumentSchemes.add("about");
84
85 return emptyDocumentSchemes;
86 }
87
schemesForbiddenFromDomainRelaxation()88 static HashSet<String>& schemesForbiddenFromDomainRelaxation()
89 {
90 DEFINE_STATIC_LOCAL(HashSet<String>, schemes, ());
91 return schemes;
92 }
93
canDisplayOnlyIfCanRequestSchemes()94 static URLSchemesMap& canDisplayOnlyIfCanRequestSchemes()
95 {
96 DEFINE_STATIC_LOCAL(URLSchemesMap, canDisplayOnlyIfCanRequestSchemes, ());
97
98 if (canDisplayOnlyIfCanRequestSchemes.isEmpty()) {
99 canDisplayOnlyIfCanRequestSchemes.add("blob");
100 canDisplayOnlyIfCanRequestSchemes.add("filesystem");
101 }
102
103 return canDisplayOnlyIfCanRequestSchemes;
104 }
105
notAllowingJavascriptURLsSchemes()106 static URLSchemesMap& notAllowingJavascriptURLsSchemes()
107 {
108 DEFINE_STATIC_LOCAL(URLSchemesMap, notAllowingJavascriptURLsSchemes, ());
109 return notAllowingJavascriptURLsSchemes;
110 }
111
registerURLSchemeAsLocal(const String & scheme)112 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme)
113 {
114 localURLSchemes().add(scheme);
115 }
116
removeURLSchemeRegisteredAsLocal(const String & scheme)117 void SchemeRegistry::removeURLSchemeRegisteredAsLocal(const String& scheme)
118 {
119 if (scheme == "file")
120 return;
121 localURLSchemes().remove(scheme);
122 }
123
localSchemes()124 const URLSchemesMap& SchemeRegistry::localSchemes()
125 {
126 return localURLSchemes();
127 }
128
CORSEnabledSchemes()129 static URLSchemesMap& CORSEnabledSchemes()
130 {
131 // FIXME: http://bugs.webkit.org/show_bug.cgi?id=77160
132 DEFINE_STATIC_LOCAL(URLSchemesMap, CORSEnabledSchemes, ());
133
134 if (CORSEnabledSchemes.isEmpty()) {
135 CORSEnabledSchemes.add("http");
136 CORSEnabledSchemes.add("https");
137 }
138
139 return CORSEnabledSchemes;
140 }
141
ContentSecurityPolicyBypassingSchemes()142 static URLSchemesMap& ContentSecurityPolicyBypassingSchemes()
143 {
144 DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ());
145 return schemes;
146 }
147
shouldTreatURLSchemeAsLocal(const String & scheme)148 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme)
149 {
150 if (scheme.isEmpty())
151 return false;
152 return localURLSchemes().contains(scheme);
153 }
154
registerURLSchemeAsNoAccess(const String & scheme)155 void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme)
156 {
157 schemesWithUniqueOrigins().add(scheme);
158 }
159
shouldTreatURLSchemeAsNoAccess(const String & scheme)160 bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme)
161 {
162 if (scheme.isEmpty())
163 return false;
164 return schemesWithUniqueOrigins().contains(scheme);
165 }
166
registerURLSchemeAsDisplayIsolated(const String & scheme)167 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme)
168 {
169 displayIsolatedURLSchemes().add(scheme);
170 }
171
shouldTreatURLSchemeAsDisplayIsolated(const String & scheme)172 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(const String& scheme)
173 {
174 if (scheme.isEmpty())
175 return false;
176 return displayIsolatedURLSchemes().contains(scheme);
177 }
178
registerURLSchemeAsSecure(const String & scheme)179 void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme)
180 {
181 secureSchemes().add(scheme);
182 }
183
shouldTreatURLSchemeAsSecure(const String & scheme)184 bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme)
185 {
186 if (scheme.isEmpty())
187 return false;
188 return secureSchemes().contains(scheme);
189 }
190
registerURLSchemeAsEmptyDocument(const String & scheme)191 void SchemeRegistry::registerURLSchemeAsEmptyDocument(const String& scheme)
192 {
193 emptyDocumentSchemes().add(scheme);
194 }
195
shouldLoadURLSchemeAsEmptyDocument(const String & scheme)196 bool SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(const String& scheme)
197 {
198 if (scheme.isEmpty())
199 return false;
200 return emptyDocumentSchemes().contains(scheme);
201 }
202
setDomainRelaxationForbiddenForURLScheme(bool forbidden,const String & scheme)203 void SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String& scheme)
204 {
205 if (scheme.isEmpty())
206 return;
207
208 if (forbidden)
209 schemesForbiddenFromDomainRelaxation().add(scheme);
210 else
211 schemesForbiddenFromDomainRelaxation().remove(scheme);
212 }
213
isDomainRelaxationForbiddenForURLScheme(const String & scheme)214 bool SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(const String& scheme)
215 {
216 if (scheme.isEmpty())
217 return false;
218 return schemesForbiddenFromDomainRelaxation().contains(scheme);
219 }
220
canDisplayOnlyIfCanRequest(const String & scheme)221 bool SchemeRegistry::canDisplayOnlyIfCanRequest(const String& scheme)
222 {
223 if (scheme.isEmpty())
224 return false;
225 return canDisplayOnlyIfCanRequestSchemes().contains(scheme);
226 }
227
registerAsCanDisplayOnlyIfCanRequest(const String & scheme)228 void SchemeRegistry::registerAsCanDisplayOnlyIfCanRequest(const String& scheme)
229 {
230 canDisplayOnlyIfCanRequestSchemes().add(scheme);
231 }
232
registerURLSchemeAsNotAllowingJavascriptURLs(const String & scheme)233 void SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
234 {
235 notAllowingJavascriptURLsSchemes().add(scheme);
236 }
237
shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String & scheme)238 bool SchemeRegistry::shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
239 {
240 if (scheme.isEmpty())
241 return false;
242 return notAllowingJavascriptURLsSchemes().contains(scheme);
243 }
244
registerURLSchemeAsCORSEnabled(const String & scheme)245 void SchemeRegistry::registerURLSchemeAsCORSEnabled(const String& scheme)
246 {
247 CORSEnabledSchemes().add(scheme);
248 }
249
shouldTreatURLSchemeAsCORSEnabled(const String & scheme)250 bool SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(const String& scheme)
251 {
252 if (scheme.isEmpty())
253 return false;
254 return CORSEnabledSchemes().contains(scheme);
255 }
256
registerURLSchemeAsBypassingContentSecurityPolicy(const String & scheme)257 void SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme)
258 {
259 ContentSecurityPolicyBypassingSchemes().add(scheme);
260 }
261
removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String & scheme)262 void SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme)
263 {
264 ContentSecurityPolicyBypassingSchemes().remove(scheme);
265 }
266
schemeShouldBypassContentSecurityPolicy(const String & scheme)267 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy(const String& scheme)
268 {
269 if (scheme.isEmpty())
270 return false;
271 return ContentSecurityPolicyBypassingSchemes().contains(scheme);
272 }
273
274 } // namespace WebCore
275