1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 #include "chrome_frame/html_utils.h"
6
7 #include <atlbase.h>
8 #include <urlmon.h>
9
10 #include "base/strings/string_tokenizer.h"
11 #include "base/strings/string_util.h"
12 #include "base/strings/stringprintf.h"
13 #include "chrome/common/chrome_version_info.h"
14 #include "chrome_frame/utils.h"
15 #include "net/base/net_util.h"
16 #include "webkit/common/user_agent/user_agent_util.h"
17
18 const wchar_t kQuotes[] = L"\"'";
19 const char kXFrameOptionsHeader[] = "X-Frame-Options";
20 const char kXFrameOptionsValueAllowAll[] = "allowall";
21
StringRange()22 HTMLScanner::StringRange::StringRange() {
23 }
24
StringRange(StrPos start,StrPos end)25 HTMLScanner::StringRange::StringRange(StrPos start, StrPos end)
26 : start_(start), end_(end) {
27 }
28
LowerCaseEqualsASCII(const char * other) const29 bool HTMLScanner::StringRange::LowerCaseEqualsASCII(const char* other) const {
30 return ::LowerCaseEqualsASCII(start_, end_, other);
31 }
32
Equals(const wchar_t * other) const33 bool HTMLScanner::StringRange::Equals(const wchar_t* other) const {
34 int ret = wcsncmp(&start_[0], other, end_ - start_);
35 if (ret == 0)
36 ret = (other[end_ - start_] == L'\0') ? 0 : -1;
37 return ret == 0;
38 }
39
Copy() const40 std::wstring HTMLScanner::StringRange::Copy() const {
41 return std::wstring(start_, end_);
42 }
43
GetTagName(std::wstring * tag_name) const44 bool HTMLScanner::StringRange::GetTagName(std::wstring* tag_name) const {
45 if (*start_ != L'<') {
46 LOG(ERROR) << "Badly formatted tag found";
47 return false;
48 }
49
50 StrPos name_start = start_;
51 name_start++;
52 while (name_start < end_ && IsWhitespace(*name_start))
53 name_start++;
54
55 if (name_start >= end_) {
56 // We seem to have a degenerate tag (i.e. < >). Return false here.
57 return false;
58 }
59
60 StrPos name_end = name_start + 1;
61 while (name_end < end_ && !IsWhitespace(*name_end))
62 name_end++;
63
64 if (name_end > end_) {
65 // This looks like an improperly formatted tab ('<foo'). Return false here.
66 return false;
67 }
68
69 tag_name->assign(name_start, name_end);
70 return true;
71 }
72
73
GetTagAttribute(const wchar_t * attribute_name,StringRange * attribute_value) const74 bool HTMLScanner::StringRange::GetTagAttribute(const wchar_t* attribute_name,
75 StringRange* attribute_value) const {
76 if (NULL == attribute_name || NULL == attribute_value) {
77 NOTREACHED();
78 return false;
79 }
80
81 // Use this so we can use the convenience method LowerCaseEqualsASCII()
82 // from string_util.h.
83 std::string search_name_ascii(WideToASCII(attribute_name));
84
85 base::WStringTokenizer tokenizer(start_, end_, L" =/");
86 tokenizer.set_options(base::WStringTokenizer::RETURN_DELIMS);
87
88 // Set up the quote chars so that we get quoted attribute values as single
89 // tokens.
90 tokenizer.set_quote_chars(L"\"'");
91
92 const bool PARSE_STATE_NAME = true;
93 const bool PARSE_STATE_VALUE = false;
94 bool parse_state = PARSE_STATE_NAME;
95
96 // Used to skip the first token, which is the tag name.
97 bool first_token_skipped = false;
98
99 // This is set during a loop iteration in which an '=' sign was spotted.
100 // It is used to filter out degenerate tags such as:
101 // <meta foo==bar>
102 bool last_token_was_delim = false;
103
104 // Set this if the attribute name has been found that we might then
105 // pick up the value in the next loop iteration.
106 bool attribute_name_found = false;
107
108 while (tokenizer.GetNext()) {
109 // If we have a whitespace delimiter, just keep going. Cases of this should
110 // be reduced by the CollapseWhitespace call. If we have an '=' character,
111 // we update our state and reiterate.
112 if (tokenizer.token_is_delim()) {
113 if (*tokenizer.token_begin() == L'=') {
114 if (last_token_was_delim) {
115 // Looks like we have a badly formed tag, just stop parsing now.
116 return false;
117 }
118 parse_state = !parse_state;
119 last_token_was_delim = true;
120 }
121 continue;
122 }
123
124 last_token_was_delim = false;
125
126 // The first non-delimiter token is the tag name, which we don't want.
127 if (!first_token_skipped) {
128 first_token_skipped = true;
129 continue;
130 }
131
132 if (PARSE_STATE_NAME == parse_state) {
133 // We have a tag name, check to see if it matches our target name:
134 if (::LowerCaseEqualsASCII(tokenizer.token_begin(), tokenizer.token_end(),
135 search_name_ascii.c_str())) {
136 attribute_name_found = true;
137 continue;
138 }
139 } else if (PARSE_STATE_VALUE == parse_state && attribute_name_found) {
140 attribute_value->start_ = tokenizer.token_begin();
141 attribute_value->end_ = tokenizer.token_end();
142
143 // Unquote the attribute value if need be.
144 attribute_value->UnQuote();
145
146 return true;
147 } else if (PARSE_STATE_VALUE == parse_state) {
148 // If we haven't found the attribute name we want yet, ignore this token
149 // and go back to looking for our name.
150 parse_state = PARSE_STATE_NAME;
151 }
152 }
153
154 return false;
155 }
156
UnQuote()157 bool HTMLScanner::StringRange::UnQuote() {
158 if (start_ + 2 > end_) {
159 // String's too short to be quoted, bail.
160 return false;
161 }
162
163 if ((*start_ == L'\'' && *(end_ - 1) == L'\'') ||
164 (*start_ == L'"' && *(end_ - 1) == L'"')) {
165 start_ = start_ + 1;
166 end_ = end_ - 1;
167 return true;
168 }
169
170 return false;
171 }
172
HTMLScanner(const wchar_t * html_string)173 HTMLScanner::HTMLScanner(const wchar_t* html_string)
174 : html_string_(CollapseWhitespace(html_string, true)),
175 quotes_(kQuotes) {
176 }
177
GetTagsByName(const wchar_t * name,StringRangeList * tag_list,const wchar_t * stop_tag)178 void HTMLScanner::GetTagsByName(const wchar_t* name, StringRangeList* tag_list,
179 const wchar_t* stop_tag) {
180 DCHECK(NULL != name);
181 DCHECK(NULL != tag_list);
182 DCHECK(NULL != stop_tag);
183
184 StringRange remaining_html(html_string_.begin(), html_string_.end());
185
186 std::wstring search_name(name);
187 TrimWhitespace(search_name, TRIM_ALL, &search_name);
188
189 // Use this so we can use the convenience method LowerCaseEqualsASCII()
190 // from string_util.h.
191 std::string search_name_ascii(WideToASCII(search_name));
192 std::string stop_tag_ascii(WideToASCII(stop_tag));
193
194 StringRange current_tag;
195 std::wstring current_name;
196 while (NextTag(&remaining_html, ¤t_tag)) {
197 if (current_tag.GetTagName(¤t_name)) {
198 if (LowerCaseEqualsASCII(current_name, search_name_ascii.c_str())) {
199 tag_list->push_back(current_tag);
200 } else if (LowerCaseEqualsASCII(current_name, stop_tag_ascii.c_str())) {
201 // We hit the stop tag so it's time to go home.
202 break;
203 }
204 }
205 }
206 }
207
208 struct ScanState {
209 bool in_quote;
210 bool in_escape;
211 wchar_t quote_char;
ScanStateScanState212 ScanState() : in_quote(false), in_escape(false) {}
213 };
214
IsQuote(wchar_t c)215 bool HTMLScanner::IsQuote(wchar_t c) {
216 return quotes_.find(c) != std::wstring::npos;
217 }
218
IsHTMLCommentClose(const StringRange * html_string,StrPos pos)219 bool HTMLScanner::IsHTMLCommentClose(const StringRange* html_string,
220 StrPos pos) {
221 if (pos < html_string->end_ && pos > html_string->start_ + 2 &&
222 *pos == L'>') {
223 return *(pos-1) == L'-' && *(pos-2) == L'-';
224 }
225 return false;
226 }
227
IsIEConditionalCommentClose(const StringRange * html_string,StrPos pos)228 bool HTMLScanner::IsIEConditionalCommentClose(const StringRange* html_string,
229 StrPos pos) {
230 if (pos < html_string->end_ && pos > html_string->start_ + 2 &&
231 *pos == L'>') {
232 return *(pos-1) == L']';
233 }
234 return false;
235 }
236
237
NextTag(StringRange * html_string,StringRange * tag)238 bool HTMLScanner::NextTag(StringRange* html_string, StringRange* tag) {
239 DCHECK(NULL != html_string);
240 DCHECK(NULL != tag);
241
242 tag->start_ = html_string->start_;
243 while (tag->start_ < html_string->end_ && *tag->start_ != L'<') {
244 tag->start_++;
245 }
246
247 // we went past the end of the string.
248 if (tag->start_ >= html_string->end_) {
249 return false;
250 }
251
252 tag->end_ = tag->start_ + 1;
253
254 // Get the tag name to see if we are in an HTML comment. If we are, then
255 // don't consider quotes. This should work for example:
256 // <!-- foo ' --> <meta foo='bar'>
257 std::wstring tag_name;
258 StringRange start_range(tag->start_, html_string->end_);
259 start_range.GetTagName(&tag_name);
260 if (StartsWith(tag_name, L"!--[if", true)) {
261 // This looks like the beginning of an IE conditional comment, scan until
262 // we hit the end which always looks like ']>'. For now we disregard the
263 // contents of the condition, and always assume true.
264 // TODO(robertshield): Optionally support the grammar defined by
265 // http://msdn.microsoft.com/en-us/library/ms537512(VS.85).aspx#syntax.
266 while (tag->end_ < html_string->end_ &&
267 !IsIEConditionalCommentClose(html_string, tag->end_)) {
268 tag->end_++;
269 }
270 } else if (StartsWith(tag_name, L"!--", true)) {
271 // We're inside a comment tag which ends in '-->'. Keep going until we
272 // reach the end.
273 while (tag->end_ < html_string->end_ &&
274 !IsHTMLCommentClose(html_string, tag->end_)) {
275 tag->end_++;
276 }
277 } else if (StartsWith(tag_name, L"![endif", true)) {
278 // We're inside the closing tag of an IE conditional comment which ends in
279 // either '-->' of ']>'. Keep going until we reach the end.
280 while (tag->end_ < html_string->end_ &&
281 !IsIEConditionalCommentClose(html_string, tag->end_) &&
282 !IsHTMLCommentClose(html_string, tag->end_)) {
283 tag->end_++;
284 }
285 } else {
286 // Properly handle quoted strings within non-comment tags by maintaining
287 // some state while scanning. Specifically, we have to maintain state on
288 // whether we are inside a string, what the string terminating character
289 // will be and whether we are inside an escape sequence.
290 ScanState state;
291 while (tag->end_ < html_string->end_) {
292 if (state.in_quote) {
293 if (state.in_escape) {
294 state.in_escape = false;
295 } else if (*tag->end_ == '\\') {
296 state.in_escape = true;
297 } else if (*tag->end_ == state.quote_char) {
298 state.in_quote = false;
299 }
300 } else {
301 state.in_quote = IsQuote(state.quote_char = *tag->end_);
302 }
303
304 if (!state.in_quote && *tag->end_ == L'>') {
305 break;
306 }
307 tag->end_++;
308 }
309 }
310
311 // We hit the end_ but found no matching tag closure. Consider this an
312 // incomplete tag and do not report it.
313 if (tag->end_ >= html_string->end_)
314 return false;
315
316 // Modify html_string to point to just beyond the end_ of the current tag.
317 html_string->start_ = tag->end_ + 1;
318
319 return true;
320 }
321
322 namespace http_utils {
323
324 const char kChromeFrameUserAgent[] = "chromeframe";
325 static char g_cf_user_agent[100] = {0};
326 static char g_chrome_user_agent[255] = {0};
327
GetChromeFrameUserAgent()328 const char* GetChromeFrameUserAgent() {
329 if (!g_cf_user_agent[0]) {
330 _pAtlModule->m_csStaticDataInitAndTypeInfo.Lock();
331 if (!g_cf_user_agent[0]) {
332 uint32 high_version = 0, low_version = 0;
333 GetModuleVersion(reinterpret_cast<HMODULE>(&__ImageBase), &high_version,
334 &low_version);
335 wsprintfA(g_cf_user_agent, "%s/%i.%i.%i.%i", kChromeFrameUserAgent,
336 HIWORD(high_version), LOWORD(high_version),
337 HIWORD(low_version), LOWORD(low_version));
338 }
339 _pAtlModule->m_csStaticDataInitAndTypeInfo.Unlock();
340 }
341 return g_cf_user_agent;
342 }
343
AddChromeFrameToUserAgentValue(const std::string & value)344 std::string AddChromeFrameToUserAgentValue(const std::string& value) {
345 if (value.empty()) {
346 return value;
347 }
348
349 if (value.find(kChromeFrameUserAgent) != std::string::npos) {
350 // Our user agent has already been added.
351 return value;
352 }
353
354 std::string ret(value);
355 size_t insert_position = ret.find(')');
356 if (insert_position != std::string::npos) {
357 if (insert_position > 1 && isalnum(ret[insert_position - 1]))
358 ret.insert(insert_position++, ";");
359 ret.insert(insert_position++, " ");
360 ret.insert(insert_position, GetChromeFrameUserAgent());
361 } else {
362 ret += " ";
363 ret += GetChromeFrameUserAgent();
364 }
365
366 return ret;
367 }
368
RemoveChromeFrameFromUserAgentValue(const std::string & value)369 std::string RemoveChromeFrameFromUserAgentValue(const std::string& value) {
370 size_t cf_start = value.find(kChromeFrameUserAgent);
371 if (cf_start == std::string::npos) {
372 // The user agent is not present.
373 return value;
374 }
375
376 size_t offset = 0;
377 // If we prepended a '; ' or a ' ' then remove that in the output.
378 if (cf_start > 1 && value[cf_start - 1] == ' ')
379 ++offset;
380 if (cf_start > 3 &&
381 value[cf_start - 2] == ';' &&
382 isalnum(value[cf_start - 3])) {
383 ++offset;
384 }
385
386 std::string ret(value, 0, std::max(cf_start - offset, 0U));
387 cf_start += strlen(kChromeFrameUserAgent);
388 while (cf_start < value.length() &&
389 ((value[cf_start] >= '0' && value[cf_start] <= '9') ||
390 value[cf_start] == '.' ||
391 value[cf_start] == '/')) {
392 ++cf_start;
393 }
394
395 if (cf_start < value.length())
396 ret.append(value, cf_start, std::string::npos);
397
398 return ret;
399 }
400
GetDefaultUserAgentHeaderWithCFTag()401 std::string GetDefaultUserAgentHeaderWithCFTag() {
402 std::string ua(GetDefaultUserAgent());
403 return "User-Agent: " + AddChromeFrameToUserAgentValue(ua);
404 }
405
GetChromeUserAgent()406 const char* GetChromeUserAgent() {
407 if (!g_chrome_user_agent[0]) {
408 _pAtlModule->m_csStaticDataInitAndTypeInfo.Lock();
409 if (!g_chrome_user_agent[0]) {
410 std::string ua;
411
412 chrome::VersionInfo version_info;
413 std::string product("Chrome/");
414 product += version_info.is_valid() ? version_info.Version()
415 : "0.0.0.0";
416
417 ua = webkit_glue::BuildUserAgentFromProduct(product);
418
419 DCHECK(ua.length() < arraysize(g_chrome_user_agent));
420 lstrcpynA(g_chrome_user_agent, ua.c_str(),
421 arraysize(g_chrome_user_agent) - 1);
422 }
423 _pAtlModule->m_csStaticDataInitAndTypeInfo.Unlock();
424 }
425 return g_chrome_user_agent;
426 }
427
GetDefaultUserAgent()428 std::string GetDefaultUserAgent() {
429 std::string ret;
430 DWORD size = MAX_PATH;
431 HRESULT hr = E_OUTOFMEMORY;
432 for (int retries = 1; hr == E_OUTOFMEMORY && retries <= 10; ++retries) {
433 hr = ::ObtainUserAgentString(0, WriteInto(&ret, size + 1), &size);
434 if (hr == E_OUTOFMEMORY) {
435 size = MAX_PATH * retries;
436 } else if (SUCCEEDED(hr)) {
437 // Truncate the extra allocation.
438 DCHECK_GT(size, 0U);
439 ret.resize(size - 1);
440 }
441 }
442
443 if (FAILED(hr)) {
444 NOTREACHED() << base::StringPrintf("ObtainUserAgentString==0x%08X", hr);
445 return std::string();
446 }
447
448 return ret;
449 }
450
HasFrameBustingHeader(const std::string & http_headers)451 bool HasFrameBustingHeader(const std::string& http_headers) {
452 // NOTE: We cannot use net::GetSpecificHeader() here since when there are
453 // multiple instances of a header that returns the first value seen, and we
454 // need to look at all instances.
455 net::HttpUtil::HeadersIterator it(http_headers.begin(), http_headers.end(),
456 "\r\n");
457 while (it.GetNext()) {
458 if (!lstrcmpiA(it.name().c_str(), kXFrameOptionsHeader) &&
459 lstrcmpiA(it.values().c_str(), kXFrameOptionsValueAllowAll))
460 return true;
461 }
462 return false;
463 }
464
GetHttpHeaderFromHeaderList(const std::string & header,const std::string & headers)465 std::string GetHttpHeaderFromHeaderList(const std::string& header,
466 const std::string& headers) {
467 net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(), "\r\n");
468 while (it.GetNext()) {
469 if (!lstrcmpiA(it.name().c_str(), header.c_str()))
470 return std::string(it.values_begin(), it.values_end());
471 }
472 return std::string();
473 }
474
475 } // namespace http_utils
476