1 /*
2 * Copyright (C) 2010 Apple Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
26
27 #include "config.h"
28 #include "platform/weborigin/SchemeRegistry.h"
29
30 #include "wtf/MainThread.h"
31
32 namespace WebCore {
33
localURLSchemes()34 static URLSchemesMap& localURLSchemes()
35 {
36 DEFINE_STATIC_LOCAL(URLSchemesMap, localSchemes, ());
37
38 if (localSchemes.isEmpty())
39 localSchemes.add("file");
40
41 return localSchemes;
42 }
43
displayIsolatedURLSchemes()44 static URLSchemesMap& displayIsolatedURLSchemes()
45 {
46 DEFINE_STATIC_LOCAL(URLSchemesMap, displayIsolatedSchemes, ());
47 return displayIsolatedSchemes;
48 }
49
secureSchemes()50 static URLSchemesMap& secureSchemes()
51 {
52 DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ());
53
54 if (secureSchemes.isEmpty()) {
55 secureSchemes.add("https");
56 secureSchemes.add("about");
57 secureSchemes.add("data");
58 secureSchemes.add("wss");
59 }
60
61 return secureSchemes;
62 }
63
schemesWithUniqueOrigins()64 static URLSchemesMap& schemesWithUniqueOrigins()
65 {
66 DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
67
68 if (schemesWithUniqueOrigins.isEmpty()) {
69 schemesWithUniqueOrigins.add("about");
70 schemesWithUniqueOrigins.add("javascript");
71 // This is a willful violation of HTML5.
72 // See https://bugs.webkit.org/show_bug.cgi?id=11885
73 schemesWithUniqueOrigins.add("data");
74 }
75
76 return schemesWithUniqueOrigins;
77 }
78
emptyDocumentSchemes()79 static URLSchemesMap& emptyDocumentSchemes()
80 {
81 DEFINE_STATIC_LOCAL(URLSchemesMap, emptyDocumentSchemes, ());
82
83 if (emptyDocumentSchemes.isEmpty())
84 emptyDocumentSchemes.add("about");
85
86 return emptyDocumentSchemes;
87 }
88
schemesForbiddenFromDomainRelaxation()89 static HashSet<String>& schemesForbiddenFromDomainRelaxation()
90 {
91 DEFINE_STATIC_LOCAL(HashSet<String>, schemes, ());
92 return schemes;
93 }
94
canDisplayOnlyIfCanRequestSchemes()95 static URLSchemesMap& canDisplayOnlyIfCanRequestSchemes()
96 {
97 DEFINE_STATIC_LOCAL(URLSchemesMap, canDisplayOnlyIfCanRequestSchemes, ());
98
99 if (canDisplayOnlyIfCanRequestSchemes.isEmpty()) {
100 canDisplayOnlyIfCanRequestSchemes.add("blob");
101 canDisplayOnlyIfCanRequestSchemes.add("filesystem");
102 }
103
104 return canDisplayOnlyIfCanRequestSchemes;
105 }
106
notAllowingJavascriptURLsSchemes()107 static URLSchemesMap& notAllowingJavascriptURLsSchemes()
108 {
109 DEFINE_STATIC_LOCAL(URLSchemesMap, notAllowingJavascriptURLsSchemes, ());
110 return notAllowingJavascriptURLsSchemes;
111 }
112
registerURLSchemeAsLocal(const String & scheme)113 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme)
114 {
115 localURLSchemes().add(scheme);
116 }
117
removeURLSchemeRegisteredAsLocal(const String & scheme)118 void SchemeRegistry::removeURLSchemeRegisteredAsLocal(const String& scheme)
119 {
120 if (scheme == "file")
121 return;
122 localURLSchemes().remove(scheme);
123 }
124
localSchemes()125 const URLSchemesMap& SchemeRegistry::localSchemes()
126 {
127 return localURLSchemes();
128 }
129
CORSEnabledSchemes()130 static URLSchemesMap& CORSEnabledSchemes()
131 {
132 // FIXME: http://bugs.webkit.org/show_bug.cgi?id=77160
133 DEFINE_STATIC_LOCAL(URLSchemesMap, CORSEnabledSchemes, ());
134
135 if (CORSEnabledSchemes.isEmpty()) {
136 CORSEnabledSchemes.add("http");
137 CORSEnabledSchemes.add("https");
138 CORSEnabledSchemes.add("data");
139 }
140
141 return CORSEnabledSchemes;
142 }
143
ContentSecurityPolicyBypassingSchemes()144 static URLSchemesMap& ContentSecurityPolicyBypassingSchemes()
145 {
146 DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ());
147 return schemes;
148 }
149
shouldTreatURLSchemeAsLocal(const String & scheme)150 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme)
151 {
152 if (scheme.isEmpty())
153 return false;
154 return localURLSchemes().contains(scheme);
155 }
156
registerURLSchemeAsNoAccess(const String & scheme)157 void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme)
158 {
159 schemesWithUniqueOrigins().add(scheme);
160 }
161
shouldTreatURLSchemeAsNoAccess(const String & scheme)162 bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme)
163 {
164 if (scheme.isEmpty())
165 return false;
166 return schemesWithUniqueOrigins().contains(scheme);
167 }
168
registerURLSchemeAsDisplayIsolated(const String & scheme)169 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme)
170 {
171 displayIsolatedURLSchemes().add(scheme);
172 }
173
shouldTreatURLSchemeAsDisplayIsolated(const String & scheme)174 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(const String& scheme)
175 {
176 if (scheme.isEmpty())
177 return false;
178 return displayIsolatedURLSchemes().contains(scheme);
179 }
180
registerURLSchemeAsSecure(const String & scheme)181 void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme)
182 {
183 secureSchemes().add(scheme);
184 }
185
shouldTreatURLSchemeAsSecure(const String & scheme)186 bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme)
187 {
188 if (scheme.isEmpty())
189 return false;
190 return secureSchemes().contains(scheme);
191 }
192
registerURLSchemeAsEmptyDocument(const String & scheme)193 void SchemeRegistry::registerURLSchemeAsEmptyDocument(const String& scheme)
194 {
195 emptyDocumentSchemes().add(scheme);
196 }
197
shouldLoadURLSchemeAsEmptyDocument(const String & scheme)198 bool SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(const String& scheme)
199 {
200 if (scheme.isEmpty())
201 return false;
202 return emptyDocumentSchemes().contains(scheme);
203 }
204
setDomainRelaxationForbiddenForURLScheme(bool forbidden,const String & scheme)205 void SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String& scheme)
206 {
207 if (scheme.isEmpty())
208 return;
209
210 if (forbidden)
211 schemesForbiddenFromDomainRelaxation().add(scheme);
212 else
213 schemesForbiddenFromDomainRelaxation().remove(scheme);
214 }
215
isDomainRelaxationForbiddenForURLScheme(const String & scheme)216 bool SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(const String& scheme)
217 {
218 if (scheme.isEmpty())
219 return false;
220 return schemesForbiddenFromDomainRelaxation().contains(scheme);
221 }
222
canDisplayOnlyIfCanRequest(const String & scheme)223 bool SchemeRegistry::canDisplayOnlyIfCanRequest(const String& scheme)
224 {
225 if (scheme.isEmpty())
226 return false;
227 return canDisplayOnlyIfCanRequestSchemes().contains(scheme);
228 }
229
registerAsCanDisplayOnlyIfCanRequest(const String & scheme)230 void SchemeRegistry::registerAsCanDisplayOnlyIfCanRequest(const String& scheme)
231 {
232 canDisplayOnlyIfCanRequestSchemes().add(scheme);
233 }
234
registerURLSchemeAsNotAllowingJavascriptURLs(const String & scheme)235 void SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
236 {
237 notAllowingJavascriptURLsSchemes().add(scheme);
238 }
239
shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String & scheme)240 bool SchemeRegistry::shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
241 {
242 if (scheme.isEmpty())
243 return false;
244 return notAllowingJavascriptURLsSchemes().contains(scheme);
245 }
246
registerURLSchemeAsCORSEnabled(const String & scheme)247 void SchemeRegistry::registerURLSchemeAsCORSEnabled(const String& scheme)
248 {
249 CORSEnabledSchemes().add(scheme);
250 }
251
shouldTreatURLSchemeAsCORSEnabled(const String & scheme)252 bool SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(const String& scheme)
253 {
254 if (scheme.isEmpty())
255 return false;
256 return CORSEnabledSchemes().contains(scheme);
257 }
258
registerURLSchemeAsBypassingContentSecurityPolicy(const String & scheme)259 void SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme)
260 {
261 ContentSecurityPolicyBypassingSchemes().add(scheme);
262 }
263
removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String & scheme)264 void SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme)
265 {
266 ContentSecurityPolicyBypassingSchemes().remove(scheme);
267 }
268
schemeShouldBypassContentSecurityPolicy(const String & scheme)269 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy(const String& scheme)
270 {
271 if (scheme.isEmpty())
272 return false;
273 return ContentSecurityPolicyBypassingSchemes().contains(scheme);
274 }
275
276 } // namespace WebCore
277