• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "url/url_canon.h"
6 #include "url/url_canon_internal.h"
7 
8 // Query canonicalization in IE
9 // ----------------------------
10 // IE is very permissive for query parameters specified in links on the page
11 // (in contrast to links that it constructs itself based on form data). It does
12 // not unescape any character. It does not reject any escape sequence (be they
13 // invalid like "%2y" or freaky like %00).
14 //
15 // IE only escapes spaces and nothing else. Embedded NULLs, tabs (0x09),
16 // LF (0x0a), and CR (0x0d) are removed (this probably happens at an earlier
17 // layer since they are removed from all portions of the URL). All other
18 // characters are passed unmodified. Invalid UTF-16 sequences are preserved as
19 // well, with each character in the input being converted to UTF-8. It is the
20 // server's job to make sense of this invalid query.
21 //
22 // Invalid multibyte sequences (for example, invalid UTF-8 on a UTF-8 page)
23 // are converted to the invalid character and sent as unescaped UTF-8 (0xef,
24 // 0xbf, 0xbd). This may not be canonicalization, the parser may generate these
25 // strings before the URL handler ever sees them.
26 //
27 // Our query canonicalization
28 // --------------------------
29 // We escape all non-ASCII characters and control characters, like Firefox.
30 // This is more conformant to the URL spec, and there do not seem to be many
31 // problems relating to Firefox's behavior.
32 //
33 // Like IE, we will never unescape (although the application may want to try
34 // unescaping to present the user with a more understandable URL). We will
35 // replace all invalid sequences (including invalid UTF-16 sequences, which IE
36 // doesn't) with the "invalid character," and we will escape it.
37 
38 namespace url {
39 
40 namespace {
41 
42 // Returns true if the characters starting at |begin| and going until |end|
43 // (non-inclusive) are all representable in 7-bits.
44 template<typename CHAR, typename UCHAR>
IsAllASCII(const CHAR * spec,const Component & query)45 bool IsAllASCII(const CHAR* spec, const Component& query) {
46   int end = query.end();
47   for (int i = query.begin; i < end; i++) {
48     if (static_cast<UCHAR>(spec[i]) >= 0x80)
49       return false;
50   }
51   return true;
52 }
53 
54 // Appends the given string to the output, escaping characters that do not
55 // match the given |type| in SharedCharTypes. This version will accept 8 or 16
56 // bit characters, but assumes that they have only 7-bit values. It also assumes
57 // that all UTF-8 values are correct, so doesn't bother checking
58 template<typename CHAR>
AppendRaw8BitQueryString(const CHAR * source,int length,CanonOutput * output)59 void AppendRaw8BitQueryString(const CHAR* source, int length,
60                               CanonOutput* output) {
61   for (int i = 0; i < length; i++) {
62     if (!IsQueryChar(static_cast<unsigned char>(source[i])))
63       AppendEscapedChar(static_cast<unsigned char>(source[i]), output);
64     else  // Doesn't need escaping.
65       output->push_back(static_cast<char>(source[i]));
66   }
67 }
68 
69 // Runs the converter on the given UTF-8 input. Since the converter expects
70 // UTF-16, we have to convert first. The converter must be non-NULL.
RunConverter(const char * spec,const Component & query,CharsetConverter * converter,CanonOutput * output)71 void RunConverter(const char* spec,
72                   const Component& query,
73                   CharsetConverter* converter,
74                   CanonOutput* output) {
75   // This function will replace any misencoded values with the invalid
76   // character. This is what we want so we don't have to check for error.
77   RawCanonOutputW<1024> utf16;
78   ConvertUTF8ToUTF16(&spec[query.begin], query.len, &utf16);
79   converter->ConvertFromUTF16(utf16.data(), utf16.length(), output);
80 }
81 
82 // Runs the converter with the given UTF-16 input. We don't have to do
83 // anything, but this overriddden function allows us to use the same code
84 // for both UTF-8 and UTF-16 input.
RunConverter(const base::char16 * spec,const Component & query,CharsetConverter * converter,CanonOutput * output)85 void RunConverter(const base::char16* spec,
86                   const Component& query,
87                   CharsetConverter* converter,
88                   CanonOutput* output) {
89   converter->ConvertFromUTF16(&spec[query.begin], query.len, output);
90 }
91 
92 template<typename CHAR, typename UCHAR>
DoConvertToQueryEncoding(const CHAR * spec,const Component & query,CharsetConverter * converter,CanonOutput * output)93 void DoConvertToQueryEncoding(const CHAR* spec,
94                               const Component& query,
95                               CharsetConverter* converter,
96                               CanonOutput* output) {
97   if (IsAllASCII<CHAR, UCHAR>(spec, query)) {
98     // Easy: the input can just appended with no character set conversions.
99     AppendRaw8BitQueryString(&spec[query.begin], query.len, output);
100 
101   } else {
102     // Harder: convert to the proper encoding first.
103     if (converter) {
104       // Run the converter to get an 8-bit string, then append it, escaping
105       // necessary values.
106       RawCanonOutput<1024> eight_bit;
107       RunConverter(spec, query, converter, &eight_bit);
108       AppendRaw8BitQueryString(eight_bit.data(), eight_bit.length(), output);
109 
110     } else {
111       // No converter, do our own UTF-8 conversion.
112       AppendStringOfType(&spec[query.begin], query.len, CHAR_QUERY, output);
113     }
114   }
115 }
116 
117 template<typename CHAR, typename UCHAR>
DoCanonicalizeQuery(const CHAR * spec,const Component & query,CharsetConverter * converter,CanonOutput * output,Component * out_query)118 void DoCanonicalizeQuery(const CHAR* spec,
119                          const Component& query,
120                          CharsetConverter* converter,
121                          CanonOutput* output,
122                          Component* out_query) {
123   if (query.len < 0) {
124     *out_query = Component();
125     return;
126   }
127 
128   output->push_back('?');
129   out_query->begin = output->length();
130 
131   DoConvertToQueryEncoding<CHAR, UCHAR>(spec, query, converter, output);
132 
133   out_query->len = output->length() - out_query->begin;
134 }
135 
136 }  // namespace
137 
CanonicalizeQuery(const char * spec,const Component & query,CharsetConverter * converter,CanonOutput * output,Component * out_query)138 void CanonicalizeQuery(const char* spec,
139                        const Component& query,
140                        CharsetConverter* converter,
141                        CanonOutput* output,
142                        Component* out_query) {
143   DoCanonicalizeQuery<char, unsigned char>(spec, query, converter,
144                                            output, out_query);
145 }
146 
CanonicalizeQuery(const base::char16 * spec,const Component & query,CharsetConverter * converter,CanonOutput * output,Component * out_query)147 void CanonicalizeQuery(const base::char16* spec,
148                        const Component& query,
149                        CharsetConverter* converter,
150                        CanonOutput* output,
151                        Component* out_query) {
152   DoCanonicalizeQuery<base::char16, base::char16>(spec, query, converter,
153                                                   output, out_query);
154 }
155 
ConvertUTF16ToQueryEncoding(const base::char16 * input,const Component & query,CharsetConverter * converter,CanonOutput * output)156 void ConvertUTF16ToQueryEncoding(const base::char16* input,
157                                  const Component& query,
158                                  CharsetConverter* converter,
159                                  CanonOutput* output) {
160   DoConvertToQueryEncoding<base::char16, base::char16>(input, query,
161                                                        converter, output);
162 }
163 
164 }  // namespace url
165