blob: 3aaa8eed8c337e79d9888a455f39ff3fee4b5a36 [file] [log] [blame]
/*
* Copyright (C) 2010 Google Inc. All rights reserved.
* Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "FormSubmission.h"
#include "ContentSecurityPolicy.h"
#include "DOMFormData.h"
#include "Document.h"
#include "Event.h"
#include "FormData.h"
#include "FormDataBuilder.h"
#include "FormState.h"
#include "Frame.h"
#include "FrameLoadRequest.h"
#include "FrameLoader.h"
#include "HTMLFormControlElement.h"
#include "HTMLFormElement.h"
#include "HTMLInputElement.h"
#include "HTMLNames.h"
#include "HTMLParserIdioms.h"
#include "ScriptDisallowedScope.h"
#include "SecurityPolicy.h"
#include "TextEncoding.h"
#include <wtf/WallTime.h>
namespace WebCore {
using namespace HTMLNames;
static int64_t generateFormDataIdentifier()
{
// Initialize to the current time to reduce the likelihood of generating
// identifiers that overlap with those from past/future browser sessions.
static int64_t nextIdentifier = static_cast<int64_t>(WallTime::now().secondsSinceEpoch().microseconds());
return ++nextIdentifier;
}
static void appendMailtoPostFormDataToURL(URL& url, const FormData& data, const String& encodingType)
{
String body = data.flattenToString();
if (equalLettersIgnoringASCIICase(encodingType, "text/plain")) {
// Convention seems to be to decode, and s/&/\r\n/. Also, spaces are encoded as %20.
body = decodeURLEscapeSequences(makeString(body.replaceWithLiteral('&', "\r\n").replace('+', ' '), "\r\n"));
}
Vector<char> bodyData;
bodyData.append("body=", 5);
FormDataBuilder::encodeStringAsFormData(bodyData, body.utf8());
body = String(bodyData.data(), bodyData.size()).replaceWithLiteral('+', "%20");
String query = url.query();
if (query.isEmpty())
url.setQuery(body);
else
url.setQuery(query + '&' + body);
}
void FormSubmission::Attributes::parseAction(const String& action)
{
// FIXME: Can we parse into a URL?
m_action = stripLeadingAndTrailingHTMLSpaces(action);
}
String FormSubmission::Attributes::parseEncodingType(const String& type)
{
if (equalLettersIgnoringASCIICase(type, "multipart/form-data"))
return "multipart/form-data"_s;
if (equalLettersIgnoringASCIICase(type, "text/plain"))
return "text/plain"_s;
return "application/x-www-form-urlencoded"_s;
}
void FormSubmission::Attributes::updateEncodingType(const String& type)
{
m_encodingType = parseEncodingType(type);
m_isMultiPartForm = (m_encodingType == "multipart/form-data");
}
FormSubmission::Method FormSubmission::Attributes::parseMethodType(const String& type)
{
return equalLettersIgnoringASCIICase(type, "post") ? FormSubmission::Method::Post : FormSubmission::Method::Get;
}
void FormSubmission::Attributes::updateMethodType(const String& type)
{
m_method = parseMethodType(type);
}
inline FormSubmission::FormSubmission(Method method, const URL& action, const String& target, const String& contentType, Ref<FormState>&& state, Ref<FormData>&& data, const String& boundary, LockHistory lockHistory, Event* event)
: m_method(method)
, m_action(action)
, m_target(target)
, m_contentType(contentType)
, m_formState(WTFMove(state))
, m_formData(WTFMove(data))
, m_boundary(boundary)
, m_lockHistory(lockHistory)
, m_event(event)
{
}
static TextEncoding encodingFromAcceptCharset(const String& acceptCharset, Document& document)
{
String normalizedAcceptCharset = acceptCharset;
normalizedAcceptCharset.replace(',', ' ');
for (auto& charset : normalizedAcceptCharset.split(' ')) {
TextEncoding encoding(charset);
if (encoding.isValid())
return encoding;
}
return document.textEncoding();
}
Ref<FormSubmission> FormSubmission::create(HTMLFormElement& form, const Attributes& attributes, Event* event, LockHistory lockHistory, FormSubmissionTrigger trigger)
{
auto copiedAttributes = attributes;
if (auto* submitButton = form.findSubmitButton(event)) {
AtomString attributeValue;
if (!(attributeValue = submitButton->attributeWithoutSynchronization(formactionAttr)).isNull())
copiedAttributes.parseAction(attributeValue);
if (!(attributeValue = submitButton->attributeWithoutSynchronization(formenctypeAttr)).isNull())
copiedAttributes.updateEncodingType(attributeValue);
if (!(attributeValue = submitButton->attributeWithoutSynchronization(formmethodAttr)).isNull())
copiedAttributes.updateMethodType(attributeValue);
if (!(attributeValue = submitButton->attributeWithoutSynchronization(formtargetAttr)).isNull())
copiedAttributes.setTarget(attributeValue);
}
auto& document = form.document();
auto actionURL = document.completeURL(copiedAttributes.action().isEmpty() ? document.url().string() : copiedAttributes.action());
bool isMailtoForm = actionURL.protocolIs("mailto");
bool isMultiPartForm = false;
auto encodingType = copiedAttributes.encodingType();
document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(actionURL, ContentSecurityPolicy::InsecureRequestType::FormSubmission);
if (copiedAttributes.method() == Method::Post) {
isMultiPartForm = copiedAttributes.isMultiPartForm();
if (isMultiPartForm && isMailtoForm) {
encodingType = "application/x-www-form-urlencoded";
isMultiPartForm = false;
}
}
auto dataEncoding = isMailtoForm ? UTF8Encoding() : encodingFromAcceptCharset(copiedAttributes.acceptCharset(), document);
auto domFormData = DOMFormData::create(dataEncoding.encodingForFormSubmissionOrURLParsing());
StringPairVector formValues;
bool containsPasswordData = false;
for (auto& control : form.copyAssociatedElementsVector()) {
auto& element = control->asHTMLElement();
if (!element.isDisabledFormControl())
control->appendFormData(domFormData, isMultiPartForm);
if (is<HTMLInputElement>(element)) {
auto& input = downcast<HTMLInputElement>(element);
if (input.isTextField()) {
formValues.append({ input.name(), input.value() });
input.addSearchResult();
}
if (input.isPasswordField() && !input.value().isEmpty())
containsPasswordData = true;
}
}
RefPtr<FormData> formData;
String boundary;
if (isMultiPartForm) {
formData = FormData::createMultiPart(domFormData);
boundary = formData->boundary().data();
} else {
formData = FormData::create(domFormData, attributes.method() == Method::Get ? FormData::FormURLEncoded : FormData::parseEncodingType(encodingType));
if (copiedAttributes.method() == Method::Post && isMailtoForm) {
// Convert the form data into a string that we put into the URL.
appendMailtoPostFormDataToURL(actionURL, *formData, encodingType);
formData = FormData::create();
}
}
formData->setIdentifier(generateFormDataIdentifier());
formData->setContainsPasswordData(containsPasswordData);
auto formState = FormState::create(form, WTFMove(formValues), document, trigger);
return adoptRef(*new FormSubmission(copiedAttributes.method(), actionURL, form.effectiveTarget(event), encodingType, WTFMove(formState), formData.releaseNonNull(), boundary, lockHistory, event));
}
URL FormSubmission::requestURL() const
{
if (m_method == Method::Post)
return m_action;
URL requestURL(m_action);
requestURL.setQuery(m_formData->flattenToString());
return requestURL;
}
void FormSubmission::populateFrameLoadRequest(FrameLoadRequest& frameRequest)
{
if (!m_target.isEmpty())
frameRequest.setFrameName(m_target);
if (!m_referrer.isEmpty())
frameRequest.resourceRequest().setHTTPReferrer(m_referrer);
if (m_method == Method::Post) {
frameRequest.resourceRequest().setHTTPMethod("POST");
frameRequest.resourceRequest().setHTTPBody(m_formData.copyRef());
// construct some user headers if necessary
if (m_boundary.isEmpty())
frameRequest.resourceRequest().setHTTPContentType(m_contentType);
else
frameRequest.resourceRequest().setHTTPContentType(m_contentType + "; boundary=" + m_boundary);
}
frameRequest.resourceRequest().setURL(requestURL());
if (doesRequestNeedHTTPOriginHeader(frameRequest.resourceRequest())) {
auto securityOrigin = SecurityOrigin::createFromString(m_origin);
auto origin = SecurityPolicy::generateOriginHeader(frameRequest.requester().referrerPolicy(), frameRequest.resourceRequest().url(), securityOrigin);
frameRequest.resourceRequest().setHTTPOrigin(origin);
}
}
}