blob: f9e3cbf3c70719d209322214f554a4666f239d41 [file] [log] [blame]
/*
* Copyright (C) 2004-2019 Apple Inc. All rights reserved.
* Copyright (C) 2012 Research In Motion Limited. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include <wtf/URL.h>
#include "URLParser.h"
#include <stdio.h>
#include <unicode/uidna.h>
#include <wtf/HashMap.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/StdLibExtras.h>
#include <wtf/UUID.h>
#include <wtf/text/CString.h>
#include <wtf/text/StringBuilder.h>
#include <wtf/text/StringConcatenateNumbers.h>
#include <wtf/text/StringHash.h>
#include <wtf/text/TextStream.h>
namespace WTF {
typedef Vector<char, 512> CharBuffer;
typedef Vector<UChar, 512> UCharBuffer;
static constexpr unsigned invalidPortNumber = 0xFFFF;
// Copies the source to the destination, assuming all the source characters are
// ASCII. The destination buffer must be large enough. Null characters are allowed
// in the source string, and no attempt is made to null-terminate the result.
static void copyASCII(const String& string, char* dest)
{
if (string.isEmpty())
return;
if (string.is8Bit())
memcpy(dest, string.characters8(), string.length());
else {
const UChar* src = string.characters16();
size_t length = string.length();
for (size_t i = 0; i < length; i++)
dest[i] = static_cast<char>(src[i]);
}
}
void URL::invalidate()
{
m_isValid = false;
m_protocolIsInHTTPFamily = false;
m_cannotBeABaseURL = false;
m_schemeEnd = 0;
m_userStart = 0;
m_userEnd = 0;
m_passwordEnd = 0;
m_hostEnd = 0;
m_portLength = 0;
m_pathEnd = 0;
m_pathAfterLastSlash = 0;
m_queryEnd = 0;
}
URL::URL(const URL& base, const String& relative, const URLTextEncoding* encoding)
{
URLParser parser(relative, base, encoding);
*this = parser.result();
}
static bool shouldTrimFromURL(UChar c)
{
// Browsers ignore leading/trailing whitespace and control
// characters from URLs. Note that c is an *unsigned* char here
// so this comparison should only catch control characters.
return c <= ' ';
}
URL URL::isolatedCopy() const
{
URL result = *this;
result.m_string = result.m_string.isolatedCopy();
return result;
}
String URL::lastPathComponent() const
{
if (!hasPath())
return String();
unsigned end = m_pathEnd - 1;
if (m_string[end] == '/')
--end;
size_t start = m_string.reverseFind('/', end);
if (start < static_cast<unsigned>(m_hostEnd + m_portLength))
return String();
++start;
return m_string.substring(start, end - start + 1);
}
StringView URL::protocol() const
{
return StringView(m_string).substring(0, m_schemeEnd);
}
StringView URL::host() const
{
unsigned start = hostStart();
return StringView(m_string).substring(start, m_hostEnd - start);
}
Optional<uint16_t> URL::port() const
{
if (!m_portLength)
return WTF::nullopt;
bool ok = false;
unsigned number;
if (m_string.is8Bit())
number = charactersToUIntStrict(m_string.characters8() + m_hostEnd + 1, m_portLength - 1, &ok);
else
number = charactersToUIntStrict(m_string.characters16() + m_hostEnd + 1, m_portLength - 1, &ok);
if (!ok || number > std::numeric_limits<uint16_t>::max())
return WTF::nullopt;
return number;
}
String URL::hostAndPort() const
{
if (auto port = this->port())
return makeString(host(), ':', static_cast<unsigned>(port.value()));
return host().toString();
}
String URL::protocolHostAndPort() const
{
String result = m_string.substring(0, m_hostEnd + m_portLength);
if (m_passwordEnd - m_userStart > 0) {
const int allowForTrailingAtSign = 1;
result.remove(m_userStart, m_passwordEnd - m_userStart + allowForTrailingAtSign);
}
return result;
}
static String decodeEscapeSequencesFromParsedURL(StringView input)
{
auto inputLength = input.length();
if (!inputLength)
return emptyString();
Vector<LChar> percentDecoded;
percentDecoded.reserveInitialCapacity(inputLength);
for (unsigned i = 0; i < inputLength; ++i) {
if (input[i] == '%'
&& inputLength > 2
&& i < inputLength - 2
&& isASCIIHexDigit(input[i + 1])
&& isASCIIHexDigit(input[i + 2])) {
percentDecoded.uncheckedAppend(toASCIIHexValue(input[i + 1], input[i + 2]));
i += 2;
} else
percentDecoded.uncheckedAppend(input[i]);
}
return String::fromUTF8(percentDecoded.data(), percentDecoded.size());
}
String URL::user() const
{
return decodeEscapeSequencesFromParsedURL(StringView(m_string).substring(m_userStart, m_userEnd - m_userStart));
}
String URL::pass() const
{
if (m_passwordEnd == m_userEnd)
return String();
return decodeEscapeSequencesFromParsedURL(StringView(m_string).substring(m_userEnd + 1, m_passwordEnd - m_userEnd - 1));
}
String URL::encodedUser() const
{
return m_string.substring(m_userStart, m_userEnd - m_userStart);
}
String URL::encodedPass() const
{
if (m_passwordEnd == m_userEnd)
return String();
return m_string.substring(m_userEnd + 1, m_passwordEnd - m_userEnd - 1);
}
String URL::fragmentIdentifier() const
{
if (!hasFragmentIdentifier())
return String();
return m_string.substring(m_queryEnd + 1);
}
bool URL::hasFragmentIdentifier() const
{
return m_isValid && m_string.length() != m_queryEnd;
}
String URL::baseAsString() const
{
return m_string.left(m_pathAfterLastSlash);
}
#if !USE(CF)
String URL::fileSystemPath() const
{
if (!isValid() || !isLocalFile())
return String();
return decodeEscapeSequencesFromParsedURL(StringView(path()));
}
#endif
#ifdef NDEBUG
static inline void assertProtocolIsGood(StringView)
{
}
#else
static void assertProtocolIsGood(StringView protocol)
{
// FIXME: We probably don't need this function any more.
// The isASCIIAlphaCaselessEqual function asserts that passed-in characters
// are ones it can handle; the older code did not and relied on these checks.
for (auto character : protocol.codeUnits()) {
ASSERT(isASCII(character));
ASSERT(character > ' ');
ASSERT(!isASCIIUpper(character));
ASSERT(toASCIILowerUnchecked(character) == character);
}
}
#endif
static Lock defaultPortForProtocolMapForTestingLock;
using DefaultPortForProtocolMapForTesting = HashMap<String, uint16_t>;
static DefaultPortForProtocolMapForTesting*& defaultPortForProtocolMapForTesting()
{
static DefaultPortForProtocolMapForTesting* defaultPortForProtocolMap;
return defaultPortForProtocolMap;
}
static DefaultPortForProtocolMapForTesting& ensureDefaultPortForProtocolMapForTesting()
{
DefaultPortForProtocolMapForTesting*& defaultPortForProtocolMap = defaultPortForProtocolMapForTesting();
if (!defaultPortForProtocolMap)
defaultPortForProtocolMap = new DefaultPortForProtocolMapForTesting;
return *defaultPortForProtocolMap;
}
void registerDefaultPortForProtocolForTesting(uint16_t port, const String& protocol)
{
auto locker = holdLock(defaultPortForProtocolMapForTestingLock);
ensureDefaultPortForProtocolMapForTesting().add(protocol, port);
}
void clearDefaultPortForProtocolMapForTesting()
{
auto locker = holdLock(defaultPortForProtocolMapForTestingLock);
if (auto* map = defaultPortForProtocolMapForTesting())
map->clear();
}
Optional<uint16_t> defaultPortForProtocol(StringView protocol)
{
if (auto* overrideMap = defaultPortForProtocolMapForTesting()) {
auto locker = holdLock(defaultPortForProtocolMapForTestingLock);
ASSERT(overrideMap); // No need to null check again here since overrideMap cannot become null after being non-null.
auto iterator = overrideMap->find(protocol.toStringWithoutCopying());
if (iterator != overrideMap->end())
return iterator->value;
}
return URLParser::defaultPortForProtocol(protocol);
}
bool isDefaultPortForProtocol(uint16_t port, StringView protocol)
{
return defaultPortForProtocol(protocol) == port;
}
bool URL::protocolIs(const char* protocol) const
{
assertProtocolIsGood(StringView { protocol });
// JavaScript URLs are "valid" and should be executed even if URL decides they are invalid.
// The free function protocolIsJavaScript() should be used instead.
ASSERT(!equalLettersIgnoringASCIICase(StringView(protocol), "javascript"));
if (!m_isValid)
return false;
// Do the comparison without making a new string object.
for (unsigned i = 0; i < m_schemeEnd; ++i) {
if (!protocol[i] || !isASCIIAlphaCaselessEqual(m_string[i], protocol[i]))
return false;
}
return !protocol[m_schemeEnd]; // We should have consumed all characters in the argument.
}
bool URL::protocolIs(StringView protocol) const
{
assertProtocolIsGood(protocol);
if (!m_isValid)
return false;
if (m_schemeEnd != protocol.length())
return false;
// Do the comparison without making a new string object.
for (unsigned i = 0; i < m_schemeEnd; ++i) {
if (!isASCIIAlphaCaselessEqual(m_string[i], protocol[i]))
return false;
}
return true;
}
String URL::query() const
{
if (m_queryEnd == m_pathEnd)
return String();
return m_string.substring(m_pathEnd + 1, m_queryEnd - (m_pathEnd + 1));
}
String URL::path() const
{
unsigned portEnd = m_hostEnd + m_portLength;
return m_string.substring(portEnd, m_pathEnd - portEnd);
}
bool URL::setProtocol(const String& s)
{
// Firefox and IE remove everything after the first ':'.
size_t separatorPosition = s.find(':');
String newProtocol = s.substring(0, separatorPosition);
auto canonicalized = URLParser::maybeCanonicalizeScheme(newProtocol);
if (!canonicalized)
return false;
if (!m_isValid) {
URLParser parser(makeString(*canonicalized, ":", m_string));
*this = parser.result();
return true;
}
if ((m_passwordEnd != m_userStart || port()) && *canonicalized == "file")
return true;
if (isLocalFile() && host().isEmpty())
return true;
URLParser parser(makeString(*canonicalized, m_string.substring(m_schemeEnd)));
*this = parser.result();
return true;
}
static bool isAllASCII(StringView string)
{
if (string.is8Bit())
return charactersAreAllASCII(string.characters8(), string.length());
return charactersAreAllASCII(string.characters16(), string.length());
}
// Appends the punycoded hostname identified by the given string and length to
// the output buffer. The result will not be null terminated.
// Return value of false means error in encoding.
static bool appendEncodedHostname(UCharBuffer& buffer, StringView string)
{
// Needs to be big enough to hold an IDN-encoded name.
// For host names bigger than this, we won't do IDN encoding, which is almost certainly OK.
const unsigned hostnameBufferLength = 2048;
if (string.length() > hostnameBufferLength || isAllASCII(string)) {
append(buffer, string);
return true;
}
UChar hostnameBuffer[hostnameBufferLength];
UErrorCode error = U_ZERO_ERROR;
UIDNAInfo processingDetails = UIDNA_INFO_INITIALIZER;
int32_t numCharactersConverted = uidna_nameToASCII(&URLParser::internationalDomainNameTranscoder(),
string.upconvertedCharacters(), string.length(), hostnameBuffer, hostnameBufferLength, &processingDetails, &error);
if (U_SUCCESS(error) && !processingDetails.errors) {
buffer.append(hostnameBuffer, numCharactersConverted);
return true;
}
return false;
}
unsigned URL::hostStart() const
{
return (m_passwordEnd == m_userStart) ? m_passwordEnd : m_passwordEnd + 1;
}
void URL::setHost(const String& s)
{
if (!m_isValid)
return;
auto colonIndex = s.find(':');
if (colonIndex != notFound)
return;
UCharBuffer encodedHostName;
if (!appendEncodedHostname(encodedHostName, s))
return;
bool slashSlashNeeded = m_userStart == static_cast<unsigned>(m_schemeEnd + 1);
StringBuilder builder;
builder.append(m_string.left(hostStart()));
if (slashSlashNeeded)
builder.appendLiteral("//");
builder.append(StringView(encodedHostName.data(), encodedHostName.size()));
builder.append(m_string.substring(m_hostEnd));
URLParser parser(builder.toString());
*this = parser.result();
}
void URL::removePort()
{
if (!m_portLength)
return;
URLParser parser(makeString(StringView(m_string).left(m_hostEnd), StringView(m_string).substring(m_hostEnd + m_portLength)));
*this = parser.result();
}
void URL::setPort(unsigned short i)
{
if (!m_isValid)
return;
bool colonNeeded = !m_portLength;
unsigned portStart = (colonNeeded ? m_hostEnd : m_hostEnd + 1);
URLParser parser(makeString(StringView(m_string).left(portStart), (colonNeeded ? ":" : ""), static_cast<unsigned>(i), StringView(m_string).substring(m_hostEnd + m_portLength)));
*this = parser.result();
}
void URL::removeHostAndPort()
{
if (!m_isValid)
return;
if (!host().isEmpty())
setHost({ });
removePort();
}
void URL::setHostAndPort(const String& hostAndPort)
{
if (!m_isValid)
return;
StringView hostName(hostAndPort);
StringView port;
auto colonIndex = hostName.find(':');
if (colonIndex != notFound) {
port = hostName.substring(colonIndex + 1);
bool ok;
int portInt = port.toIntStrict(ok);
if (!ok || portInt < 0)
return;
hostName = hostName.substring(0, colonIndex);
}
if (hostName.isEmpty())
return;
UCharBuffer encodedHostName;
if (!appendEncodedHostname(encodedHostName, hostName))
return;
bool slashSlashNeeded = m_userStart == static_cast<unsigned>(m_schemeEnd + 1);
StringBuilder builder;
builder.append(m_string.left(hostStart()));
if (slashSlashNeeded)
builder.appendLiteral("//");
builder.append(StringView(encodedHostName.data(), encodedHostName.size()));
if (!port.isEmpty()) {
builder.appendLiteral(":");
builder.append(port);
}
builder.append(StringView(m_string).substring(m_hostEnd + m_portLength));
URLParser parser(builder.toString());
*this = parser.result();
}
static String percentEncodeCharacters(const String& input, bool(*shouldEncode)(UChar))
{
auto encode = [shouldEncode] (const String& input) {
CString utf8 = input.utf8();
auto* data = utf8.data();
StringBuilder builder;
auto length = utf8.length();
for (unsigned j = 0; j < length; j++) {
auto c = data[j];
if (shouldEncode(c)) {
builder.append('%');
builder.append(upperNibbleToASCIIHexDigit(c));
builder.append(lowerNibbleToASCIIHexDigit(c));
} else
builder.append(c);
}
return builder.toString();
};
for (size_t i = 0; i < input.length(); ++i) {
if (UNLIKELY(shouldEncode(input[i])))
return encode(input);
}
return input;
}
void URL::setUser(const String& user)
{
if (!m_isValid)
return;
// FIXME: Non-ASCII characters must be encoded and escaped to match parse() expectations,
// and to avoid changing more than just the user login.
unsigned end = m_userEnd;
if (!user.isEmpty()) {
String u = percentEncodeCharacters(user, URLParser::isInUserInfoEncodeSet);
if (m_userStart == static_cast<unsigned>(m_schemeEnd + 1))
u = "//" + u;
// Add '@' if we didn't have one before.
if (end == m_hostEnd || (end == m_passwordEnd && m_string[end] != '@'))
u.append('@');
URLParser parser(makeString(StringView(m_string).left(m_userStart), u, StringView(m_string).substring(end)));
*this = parser.result();
} else {
// Remove '@' if we now have neither user nor password.
if (m_userEnd == m_passwordEnd && end != m_hostEnd && m_string[end] == '@')
end += 1;
// We don't want to parse in the extremely common case where we are not going to make a change.
if (m_userStart != end) {
URLParser parser(makeString(StringView(m_string).left(m_userStart), StringView(m_string).substring(end)));
*this = parser.result();
}
}
}
void URL::setPass(const String& password)
{
if (!m_isValid)
return;
unsigned end = m_passwordEnd;
if (!password.isEmpty()) {
String p = ":" + percentEncodeCharacters(password, URLParser::isInUserInfoEncodeSet) + "@";
if (m_userEnd == static_cast<unsigned>(m_schemeEnd + 1))
p = "//" + p;
// Eat the existing '@' since we are going to add our own.
if (end != m_hostEnd && m_string[end] == '@')
end += 1;
URLParser parser(makeString(StringView(m_string).left(m_userEnd), p, StringView(m_string).substring(end)));
*this = parser.result();
} else {
// Remove '@' if we now have neither user nor password.
if (m_userStart == m_userEnd && end != m_hostEnd && m_string[end] == '@')
end += 1;
// We don't want to parse in the extremely common case where we are not going to make a change.
if (m_userEnd != end) {
URLParser parser(makeString(StringView(m_string).left(m_userEnd), StringView(m_string).substring(end)));
*this = parser.result();
}
}
}
void URL::setFragmentIdentifier(StringView identifier)
{
if (!m_isValid)
return;
// FIXME: Optimize the case where the identifier already happens to be equal to what was passed?
// FIXME: Is it correct to do this without encoding and escaping non-ASCII characters?
*this = URLParser { makeString(StringView { m_string }.substring(0, m_queryEnd), '#', identifier) }.result();
}
void URL::removeFragmentIdentifier()
{
if (!m_isValid) {
ASSERT(!m_queryEnd);
return;
}
if (m_isValid && m_string.length() > m_queryEnd)
m_string = m_string.left(m_queryEnd);
}
void URL::removeQueryAndFragmentIdentifier()
{
if (!m_isValid)
return;
m_string = m_string.left(m_pathEnd);
m_queryEnd = m_pathEnd;
}
void URL::setQuery(const String& query)
{
if (!m_isValid)
return;
// FIXME: '#' and non-ASCII characters must be encoded and escaped.
// Usually, the query is encoded using document encoding, not UTF-8, but we don't have
// access to the document in this function.
// https://webkit.org/b/161176
if ((query.isEmpty() || query[0] != '?') && !query.isNull()) {
URLParser parser(makeString(StringView(m_string).left(m_pathEnd), "?", query, StringView(m_string).substring(m_queryEnd)));
*this = parser.result();
} else {
URLParser parser(makeString(StringView(m_string).left(m_pathEnd), query, StringView(m_string).substring(m_queryEnd)));
*this = parser.result();
}
}
void URL::setPath(const String& s)
{
if (!m_isValid)
return;
String path = s;
if (path.isEmpty() || path[0] != '/')
path = "/" + path;
auto questionMarkOrNumberSign = [] (UChar character) {
return character == '?' || character == '#';
};
URLParser parser(makeString(StringView(m_string).left(m_hostEnd + m_portLength), percentEncodeCharacters(path, questionMarkOrNumberSign), StringView(m_string).substring(m_pathEnd)));
*this = parser.result();
}
bool equalIgnoringFragmentIdentifier(const URL& a, const URL& b)
{
if (a.m_queryEnd != b.m_queryEnd)
return false;
unsigned queryLength = a.m_queryEnd;
for (unsigned i = 0; i < queryLength; ++i)
if (a.string()[i] != b.string()[i])
return false;
return true;
}
bool equalIgnoringQueryAndFragment(const URL& a, const URL& b)
{
if (a.pathEnd() != b.pathEnd())
return false;
unsigned pathEnd = a.pathEnd();
for (unsigned i = 0; i < pathEnd; ++i) {
if (a.string()[i] != b.string()[i])
return false;
}
return true;
}
bool protocolHostAndPortAreEqual(const URL& a, const URL& b)
{
if (a.m_schemeEnd != b.m_schemeEnd)
return false;
unsigned hostStartA = a.hostStart();
unsigned hostLengthA = a.m_hostEnd - hostStartA;
unsigned hostStartB = b.hostStart();
unsigned hostLengthB = b.m_hostEnd - b.hostStart();
if (hostLengthA != hostLengthB)
return false;
// Check the scheme
for (unsigned i = 0; i < a.m_schemeEnd; ++i) {
if (a.string()[i] != b.string()[i])
return false;
}
// And the host
for (unsigned i = 0; i < hostLengthA; ++i) {
if (a.string()[hostStartA + i] != b.string()[hostStartB + i])
return false;
}
if (a.port() != b.port())
return false;
return true;
}
bool hostsAreEqual(const URL& a, const URL& b)
{
unsigned hostStartA = a.hostStart();
unsigned hostLengthA = a.m_hostEnd - hostStartA;
unsigned hostStartB = b.hostStart();
unsigned hostLengthB = b.m_hostEnd - hostStartB;
if (hostLengthA != hostLengthB)
return false;
for (unsigned i = 0; i < hostLengthA; ++i) {
if (a.string()[hostStartA + i] != b.string()[hostStartB + i])
return false;
}
return true;
}
bool URL::isMatchingDomain(const String& domain) const
{
if (isNull())
return false;
if (domain.isEmpty())
return true;
if (!protocolIsInHTTPFamily())
return false;
auto host = this->host();
if (!host.endsWith(domain))
return false;
return host.length() == domain.length() || host[host.length() - domain.length() - 1] == '.';
}
String encodeWithURLEscapeSequences(const String& input)
{
return percentEncodeCharacters(input, URLParser::isInUserInfoEncodeSet);
}
bool URL::isHierarchical() const
{
if (!m_isValid)
return false;
ASSERT(m_string[m_schemeEnd] == ':');
return m_string[m_schemeEnd + 1] == '/';
}
void URL::copyToBuffer(Vector<char, 512>& buffer) const
{
// FIXME: This throws away the high bytes of all the characters in the string!
// That's fine for a valid URL, which is all ASCII, but not for invalid URLs.
buffer.resize(m_string.length());
copyASCII(m_string, buffer.data());
}
template<typename StringClass>
bool protocolIsInternal(const StringClass& url, const char* protocol)
{
// Do the comparison without making a new string object.
assertProtocolIsGood(StringView { protocol });
bool isLeading = true;
for (unsigned i = 0, j = 0; url[i]; ++i) {
// Skip leading whitespace and control characters.
if (isLeading && shouldTrimFromURL(url[i]))
continue;
isLeading = false;
// Skip any tabs and newlines.
if (url[i] == '\t' || url[i] == '\r' || url[i] == '\n')
continue;
if (!protocol[j])
return url[i] == ':';
if (!isASCIIAlphaCaselessEqual(url[i], protocol[j]))
return false;
++j;
}
return false;
}
bool protocolIs(const String& url, const char* protocol)
{
return protocolIsInternal(url, protocol);
}
inline bool URL::protocolIs(const String& string, const char* protocol)
{
return WTF::protocolIsInternal(string, protocol);
}
#ifndef NDEBUG
void URL::print() const
{
printf("%s\n", m_string.utf8().data());
}
#endif
String URL::strippedForUseAsReferrer() const
{
URL referrer(*this);
referrer.setUser(String());
referrer.setPass(String());
referrer.removeFragmentIdentifier();
return referrer.string();
}
bool URL::isLocalFile() const
{
// Including feed here might be a bad idea since drag and drop uses this check
// and including feed would allow feeds to potentially let someone's blog
// read the contents of the clipboard on a drag, even without a drop.
// Likewise with using the FrameLoader::shouldTreatURLAsLocal() function.
return protocolIs("file");
}
bool protocolIsJavaScript(const String& url)
{
return protocolIsInternal(url, "javascript");
}
bool protocolIsJavaScript(StringView url)
{
return protocolIsInternal(url, "javascript");
}
bool protocolIsInHTTPFamily(const String& url)
{
auto length = url.length();
// Do the comparison without making a new string object.
return length >= 5
&& isASCIIAlphaCaselessEqual(url[0], 'h')
&& isASCIIAlphaCaselessEqual(url[1], 't')
&& isASCIIAlphaCaselessEqual(url[2], 't')
&& isASCIIAlphaCaselessEqual(url[3], 'p')
&& (url[4] == ':' || (isASCIIAlphaCaselessEqual(url[4], 's') && length >= 6 && url[5] == ':'));
}
const URL& blankURL()
{
static NeverDestroyed<URL> staticBlankURL(URL(), "about:blank");
return staticBlankURL;
}
bool URL::protocolIsAbout() const
{
return protocolIs("about");
}
bool portAllowed(const URL& url)
{
Optional<uint16_t> port = url.port();
// Since most URLs don't have a port, return early for the "no port" case.
if (!port)
return true;
// This blocked port list matches the port blocking that Mozilla implements.
// See http://www.mozilla.org/projects/netlib/PortBanning.html for more information.
static const uint16_t blockedPortList[] = {
1, // tcpmux
7, // echo
9, // discard
11, // systat
13, // daytime
15, // netstat
17, // qotd
19, // chargen
20, // FTP-data
21, // FTP-control
22, // SSH
23, // telnet
25, // SMTP
37, // time
42, // name
43, // nicname
53, // domain
77, // priv-rjs
79, // finger
87, // ttylink
95, // supdup
101, // hostriame
102, // iso-tsap
103, // gppitnp
104, // acr-nema
109, // POP2
110, // POP3
111, // sunrpc
113, // auth
115, // SFTP
117, // uucp-path
119, // nntp
123, // NTP
135, // loc-srv / epmap
139, // netbios
143, // IMAP2
179, // BGP
389, // LDAP
427, // SLP (Also used by Apple Filing Protocol)
465, // SMTP+SSL
512, // print / exec
513, // login
514, // shell
515, // printer
526, // tempo
530, // courier
531, // Chat
532, // netnews
540, // UUCP
548, // afpovertcp [Apple addition]
556, // remotefs
563, // NNTP+SSL
587, // ESMTP
601, // syslog-conn
636, // LDAP+SSL
993, // IMAP+SSL
995, // POP3+SSL
2049, // NFS
3659, // apple-sasl / PasswordServer [Apple addition]
4045, // lockd
4190, // ManageSieve [Apple addition]
6000, // X11
6665, // Alternate IRC [Apple addition]
6666, // Alternate IRC [Apple addition]
6667, // Standard IRC [Apple addition]
6668, // Alternate IRC [Apple addition]
6669, // Alternate IRC [Apple addition]
6679, // Alternate IRC SSL [Apple addition]
6697, // IRC+SSL [Apple addition]
invalidPortNumber, // Used to block all invalid port numbers
};
// If the port is not in the blocked port list, allow it.
ASSERT(std::is_sorted(std::begin(blockedPortList), std::end(blockedPortList)));
if (!std::binary_search(std::begin(blockedPortList), std::end(blockedPortList), port.value()))
return true;
// Allow ports 21 and 22 for FTP URLs, as Mozilla does.
if ((port.value() == 21 || port.value() == 22) && url.protocolIs("ftp"))
return true;
// Allow any port number in a file URL, since the port number is ignored.
if (url.protocolIs("file"))
return true;
return false;
}
String mimeTypeFromDataURL(const String& url)
{
ASSERT(protocolIsInternal(url, "data"));
// FIXME: What's the right behavior when the URL has a comma first, but a semicolon later?
// Currently this code will break at the semicolon in that case. Not sure that's correct.
auto index = url.find(';', 5);
if (index == notFound)
index = url.find(',', 5);
if (index == notFound) {
// FIXME: There was an old comment here that made it sound like this should be returning text/plain.
// But we have been returning empty string here for some time, so not changing its behavior at this time.
return emptyString();
}
if (index == 5)
return "text/plain"_s;
ASSERT(index >= 5);
return url.substring(5, index - 5).convertToASCIILowercase();
}
String URL::stringCenterEllipsizedToLength(unsigned length) const
{
if (string().length() <= length)
return string();
return string().left(length / 2 - 1) + "..." + string().right(length / 2 - 2);
}
URL URL::fakeURLWithRelativePart(const String& relativePart)
{
return URL(URL(), "webkit-fake-url://" + createCanonicalUUIDString() + '/' + relativePart);
}
URL URL::fileURLWithFileSystemPath(const String& filePath)
{
return URL(URL(), "file:///" + filePath);
}
TextStream& operator<<(TextStream& ts, const URL& url)
{
ts << url.string();
return ts;
}
#if !PLATFORM(COCOA) && !USE(SOUP)
static bool isIPv4Address(StringView string)
{
auto count = 0;
for (const auto octet : string.splitAllowingEmptyEntries('.')) {
if (count >= 4)
return false;
const auto length = octet.length();
if (!length || length > 3)
return false;
auto value = 0;
for (auto i = 0u; i < length; ++i) {
const auto digit = octet[i];
// Prohibit leading zeroes.
if (digit > '9' || digit < (!i && length > 1 ? '1' : '0'))
return false;
value = 10 * value + (digit - '0');
}
if (value > 255)
return false;
count++;
}
return (count == 4);
}
static bool isIPv6Address(StringView string)
{
enum SkipState { None, WillSkip, Skipping, Skipped, Final };
auto skipState = None;
auto count = 0;
for (const auto hextet : string.splitAllowingEmptyEntries(':')) {
if (count >= 8 || skipState == Final)
return false;
const auto length = hextet.length();
if (!length) {
// :: may be used anywhere to skip 1 to 8 hextets, but only once.
if (skipState == Skipped)
return false;
if (skipState == None)
skipState = !count ? WillSkip : Skipping;
else if (skipState == WillSkip)
skipState = Skipping;
else
skipState = Final;
continue;
}
if (skipState == WillSkip)
return false;
if (skipState == Skipping)
skipState = Skipped;
if (length > 4) {
// An IPv4 address may be used in place of the final two hextets.
if ((skipState == None && count != 6) || (skipState == Skipped && count >= 6) || !isIPv4Address(hextet))
return false;
skipState = Final;
continue;
}
for (const auto codeUnit : hextet.codeUnits()) {
// IPv6 allows leading zeroes.
if (!isASCIIHexDigit(codeUnit))
return false;
}
count++;
}
return (count == 8 && skipState == None) || skipState == Skipped || skipState == Final;
}
bool URL::hostIsIPAddress(StringView host)
{
if (host.find(':') == notFound)
return isIPv4Address(host);
return isIPv6Address(host);
}
#endif
} // namespace WTF