Allow the externalfile scheme to be whitelisted as an allowed scheme for component...
[chromium-blink-merge.git] / url / url_canon_internal.cc
blob1554814c1184e5ff04bedac5cc07417782f99551
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "url/url_canon_internal.h"
7 #include <errno.h>
8 #include <stdlib.h>
10 #include <cstdio>
11 #include <string>
13 #include "base/strings/utf_string_conversion_utils.h"
15 namespace url {
17 namespace {
19 template<typename CHAR, typename UCHAR>
20 void DoAppendStringOfType(const CHAR* source, int length,
21 SharedCharTypes type,
22 CanonOutput* output) {
23 for (int i = 0; i < length; i++) {
24 if (static_cast<UCHAR>(source[i]) >= 0x80) {
25 // ReadChar will fill the code point with kUnicodeReplacementCharacter
26 // when the input is invalid, which is what we want.
27 unsigned code_point;
28 ReadUTFChar(source, &i, length, &code_point);
29 AppendUTF8EscapedValue(code_point, output);
30 } else {
31 // Just append the 7-bit character, possibly escaping it.
32 unsigned char uch = static_cast<unsigned char>(source[i]);
33 if (!IsCharOfType(uch, type))
34 AppendEscapedChar(uch, output);
35 else
36 output->push_back(uch);
41 // This function assumes the input values are all contained in 8-bit,
42 // although it allows any type. Returns true if input is valid, false if not.
43 template<typename CHAR, typename UCHAR>
44 void DoAppendInvalidNarrowString(const CHAR* spec, int begin, int end,
45 CanonOutput* output) {
46 for (int i = begin; i < end; i++) {
47 UCHAR uch = static_cast<UCHAR>(spec[i]);
48 if (uch >= 0x80) {
49 // Handle UTF-8/16 encodings. This call will correctly handle the error
50 // case by appending the invalid character.
51 AppendUTF8EscapedChar(spec, &i, end, output);
52 } else if (uch <= ' ' || uch == 0x7f) {
53 // This function is for error handling, so we escape all control
54 // characters and spaces, but not anything else since we lack
55 // context to do something more specific.
56 AppendEscapedChar(static_cast<unsigned char>(uch), output);
57 } else {
58 output->push_back(static_cast<char>(uch));
63 // Overrides one component, see the Replacements structure for
64 // what the various combionations of source pointer and component mean.
65 void DoOverrideComponent(const char* override_source,
66 const Component& override_component,
67 const char** dest,
68 Component* dest_component) {
69 if (override_source) {
70 *dest = override_source;
71 *dest_component = override_component;
75 // Similar to DoOverrideComponent except that it takes a UTF-16 input and does
76 // not actually set the output character pointer.
78 // The input is converted to UTF-8 at the end of the given buffer as a temporary
79 // holding place. The component identifying the portion of the buffer used in
80 // the |utf8_buffer| will be specified in |*dest_component|.
82 // This will not actually set any |dest| pointer like DoOverrideComponent
83 // does because all of the pointers will point into the |utf8_buffer|, which
84 // may get resized while we're overriding a subsequent component. Instead, the
85 // caller should use the beginning of the |utf8_buffer| as the string pointer
86 // for all components once all overrides have been prepared.
87 bool PrepareUTF16OverrideComponent(const base::char16* override_source,
88 const Component& override_component,
89 CanonOutput* utf8_buffer,
90 Component* dest_component) {
91 bool success = true;
92 if (override_source) {
93 if (!override_component.is_valid()) {
94 // Non-"valid" component (means delete), so we need to preserve that.
95 *dest_component = Component();
96 } else {
97 // Convert to UTF-8.
98 dest_component->begin = utf8_buffer->length();
99 success = ConvertUTF16ToUTF8(&override_source[override_component.begin],
100 override_component.len, utf8_buffer);
101 dest_component->len = utf8_buffer->length() - dest_component->begin;
104 return success;
107 } // namespace
109 // See the header file for this array's declaration.
110 const unsigned char kSharedCharTypeTable[0x100] = {
111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x00 - 0x0f
112 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x10 - 0x1f
113 0, // 0x20 ' ' (escape spaces in queries)
114 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x21 !
115 0, // 0x22 "
116 0, // 0x23 # (invalid in query since it marks the ref)
117 CHAR_QUERY | CHAR_USERINFO, // 0x24 $
118 CHAR_QUERY | CHAR_USERINFO, // 0x25 %
119 CHAR_QUERY | CHAR_USERINFO, // 0x26 &
120 0, // 0x27 ' (Try to prevent XSS.)
121 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x28 (
122 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x29 )
123 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x2a *
124 CHAR_QUERY | CHAR_USERINFO, // 0x2b +
125 CHAR_QUERY | CHAR_USERINFO, // 0x2c ,
126 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x2d -
127 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_COMPONENT, // 0x2e .
128 CHAR_QUERY, // 0x2f /
129 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x30 0
130 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x31 1
131 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x32 2
132 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x33 3
133 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x34 4
134 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x35 5
135 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x36 6
136 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_OCT | CHAR_COMPONENT, // 0x37 7
137 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_COMPONENT, // 0x38 8
138 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_DEC | CHAR_COMPONENT, // 0x39 9
139 CHAR_QUERY, // 0x3a :
140 CHAR_QUERY, // 0x3b ;
141 0, // 0x3c < (Try to prevent certain types of XSS.)
142 CHAR_QUERY, // 0x3d =
143 0, // 0x3e > (Try to prevent certain types of XSS.)
144 CHAR_QUERY, // 0x3f ?
145 CHAR_QUERY, // 0x40 @
146 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x41 A
147 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x42 B
148 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x43 C
149 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x44 D
150 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x45 E
151 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x46 F
152 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x47 G
153 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x48 H
154 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x49 I
155 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x4a J
156 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x4b K
157 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x4c L
158 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x4d M
159 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x4e N
160 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x4f O
161 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x50 P
162 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x51 Q
163 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x52 R
164 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x53 S
165 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x54 T
166 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x55 U
167 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x56 V
168 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x57 W
169 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_COMPONENT, // 0x58 X
170 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x59 Y
171 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x5a Z
172 CHAR_QUERY, // 0x5b [
173 CHAR_QUERY, // 0x5c '\'
174 CHAR_QUERY, // 0x5d ]
175 CHAR_QUERY, // 0x5e ^
176 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x5f _
177 CHAR_QUERY, // 0x60 `
178 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x61 a
179 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x62 b
180 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x63 c
181 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x64 d
182 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x65 e
183 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_HEX | CHAR_COMPONENT, // 0x66 f
184 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x67 g
185 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x68 h
186 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x69 i
187 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x6a j
188 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x6b k
189 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x6c l
190 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x6d m
191 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x6e n
192 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x6f o
193 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x70 p
194 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x71 q
195 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x72 r
196 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x73 s
197 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x74 t
198 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x75 u
199 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x76 v
200 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x77 w
201 CHAR_QUERY | CHAR_USERINFO | CHAR_IPV4 | CHAR_COMPONENT, // 0x78 x
202 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x79 y
203 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x7a z
204 CHAR_QUERY, // 0x7b {
205 CHAR_QUERY, // 0x7c |
206 CHAR_QUERY, // 0x7d }
207 CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT, // 0x7e ~
208 0, // 0x7f
209 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x80 - 0x8f
210 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x90 - 0x9f
211 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xa0 - 0xaf
212 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xb0 - 0xbf
213 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xc0 - 0xcf
214 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xd0 - 0xdf
215 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xe0 - 0xef
216 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xf0 - 0xff
219 const char kHexCharLookup[0x10] = {
220 '0', '1', '2', '3', '4', '5', '6', '7',
221 '8', '9', 'A', 'B', 'C', 'D', 'E', 'F',
224 const char kCharToHexLookup[8] = {
225 0, // 0x00 - 0x1f
226 '0', // 0x20 - 0x3f: digits 0 - 9 are 0x30 - 0x39
227 'A' - 10, // 0x40 - 0x5f: letters A - F are 0x41 - 0x46
228 'a' - 10, // 0x60 - 0x7f: letters a - f are 0x61 - 0x66
229 0, // 0x80 - 0x9F
230 0, // 0xA0 - 0xBF
231 0, // 0xC0 - 0xDF
232 0, // 0xE0 - 0xFF
235 const base::char16 kUnicodeReplacementCharacter = 0xfffd;
237 void AppendStringOfType(const char* source, int length,
238 SharedCharTypes type,
239 CanonOutput* output) {
240 DoAppendStringOfType<char, unsigned char>(source, length, type, output);
243 void AppendStringOfType(const base::char16* source, int length,
244 SharedCharTypes type,
245 CanonOutput* output) {
246 DoAppendStringOfType<base::char16, base::char16>(
247 source, length, type, output);
250 bool ReadUTFChar(const char* str, int* begin, int length,
251 unsigned* code_point_out) {
252 // This depends on ints and int32s being the same thing. If they're not, it
253 // will fail to compile.
254 // TODO(mmenke): This should probably be fixed.
255 if (!base::ReadUnicodeCharacter(str, length, begin, code_point_out) ||
256 !base::IsValidCharacter(*code_point_out)) {
257 *code_point_out = kUnicodeReplacementCharacter;
258 return false;
260 return true;
263 bool ReadUTFChar(const base::char16* str, int* begin, int length,
264 unsigned* code_point_out) {
265 // This depends on ints and int32s being the same thing. If they're not, it
266 // will fail to compile.
267 // TODO(mmenke): This should probably be fixed.
268 if (!base::ReadUnicodeCharacter(str, length, begin, code_point_out) ||
269 !base::IsValidCharacter(*code_point_out)) {
270 *code_point_out = kUnicodeReplacementCharacter;
271 return false;
273 return true;
276 void AppendInvalidNarrowString(const char* spec, int begin, int end,
277 CanonOutput* output) {
278 DoAppendInvalidNarrowString<char, unsigned char>(spec, begin, end, output);
281 void AppendInvalidNarrowString(const base::char16* spec, int begin, int end,
282 CanonOutput* output) {
283 DoAppendInvalidNarrowString<base::char16, base::char16>(
284 spec, begin, end, output);
287 bool ConvertUTF16ToUTF8(const base::char16* input, int input_len,
288 CanonOutput* output) {
289 bool success = true;
290 for (int i = 0; i < input_len; i++) {
291 unsigned code_point;
292 success &= ReadUTFChar(input, &i, input_len, &code_point);
293 AppendUTF8Value(code_point, output);
295 return success;
298 bool ConvertUTF8ToUTF16(const char* input, int input_len,
299 CanonOutputT<base::char16>* output) {
300 bool success = true;
301 for (int i = 0; i < input_len; i++) {
302 unsigned code_point;
303 success &= ReadUTFChar(input, &i, input_len, &code_point);
304 AppendUTF16Value(code_point, output);
306 return success;
309 void SetupOverrideComponents(const char* base,
310 const Replacements<char>& repl,
311 URLComponentSource<char>* source,
312 Parsed* parsed) {
313 // Get the source and parsed structures of the things we are replacing.
314 const URLComponentSource<char>& repl_source = repl.sources();
315 const Parsed& repl_parsed = repl.components();
317 DoOverrideComponent(repl_source.scheme, repl_parsed.scheme,
318 &source->scheme, &parsed->scheme);
319 DoOverrideComponent(repl_source.username, repl_parsed.username,
320 &source->username, &parsed->username);
321 DoOverrideComponent(repl_source.password, repl_parsed.password,
322 &source->password, &parsed->password);
324 // Our host should be empty if not present, so override the default setup.
325 DoOverrideComponent(repl_source.host, repl_parsed.host,
326 &source->host, &parsed->host);
327 if (parsed->host.len == -1)
328 parsed->host.len = 0;
330 DoOverrideComponent(repl_source.port, repl_parsed.port,
331 &source->port, &parsed->port);
332 DoOverrideComponent(repl_source.path, repl_parsed.path,
333 &source->path, &parsed->path);
334 DoOverrideComponent(repl_source.query, repl_parsed.query,
335 &source->query, &parsed->query);
336 DoOverrideComponent(repl_source.ref, repl_parsed.ref,
337 &source->ref, &parsed->ref);
340 bool SetupUTF16OverrideComponents(const char* base,
341 const Replacements<base::char16>& repl,
342 CanonOutput* utf8_buffer,
343 URLComponentSource<char>* source,
344 Parsed* parsed) {
345 bool success = true;
347 // Get the source and parsed structures of the things we are replacing.
348 const URLComponentSource<base::char16>& repl_source = repl.sources();
349 const Parsed& repl_parsed = repl.components();
351 success &= PrepareUTF16OverrideComponent(
352 repl_source.scheme, repl_parsed.scheme,
353 utf8_buffer, &parsed->scheme);
354 success &= PrepareUTF16OverrideComponent(
355 repl_source.username, repl_parsed.username,
356 utf8_buffer, &parsed->username);
357 success &= PrepareUTF16OverrideComponent(
358 repl_source.password, repl_parsed.password,
359 utf8_buffer, &parsed->password);
360 success &= PrepareUTF16OverrideComponent(
361 repl_source.host, repl_parsed.host,
362 utf8_buffer, &parsed->host);
363 success &= PrepareUTF16OverrideComponent(
364 repl_source.port, repl_parsed.port,
365 utf8_buffer, &parsed->port);
366 success &= PrepareUTF16OverrideComponent(
367 repl_source.path, repl_parsed.path,
368 utf8_buffer, &parsed->path);
369 success &= PrepareUTF16OverrideComponent(
370 repl_source.query, repl_parsed.query,
371 utf8_buffer, &parsed->query);
372 success &= PrepareUTF16OverrideComponent(
373 repl_source.ref, repl_parsed.ref,
374 utf8_buffer, &parsed->ref);
376 // PrepareUTF16OverrideComponent will not have set the data pointer since the
377 // buffer could be resized, invalidating the pointers. We set the data
378 // pointers for affected components now that the buffer is finalized.
379 if (repl_source.scheme) source->scheme = utf8_buffer->data();
380 if (repl_source.username) source->username = utf8_buffer->data();
381 if (repl_source.password) source->password = utf8_buffer->data();
382 if (repl_source.host) source->host = utf8_buffer->data();
383 if (repl_source.port) source->port = utf8_buffer->data();
384 if (repl_source.path) source->path = utf8_buffer->data();
385 if (repl_source.query) source->query = utf8_buffer->data();
386 if (repl_source.ref) source->ref = utf8_buffer->data();
388 return success;
391 #ifndef WIN32
393 int _itoa_s(int value, char* buffer, size_t size_in_chars, int radix) {
394 const char* format_str;
395 if (radix == 10)
396 format_str = "%d";
397 else if (radix == 16)
398 format_str = "%x";
399 else
400 return EINVAL;
402 int written = snprintf(buffer, size_in_chars, format_str, value);
403 if (static_cast<size_t>(written) >= size_in_chars) {
404 // Output was truncated, or written was negative.
405 return EINVAL;
407 return 0;
410 int _itow_s(int value, base::char16* buffer, size_t size_in_chars, int radix) {
411 if (radix != 10)
412 return EINVAL;
414 // No more than 12 characters will be required for a 32-bit integer.
415 // Add an extra byte for the terminating null.
416 char temp[13];
417 int written = snprintf(temp, sizeof(temp), "%d", value);
418 if (static_cast<size_t>(written) >= size_in_chars) {
419 // Output was truncated, or written was negative.
420 return EINVAL;
423 for (int i = 0; i < written; ++i) {
424 buffer[i] = static_cast<base::char16>(temp[i]);
426 buffer[written] = '\0';
427 return 0;
430 #endif // !WIN32
432 } // namespace url