search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
components: Fix 'gn check' errors for user_prefs.
[chromium-blink-merge.git] / net / base / net_util_icu.cc
blob0c2644b03976d4c17a1dc29011c18ff48289d3bb
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/net_util.h"
6
7 #include <map>
8 #include <vector>
9
10 #include "base/i18n/time_formatting.h"
11 #include "base/json/string_escape.h"
12 #include "base/lazy_instance.h"
13 #include "base/logging.h"
14 #include "base/memory/singleton.h"
15 #include "base/stl_util.h"
16 #include "base/strings/string_tokenizer.h"
17 #include "base/strings/string_util.h"
18 #include "base/strings/utf_offset_string_conversions.h"
19 #include "base/strings/utf_string_conversions.h"
20 #include "base/time/time.h"
21 #include "url/gurl.h"
22 #include "third_party/icu/source/common/unicode/uidna.h"
23 #include "third_party/icu/source/common/unicode/uniset.h"
24 #include "third_party/icu/source/common/unicode/uscript.h"
25 #include "third_party/icu/source/common/unicode/uset.h"
26 #include "third_party/icu/source/i18n/unicode/datefmt.h"
27 #include "third_party/icu/source/i18n/unicode/regex.h"
28 #include "third_party/icu/source/i18n/unicode/ulocdata.h"
29
30 using base::Time;
31
32 namespace net {
33
34 namespace {
35
36 typedef std::vector<size_t> Offsets;
37
38 // Does some simple normalization of scripts so we can allow certain scripts
39 // to exist together.
40 // TODO(brettw) bug 880223: we should allow some other languages to be
41 // oombined such as Chinese and Latin. We will probably need a more
42 // complicated system of language pairs to have more fine-grained control.
43 UScriptCode NormalizeScript(UScriptCode code) {
44 switch (code) {
45 case USCRIPT_KATAKANA:
46 case USCRIPT_HIRAGANA:
47 case USCRIPT_KATAKANA_OR_HIRAGANA:
48 case USCRIPT_HANGUL: // This one is arguable.
49 return USCRIPT_HAN;
50 default:
51 return code;
52 }
53 }
54
55 bool IsIDNComponentInSingleScript(const base::char16* str, int str_len) {
56 UScriptCode first_script = USCRIPT_INVALID_CODE;
57 bool is_first = true;
58
59 int i = 0;
60 while (i < str_len) {
61 unsigned code_point;
62 U16_NEXT(str, i, str_len, code_point);
63
64 UErrorCode err = U_ZERO_ERROR;
65 UScriptCode cur_script = uscript_getScript(code_point, &err);
66 if (err != U_ZERO_ERROR)
67 return false; // Report mixed on error.
68 cur_script = NormalizeScript(cur_script);
69
70 // TODO(brettw) We may have to check for USCRIPT_INHERENT as well.
71 if (is_first && cur_script != USCRIPT_COMMON) {
72 first_script = cur_script;
73 is_first = false;
74 } else {
75 if (cur_script != USCRIPT_COMMON && cur_script != first_script)
76 return false;
77 }
78 }
79 return true;
80 }
81
82 // Check if the script of a language can be 'safely' mixed with
83 // Latin letters in the ASCII range.
84 bool IsCompatibleWithASCIILetters(const std::string& lang) {
85 // For now, just list Chinese, Japanese and Korean (positive list).
86 // An alternative is negative-listing (languages using Greek and
87 // Cyrillic letters), but it can be more dangerous.
88 return !lang.substr(0, 2).compare("zh") ||
89 !lang.substr(0, 2).compare("ja") ||
90 !lang.substr(0, 2).compare("ko");
91 }
92
93 typedef std::map<std::string, icu::UnicodeSet*> LangToExemplarSetMap;
94
95 class LangToExemplarSet {
96 public:
97 static LangToExemplarSet* GetInstance() {
98 return Singleton<LangToExemplarSet>::get();
99 }
100
101 private:
102 LangToExemplarSetMap map;
103 LangToExemplarSet() { }
104 ~LangToExemplarSet() {
105 STLDeleteContainerPairSecondPointers(map.begin(), map.end());
106 }
107
108 friend class Singleton<LangToExemplarSet>;
109 friend struct DefaultSingletonTraits<LangToExemplarSet>;
110 friend bool GetExemplarSetForLang(const std::string&, icu::UnicodeSet**);
111 friend void SetExemplarSetForLang(const std::string&, icu::UnicodeSet*);
112
113 DISALLOW_COPY_AND_ASSIGN(LangToExemplarSet);
114 };
115
116 bool GetExemplarSetForLang(const std::string& lang,
117 icu::UnicodeSet** lang_set) {
118 const LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map;
119 LangToExemplarSetMap::const_iterator pos = map.find(lang);
120 if (pos != map.end()) {
121 *lang_set = pos->second;
122 return true;
123 }
124 return false;
125 }
126
127 void SetExemplarSetForLang(const std::string& lang,
128 icu::UnicodeSet* lang_set) {
129 LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map;
130 map.insert(std::make_pair(lang, lang_set));
131 }
132
133 static base::LazyInstance<base::Lock>::Leaky
134 g_lang_set_lock = LAZY_INSTANCE_INITIALIZER;
135
136 // Returns true if all the characters in component_characters are used by
137 // the language |lang|.
138 bool IsComponentCoveredByLang(const icu::UnicodeSet& component_characters,
139 const std::string& lang) {
140 CR_DEFINE_STATIC_LOCAL(
141 const icu::UnicodeSet, kASCIILetters, ('a', 'z'));
142 icu::UnicodeSet* lang_set = nullptr;
143 // We're called from both the UI thread and the history thread.
144 {
145 base::AutoLock lock(g_lang_set_lock.Get());
146 if (!GetExemplarSetForLang(lang, &lang_set)) {
147 UErrorCode status = U_ZERO_ERROR;
148 ULocaleData* uld = ulocdata_open(lang.c_str(), &status);
149 // TODO(jungshik) Turn this check on when the ICU data file is
150 // rebuilt with the minimal subset of locale data for languages
151 // to which Chrome is not localized but which we offer in the list
152 // of languages selectable for Accept-Languages. With the rebuilt ICU
153 // data, ulocdata_open never should fall back to the default locale.
154 // (issue 2078)
155 // DCHECK(U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING);
156 if (U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING) {
157 lang_set = reinterpret_cast<icu::UnicodeSet*>(ulocdata_getExemplarSet(
158 uld, nullptr, 0, ULOCDATA_ES_STANDARD, &status));
159 // On success, if |lang| is compatible with ASCII Latin letters, add
160 // them.
161 if (lang_set && IsCompatibleWithASCIILetters(lang))
162 lang_set->addAll(kASCIILetters);
163 }
164
165 if (!lang_set)
166 lang_set = new icu::UnicodeSet(1, 0);
167
168 lang_set->freeze();
169 SetExemplarSetForLang(lang, lang_set);
170 ulocdata_close(uld);
171 }
172 }
173 return !lang_set->isEmpty() && lang_set->containsAll(component_characters);
174 }
175
176 // Returns true if the given Unicode host component is safe to display to the
177 // user.
178 bool IsIDNComponentSafe(const base::char16* str,
179 int str_len,
180 const std::string& languages) {
181 // Most common cases (non-IDN) do not reach here so that we don't
182 // need a fast return path.
183 // TODO(jungshik) : Check if there's any character inappropriate
184 // (although allowed) for domain names.
185 // See http://www.unicode.org/reports/tr39/#IDN_Security_Profiles and
186 // http://www.unicode.org/reports/tr39/data/xidmodifications.txt
187 // For now, we borrow the list from Mozilla and tweaked it slightly.
188 // (e.g. Characters like U+00A0, U+3000, U+3002 are omitted because
189 // they're gonna be canonicalized to U+0020 and full stop before
190 // reaching here.)
191 // The original list is available at
192 // http://kb.mozillazine.org/Network.IDN.blacklist_chars and
193 // at http://mxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#703
194
195 UErrorCode status = U_ZERO_ERROR;
196 #ifdef U_WCHAR_IS_UTF16
197 icu::UnicodeSet dangerous_characters(
198 icu::UnicodeString(
199 L"[[\\ \u00ad\u00bc\u00bd\u01c3\u0337\u0338"
200 L"\u05c3\u05f4\u06d4\u0702\u115f\u1160][\u2000-\u200b]"
201 L"[\u2024\u2027\u2028\u2029\u2039\u203a\u2044\u205f]"
202 L"[\u2154-\u2156][\u2159-\u215b][\u215f\u2215\u23ae"
203 L"\u29f6\u29f8\u2afb\u2afd][\u2ff0-\u2ffb][\u3014"
204 L"\u3015\u3033\u3164\u321d\u321e\u33ae\u33af\u33c6\u33df\ufe14"
205 L"\ufe15\ufe3f\ufe5d\ufe5e\ufeff\uff0e\uff06\uff61\uffa0\ufff9]"
206 L"[\ufffa-\ufffd]\U0001f50f\U0001f510\U0001f512\U0001f513]"),
207 status);
208 DCHECK(U_SUCCESS(status));
209 icu::RegexMatcher dangerous_patterns(icu::UnicodeString(
210 // Lone katakana no, so, or n
211 L"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]"
212 // Repeating Japanese accent characters
213 L"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"),
214 0, status);
215 #else
216 icu::UnicodeSet dangerous_characters(icu::UnicodeString(
217 "[[\\u0020\\u00ad\\u00bc\\u00bd\\u01c3\\u0337\\u0338"
218 "\\u05c3\\u05f4\\u06d4\\u0702\\u115f\\u1160][\\u2000-\\u200b]"
219 "[\\u2024\\u2027\\u2028\\u2029\\u2039\\u203a\\u2044\\u205f]"
220 "[\\u2154-\\u2156][\\u2159-\\u215b][\\u215f\\u2215\\u23ae"
221 "\\u29f6\\u29f8\\u2afb\\u2afd][\\u2ff0-\\u2ffb][\\u3014"
222 "\\u3015\\u3033\\u3164\\u321d\\u321e\\u33ae\\u33af\\u33c6\\u33df\\ufe14"
223 "\\ufe15\\ufe3f\\ufe5d\\ufe5e\\ufeff\\uff0e\\uff06\\uff61\\uffa0\\ufff9]"
224 "[\\ufffa-\\ufffd]\\U0001f50f\\U0001f510\\U0001f512\\U0001f513]", -1,
225 US_INV), status);
226 DCHECK(U_SUCCESS(status));
227 icu::RegexMatcher dangerous_patterns(icu::UnicodeString(
228 // Lone katakana no, so, or n
229 "[^\\p{Katakana}][\\u30ce\\u30f3\\u30bd][^\\p{Katakana}]"
230 // Repeating Japanese accent characters
231 "|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"),
232 0, status);
233 #endif
234 DCHECK(U_SUCCESS(status));
235 icu::UnicodeSet component_characters;
236 icu::UnicodeString component_string(str, str_len);
237 component_characters.addAll(component_string);
238 if (dangerous_characters.containsSome(component_characters))
239 return false;
240
241 DCHECK(U_SUCCESS(status));
242 dangerous_patterns.reset(component_string);
243 if (dangerous_patterns.find())
244 return false;
245
246 // If the language list is empty, the result is completely determined
247 // by whether a component is a single script or not. This will block
248 // even "safe" script mixing cases like <Chinese, Latin-ASCII> that are
249 // allowed with |languages| (while it blocks Chinese + Latin letters with
250 // an accent as should be the case), but we want to err on the safe side
251 // when |languages| is empty.
252 if (languages.empty())
253 return IsIDNComponentInSingleScript(str, str_len);
254
255 // |common_characters| is made up of ASCII numbers, hyphen, plus and
256 // underscore that are used across scripts and allowed in domain names.
257 // (sync'd with characters allowed in url_canon_host with square
258 // brackets excluded.) See kHostCharLookup[] array in url_canon_host.cc.
259 icu::UnicodeSet common_characters(UNICODE_STRING_SIMPLE("[[0-9]\\-_+\\ ]"),
260 status);
261 DCHECK(U_SUCCESS(status));
262 // Subtract common characters because they're always allowed so that
263 // we just have to check if a language-specific set contains
264 // the remainder.
265 component_characters.removeAll(common_characters);
266
267 base::StringTokenizer t(languages, ",");
268 while (t.GetNext()) {
269 if (IsComponentCoveredByLang(component_characters, t.token()))
270 return true;
271 }
272 return false;
273 }
274
275 // A wrapper to use LazyInstance<>::Leaky with ICU's UIDNA, a C pointer to
276 // a UTS46/IDNA 2008 handling object opened with uidna_openUTS46().
277 //
278 // We use UTS46 with BiDiCheck to migrate from IDNA 2003 to IDNA 2008 with
279 // the backward compatibility in mind. What it does:
280 //
281 // 1. Use the up-to-date Unicode data.
282 // 2. Define a case folding/mapping with the up-to-date Unicode data as
283 // in IDNA 2003.
284 // 3. Use transitional mechanism for 4 deviation characters (sharp-s,
285 // final sigma, ZWJ and ZWNJ) for now.
286 // 4. Continue to allow symbols and punctuations.
287 // 5. Apply new BiDi check rules more permissive than the IDNA 2003 BiDI rules.
288 // 6. Do not apply STD3 rules
289 // 7. Do not allow unassigned code points.
290 //
291 // It also closely matches what IE 10 does except for the BiDi check (
292 // http://goo.gl/3XBhqw ).
293 // See http://http://unicode.org/reports/tr46/ and references therein
294 // for more details.
295 struct UIDNAWrapper {
296 UIDNAWrapper() {
297 UErrorCode err = U_ZERO_ERROR;
298 // TODO(jungshik): Change options as different parties (browsers,
299 // registrars, search engines) converge toward a consensus.
300 value = uidna_openUTS46(UIDNA_CHECK_BIDI, &err);
301 if (U_FAILURE(err))
302 value = NULL;
303 }
304
305 UIDNA* value;
306 };
307
308 static base::LazyInstance<UIDNAWrapper>::Leaky
309 g_uidna = LAZY_INSTANCE_INITIALIZER;
310
311 // Converts one component of a host (between dots) to IDN if safe. The result
312 // will be APPENDED to the given output string and will be the same as the input
313 // if it is not IDN or the IDN is unsafe to display. Returns whether any
314 // conversion was performed.
315 bool IDNToUnicodeOneComponent(const base::char16* comp,
316 size_t comp_len,
317 const std::string& languages,
318 base::string16* out) {
319 DCHECK(out);
320 if (comp_len == 0)
321 return false;
322
323 // Only transform if the input can be an IDN component.
324 static const base::char16 kIdnPrefix[] = {'x', 'n', '-', '-'};
325 if ((comp_len > arraysize(kIdnPrefix)) &&
326 !memcmp(comp, kIdnPrefix, arraysize(kIdnPrefix) * sizeof(base::char16))) {
327 UIDNA* uidna = g_uidna.Get().value;
328 DCHECK(uidna != NULL);
329 size_t original_length = out->length();
330 int output_length = 64;
331 UIDNAInfo info = UIDNA_INFO_INITIALIZER;
332 UErrorCode status;
333 do {
334 out->resize(original_length + output_length);
335 status = U_ZERO_ERROR;
336 // This returns the actual length required. If this is more than 64
337 // code units, |status| will be U_BUFFER_OVERFLOW_ERROR and we'll try
338 // the conversion again, but with a sufficiently large buffer.
339 output_length = uidna_labelToUnicode(
340 uidna, comp, static_cast<int32_t>(comp_len), &(*out)[original_length],
341 output_length, &info, &status);
342 } while ((status == U_BUFFER_OVERFLOW_ERROR && info.errors == 0));
343
344 if (U_SUCCESS(status) && info.errors == 0) {
345 // Converted successfully. Ensure that the converted component
346 // can be safely displayed to the user.
347 out->resize(original_length + output_length);
348 if (IsIDNComponentSafe(out->data() + original_length, output_length,
349 languages))
350 return true;
351 }
352
353 // Something went wrong. Revert to original string.
354 out->resize(original_length);
355 }
356
357 // We get here with no IDN or on error, in which case we just append the
358 // literal input.
359 out->append(comp, comp_len);
360 return false;
361 }
362
363 // TODO(brettw) bug 734373: check the scripts for each host component and
364 // don't un-IDN-ize if there is more than one. Alternatively, only IDN for
365 // scripts that the user has installed. For now, just put the entire
366 // path through IDN. Maybe this feature can be implemented in ICU itself?
367 //
368 // We may want to skip this step in the case of file URLs to allow unicode
369 // UNC hostnames regardless of encodings.
370 base::string16 IDNToUnicodeWithAdjustments(
371 const std::string& host,
372 const std::string& languages,
373 base::OffsetAdjuster::Adjustments* adjustments) {
374 if (adjustments)
375 adjustments->clear();
376 // Convert the ASCII input to a base::string16 for ICU.
377 base::string16 input16;
378 input16.reserve(host.length());
379 input16.insert(input16.end(), host.begin(), host.end());
380
381 // Do each component of the host separately, since we enforce script matching
382 // on a per-component basis.
383 base::string16 out16;
384 {
385 for (size_t component_start = 0, component_end;
386 component_start < input16.length();
387 component_start = component_end + 1) {
388 // Find the end of the component.
389 component_end = input16.find('.', component_start);
390 if (component_end == base::string16::npos)
391 component_end = input16.length(); // For getting the last component.
392 size_t component_length = component_end - component_start;
393 size_t new_component_start = out16.length();
394 bool converted_idn = false;
395 if (component_end > component_start) {
396 // Add the substring that we just found.
397 converted_idn = IDNToUnicodeOneComponent(
398 input16.data() + component_start, component_length, languages,
399 &out16);
400 }
401 size_t new_component_length = out16.length() - new_component_start;
402
403 if (converted_idn && adjustments) {
404 adjustments->push_back(base::OffsetAdjuster::Adjustment(
405 component_start, component_length, new_component_length));
406 }
407
408 // Need to add the dot we just found (if we found one).
409 if (component_end < input16.length())
410 out16.push_back('.');
411 }
412 }
413 return out16;
414 }
415
416 // If |component| is valid, its begin is incremented by |delta|.
417 void AdjustComponent(int delta, url::Component* component) {
418 if (!component->is_valid())
419 return;
420
421 DCHECK(delta >= 0 || component->begin >= -delta);
422 component->begin += delta;
423 }
424
425 // Adjusts all the components of |parsed| by |delta|, except for the scheme.
426 void AdjustAllComponentsButScheme(int delta, url::Parsed* parsed) {
427 AdjustComponent(delta, &(parsed->username));
428 AdjustComponent(delta, &(parsed->password));
429 AdjustComponent(delta, &(parsed->host));
430 AdjustComponent(delta, &(parsed->port));
431 AdjustComponent(delta, &(parsed->path));
432 AdjustComponent(delta, &(parsed->query));
433 AdjustComponent(delta, &(parsed->ref));
434 }
435
436 // Helper for FormatUrlWithOffsets().
437 base::string16 FormatViewSourceUrl(
438 const GURL& url,
439 const std::string& languages,
440 FormatUrlTypes format_types,
441 UnescapeRule::Type unescape_rules,
442 url::Parsed* new_parsed,
443 size_t* prefix_end,
444 base::OffsetAdjuster::Adjustments* adjustments) {
445 DCHECK(new_parsed);
446 const char kViewSource[] = "view-source:";
447 const size_t kViewSourceLength = arraysize(kViewSource) - 1;
448
449 // Format the underlying URL and record adjustments.
450 const std::string& url_str(url.possibly_invalid_spec());
451 adjustments->clear();
452 base::string16 result(base::ASCIIToUTF16(kViewSource) +
453 FormatUrlWithAdjustments(GURL(url_str.substr(kViewSourceLength)),
454 languages, format_types, unescape_rules,
455 new_parsed, prefix_end, adjustments));
456 // Revise |adjustments| by shifting to the offsets to prefix that the above
457 // call to FormatUrl didn't get to see.
458 for (base::OffsetAdjuster::Adjustments::iterator it = adjustments->begin();
459 it != adjustments->end(); ++it)
460 it->original_offset += kViewSourceLength;
461
462 // Adjust positions of the parsed components.
463 if (new_parsed->scheme.is_nonempty()) {
464 // Assume "view-source:real-scheme" as a scheme.
465 new_parsed->scheme.len += kViewSourceLength;
466 } else {
467 new_parsed->scheme.begin = 0;
468 new_parsed->scheme.len = kViewSourceLength - 1;
469 }
470 AdjustAllComponentsButScheme(kViewSourceLength, new_parsed);
471
472 if (prefix_end)
473 *prefix_end += kViewSourceLength;
474
475 return result;
476 }
477
478 class AppendComponentTransform {
479 public:
480 AppendComponentTransform() {}
481 virtual ~AppendComponentTransform() {}
482
483 virtual base::string16 Execute(
484 const std::string& component_text,
485 base::OffsetAdjuster::Adjustments* adjustments) const = 0;
486
487 // NOTE: No DISALLOW_COPY_AND_ASSIGN here, since gcc < 4.3.0 requires an
488 // accessible copy constructor in order to call AppendFormattedComponent()
489 // with an inline temporary (see http://gcc.gnu.org/bugs/#cxx%5Frvalbind ).
490 };
491
492 class HostComponentTransform : public AppendComponentTransform {
493 public:
494 explicit HostComponentTransform(const std::string& languages)
495 : languages_(languages) {
496 }
497
498 private:
499 base::string16 Execute(
500 const std::string& component_text,
501 base::OffsetAdjuster::Adjustments* adjustments) const override {
502 return IDNToUnicodeWithAdjustments(component_text, languages_,
503 adjustments);
504 }
505
506 const std::string& languages_;
507 };
508
509 class NonHostComponentTransform : public AppendComponentTransform {
510 public:
511 explicit NonHostComponentTransform(UnescapeRule::Type unescape_rules)
512 : unescape_rules_(unescape_rules) {
513 }
514
515 private:
516 base::string16 Execute(
517 const std::string& component_text,
518 base::OffsetAdjuster::Adjustments* adjustments) const override {
519 return (unescape_rules_ == UnescapeRule::NONE) ?
520 base::UTF8ToUTF16WithAdjustments(component_text, adjustments) :
521 UnescapeAndDecodeUTF8URLComponentWithAdjustments(component_text,
522 unescape_rules_, adjustments);
523 }
524
525 const UnescapeRule::Type unescape_rules_;
526 };
527
528 // Transforms the portion of |spec| covered by |original_component| according to
529 // |transform|. Appends the result to |output|. If |output_component| is
530 // non-NULL, its start and length are set to the transformed component's new
531 // start and length. If |adjustments| is non-NULL, appends adjustments (if
532 // any) that reflect the transformation the original component underwent to
533 // become the transformed value appended to |output|.
534 void AppendFormattedComponent(const std::string& spec,
535 const url::Component& original_component,
536 const AppendComponentTransform& transform,
537 base::string16* output,
538 url::Component* output_component,
539 base::OffsetAdjuster::Adjustments* adjustments) {
540 DCHECK(output);
541 if (original_component.is_nonempty()) {
542 size_t original_component_begin =
543 static_cast<size_t>(original_component.begin);
544 size_t output_component_begin = output->length();
545 std::string component_str(spec, original_component_begin,
546 static_cast<size_t>(original_component.len));
547
548 // Transform |component_str| and modify |adjustments| appropriately.
549 base::OffsetAdjuster::Adjustments component_transform_adjustments;
550 output->append(
551 transform.Execute(component_str, &component_transform_adjustments));
552
553 // Shift all the adjustments made for this component so the offsets are
554 // valid for the original string and add them to |adjustments|.
555 for (base::OffsetAdjuster::Adjustments::iterator comp_iter =
556 component_transform_adjustments.begin();
557 comp_iter != component_transform_adjustments.end(); ++comp_iter)
558 comp_iter->original_offset += original_component_begin;
559 if (adjustments) {
560 adjustments->insert(adjustments->end(),
561 component_transform_adjustments.begin(),
562 component_transform_adjustments.end());
563 }
564
565 // Set positions of the parsed component.
566 if (output_component) {
567 output_component->begin = static_cast<int>(output_component_begin);
568 output_component->len =
569 static_cast<int>(output->length() - output_component_begin);
570 }
571 } else if (output_component) {
572 output_component->reset();
573 }
574 }
575
576 } // namespace
577
578 const FormatUrlType kFormatUrlOmitNothing = 0;
579 const FormatUrlType kFormatUrlOmitUsernamePassword = 1 << 0;
580 const FormatUrlType kFormatUrlOmitHTTP = 1 << 1;
581 const FormatUrlType kFormatUrlOmitTrailingSlashOnBareHostname = 1 << 2;
582 const FormatUrlType kFormatUrlOmitAll = kFormatUrlOmitUsernamePassword |
583 kFormatUrlOmitHTTP | kFormatUrlOmitTrailingSlashOnBareHostname;
584
585 base::string16 IDNToUnicode(const std::string& host,
586 const std::string& languages) {
587 return IDNToUnicodeWithAdjustments(host, languages, NULL);
588 }
589
590 std::string GetDirectoryListingEntry(const base::string16& name,
591 const std::string& raw_bytes,
592 bool is_dir,
593 int64_t size,
594 Time modified) {
595 std::string result;
596 result.append("<script>addRow(");
597 base::EscapeJSONString(name, true, &result);
598 result.append(",");
599 if (raw_bytes.empty()) {
600 base::EscapeJSONString(EscapePath(base::UTF16ToUTF8(name)), true, &result);
601 } else {
602 base::EscapeJSONString(EscapePath(raw_bytes), true, &result);
603 }
604 if (is_dir) {
605 result.append(",1,");
606 } else {
607 result.append(",0,");
608 }
609
610 // Negative size means unknown or not applicable (e.g. directory).
611 base::string16 size_string;
612 if (size >= 0)
613 size_string = base::FormatBytesUnlocalized(size);
614 base::EscapeJSONString(size_string, true, &result);
615
616 result.append(",");
617
618 base::string16 modified_str;
619 // |modified| can be NULL in FTP listings.
620 if (!modified.is_null()) {
621 modified_str = base::TimeFormatShortDateAndTime(modified);
622 }
623 base::EscapeJSONString(modified_str, true, &result);
624
625 result.append(");</script>\n");
626
627 return result;
628 }
629
630 void AppendFormattedHost(const GURL& url,
631 const std::string& languages,
632 base::string16* output) {
633 AppendFormattedComponent(url.possibly_invalid_spec(),
634 url.parsed_for_possibly_invalid_spec().host,
635 HostComponentTransform(languages), output, NULL, NULL);
636 }
637
638 base::string16 FormatUrlWithOffsets(
639 const GURL& url,
640 const std::string& languages,
641 FormatUrlTypes format_types,
642 UnescapeRule::Type unescape_rules,
643 url::Parsed* new_parsed,
644 size_t* prefix_end,
645 std::vector<size_t>* offsets_for_adjustment) {
646 base::OffsetAdjuster::Adjustments adjustments;
647 const base::string16& format_url_return_value =
648 FormatUrlWithAdjustments(url, languages, format_types, unescape_rules,
649 new_parsed, prefix_end, &adjustments);
650 base::OffsetAdjuster::AdjustOffsets(adjustments, offsets_for_adjustment);
651 if (offsets_for_adjustment) {
652 std::for_each(
653 offsets_for_adjustment->begin(),
654 offsets_for_adjustment->end(),
655 base::LimitOffset<std::string>(format_url_return_value.length()));
656 }
657 return format_url_return_value;
658 }
659
660 base::string16 FormatUrlWithAdjustments(
661 const GURL& url,
662 const std::string& languages,
663 FormatUrlTypes format_types,
664 UnescapeRule::Type unescape_rules,
665 url::Parsed* new_parsed,
666 size_t* prefix_end,
667 base::OffsetAdjuster::Adjustments* adjustments) {
668 DCHECK(adjustments != NULL);
669 adjustments->clear();
670 url::Parsed parsed_temp;
671 if (!new_parsed)
672 new_parsed = &parsed_temp;
673 else
674 *new_parsed = url::Parsed();
675
676 // Special handling for view-source:. Don't use content::kViewSourceScheme
677 // because this library shouldn't depend on chrome.
678 const char kViewSource[] = "view-source";
679 // Reject "view-source:view-source:..." to avoid deep recursion.
680 const char kViewSourceTwice[] = "view-source:view-source:";
681 if (url.SchemeIs(kViewSource) &&
682 !base::StartsWithASCII(url.possibly_invalid_spec(), kViewSourceTwice,
683 false)) {
684 return FormatViewSourceUrl(url, languages, format_types,
685 unescape_rules, new_parsed, prefix_end,
686 adjustments);
687 }
688
689 // We handle both valid and invalid URLs (this will give us the spec
690 // regardless of validity).
691 const std::string& spec = url.possibly_invalid_spec();
692 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec();
693
694 // Scheme & separators. These are ASCII.
695 base::string16 url_string;
696 url_string.insert(
697 url_string.end(), spec.begin(),
698 spec.begin() + parsed.CountCharactersBefore(url::Parsed::USERNAME, true));
699 const char kHTTP[] = "http://";
700 const char kFTP[] = "ftp.";
701 // url_fixer::FixupURL() treats "ftp.foo.com" as ftp://ftp.foo.com. This
702 // means that if we trim "http://" off a URL whose host starts with "ftp." and
703 // the user inputs this into any field subject to fixup (which is basically
704 // all input fields), the meaning would be changed. (In fact, often the
705 // formatted URL is directly pre-filled into an input field.) For this reason
706 // we avoid stripping "http://" in this case.
707 bool omit_http = (format_types & kFormatUrlOmitHTTP) &&
708 base::EqualsASCII(url_string, kHTTP) &&
709 !base::StartsWithASCII(url.host(), kFTP, true);
710 new_parsed->scheme = parsed.scheme;
711
712 // Username & password.
713 if ((format_types & kFormatUrlOmitUsernamePassword) != 0) {
714 // Remove the username and password fields. We don't want to display those
715 // to the user since they can be used for attacks,
716 // e.g. "http://google.com:search@evil.ru/"
717 new_parsed->username.reset();
718 new_parsed->password.reset();
719 // Update the adjustments based on removed username and/or password.
720 if (parsed.username.is_nonempty() || parsed.password.is_nonempty()) {
721 if (parsed.username.is_nonempty() && parsed.password.is_nonempty()) {
722 // The seeming off-by-two is to account for the ':' after the username
723 // and '@' after the password.
724 adjustments->push_back(base::OffsetAdjuster::Adjustment(
725 static_cast<size_t>(parsed.username.begin),
726 static_cast<size_t>(parsed.username.len + parsed.password.len + 2),
727 0));
728 } else {
729 const url::Component* nonempty_component =
730 parsed.username.is_nonempty() ? &parsed.username : &parsed.password;
731 // The seeming off-by-one is to account for the '@' after the
732 // username/password.
733 adjustments->push_back(base::OffsetAdjuster::Adjustment(
734 static_cast<size_t>(nonempty_component->begin),
735 static_cast<size_t>(nonempty_component->len + 1),
736 0));
737 }
738 }
739 } else {
740 AppendFormattedComponent(spec, parsed.username,
741 NonHostComponentTransform(unescape_rules),
742 &url_string, &new_parsed->username, adjustments);
743 if (parsed.password.is_valid())
744 url_string.push_back(':');
745 AppendFormattedComponent(spec, parsed.password,
746 NonHostComponentTransform(unescape_rules),
747 &url_string, &new_parsed->password, adjustments);
748 if (parsed.username.is_valid() || parsed.password.is_valid())
749 url_string.push_back('@');
750 }
751 if (prefix_end)
752 *prefix_end = static_cast<size_t>(url_string.length());
753
754 // Host.
755 AppendFormattedComponent(spec, parsed.host, HostComponentTransform(languages),
756 &url_string, &new_parsed->host, adjustments);
757
758 // Port.
759 if (parsed.port.is_nonempty()) {
760 url_string.push_back(':');
761 new_parsed->port.begin = url_string.length();
762 url_string.insert(url_string.end(),
763 spec.begin() + parsed.port.begin,
764 spec.begin() + parsed.port.end());
765 new_parsed->port.len = url_string.length() - new_parsed->port.begin;
766 } else {
767 new_parsed->port.reset();
768 }
769
770 // Path & query. Both get the same general unescape & convert treatment.
771 if (!(format_types & kFormatUrlOmitTrailingSlashOnBareHostname) ||
772 !CanStripTrailingSlash(url)) {
773 AppendFormattedComponent(spec, parsed.path,
774 NonHostComponentTransform(unescape_rules),
775 &url_string, &new_parsed->path, adjustments);
776 } else {
777 if (parsed.path.len > 0) {
778 adjustments->push_back(base::OffsetAdjuster::Adjustment(
779 parsed.path.begin, parsed.path.len, 0));
780 }
781 }
782 if (parsed.query.is_valid())
783 url_string.push_back('?');
784 AppendFormattedComponent(spec, parsed.query,
785 NonHostComponentTransform(unescape_rules),
786 &url_string, &new_parsed->query, adjustments);
787
788 // Ref. This is valid, unescaped UTF-8, so we can just convert.
789 if (parsed.ref.is_valid())
790 url_string.push_back('#');
791 AppendFormattedComponent(spec, parsed.ref,
792 NonHostComponentTransform(UnescapeRule::NONE),
793 &url_string, &new_parsed->ref, adjustments);
794
795 // If we need to strip out http do it after the fact.
796 if (omit_http &&
797 base::StartsWith(url_string, base::ASCIIToUTF16(kHTTP), true)) {
798 const size_t kHTTPSize = arraysize(kHTTP) - 1;
799 url_string = url_string.substr(kHTTPSize);
800 // Because offsets in the |adjustments| are already calculated with respect
801 // to the string with the http:// prefix in it, those offsets remain correct
802 // after stripping the prefix. The only thing necessary is to add an
803 // adjustment to reflect the stripped prefix.
804 adjustments->insert(adjustments->begin(),
805 base::OffsetAdjuster::Adjustment(0, kHTTPSize, 0));
806
807 if (prefix_end)
808 *prefix_end -= kHTTPSize;
809
810 // Adjust new_parsed.
811 DCHECK(new_parsed->scheme.is_valid());
812 int delta = -(new_parsed->scheme.len + 3); // +3 for ://.
813 new_parsed->scheme.reset();
814 AdjustAllComponentsButScheme(delta, new_parsed);
815 }
816
817 return url_string;
818 }
819
820 base::string16 FormatUrl(const GURL& url,
821 const std::string& languages,
822 FormatUrlTypes format_types,
823 UnescapeRule::Type unescape_rules,
824 url::Parsed* new_parsed,
825 size_t* prefix_end,
826 size_t* offset_for_adjustment) {
827 Offsets offsets;
828 if (offset_for_adjustment)
829 offsets.push_back(*offset_for_adjustment);
830 base::string16 result = FormatUrlWithOffsets(url, languages, format_types,
831 unescape_rules, new_parsed, prefix_end, &offsets);
832 if (offset_for_adjustment)
833 *offset_for_adjustment = offsets[0];
834 return result;
835 }
836
837 } // namespace net