Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webkit/plugins/ppapi/ppb_websocket_impl.cc

Issue 8839003: WebSocket Pepper API: validate redundant protocols in Connect() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase for dcommit Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « ppapi/tests/test_websocket.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "webkit/plugins/ppapi/ppb_websocket_impl.h" 5 #include "webkit/plugins/ppapi/ppb_websocket_impl.h"
6 6
7 #include <set>
7 #include <string> 8 #include <string>
8 9
9 #include "base/basictypes.h" 10 #include "base/basictypes.h"
10 #include "base/logging.h" 11 #include "base/logging.h"
11 #include "googleurl/src/gurl.h" 12 #include "googleurl/src/gurl.h"
12 #include "net/base/net_util.h" 13 #include "net/base/net_util.h"
13 #include "ppapi/c/pp_completion_callback.h" 14 #include "ppapi/c/pp_completion_callback.h"
14 #include "ppapi/c/pp_errors.h" 15 #include "ppapi/c/pp_errors.h"
15 #include "ppapi/c/pp_var.h" 16 #include "ppapi/c/pp_var.h"
16 #include "ppapi/c/ppb_var.h" 17 #include "ppapi/c/ppb_var.h"
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after
137 return PP_ERROR_BADARGUMENT; 138 return PP_ERROR_BADARGUMENT;
138 if (!gurl.SchemeIs("ws") && !gurl.SchemeIs("wss")) 139 if (!gurl.SchemeIs("ws") && !gurl.SchemeIs("wss"))
139 return PP_ERROR_BADARGUMENT; 140 return PP_ERROR_BADARGUMENT;
140 if (gurl.has_ref()) 141 if (gurl.has_ref())
141 return PP_ERROR_BADARGUMENT; 142 return PP_ERROR_BADARGUMENT;
142 if (!net::IsPortAllowedByDefault(gurl.IntPort())) 143 if (!net::IsPortAllowedByDefault(gurl.IntPort()))
143 return PP_ERROR_BADARGUMENT; 144 return PP_ERROR_BADARGUMENT;
144 WebURL web_url(gurl); 145 WebURL web_url(gurl);
145 146
146 // Validate protocols and convert it to WebString. 147 // Validate protocols and convert it to WebString.
147 // TODO(toyoshim): Detect duplicated protocols as error.
148 std::string protocol_string; 148 std::string protocol_string;
149 std::set<std::string> protocol_set;
149 for (uint32_t i = 0; i < protocol_count; i++) { 150 for (uint32_t i = 0; i < protocol_count; i++) {
150 // TODO(toyoshim): Similar function exist in WebKit::WebSocket. 151 // TODO(toyoshim): Similar function exist in WebKit::WebSocket.
151 // We must rearrange them into WebKit::WebChannel and share its protocol 152 // We must rearrange them into WebKit::WebChannel and share its protocol
152 // related implementation via WebKit API. 153 // related implementation via WebKit API.
153 scoped_refptr<StringVar> string_var; 154 scoped_refptr<StringVar> string_var;
154 string_var = StringVar::FromPPVar(protocols[i]); 155 string_var = StringVar::FromPPVar(protocols[i]);
156
157 // Check duplicated protocol entries.
158 if (protocol_set.find(string_var->value()) != protocol_set.end())
159 return PP_ERROR_BADARGUMENT;
160 protocol_set.insert(string_var->value());
161
162 // Check invalid and empty entries.
155 if (!string_var || !string_var->value().length()) 163 if (!string_var || !string_var->value().length())
156 return PP_ERROR_BADARGUMENT; 164 return PP_ERROR_BADARGUMENT;
165
166 // Check containing characters.
157 for (std::string::const_iterator it = string_var->value().begin(); 167 for (std::string::const_iterator it = string_var->value().begin();
158 it != string_var->value().end(); 168 it != string_var->value().end();
159 ++it) { 169 ++it) {
160 uint8_t character = static_cast<uint8_t>(*it); 170 uint8_t character = static_cast<uint8_t>(*it);
161 // WebSocket specification says "(Subprotocol string must consist of) 171 // WebSocket specification says "(Subprotocol string must consist of)
162 // characters in the range U+0021 to U+007E not including separator 172 // characters in the range U+0021 to U+007E not including separator
163 // characters as defined in [RFC2616]." 173 // characters as defined in [RFC2616]."
164 const uint8_t minimumProtocolCharacter = '!'; // U+0021. 174 const uint8_t minimumProtocolCharacter = '!'; // U+0021.
165 const uint8_t maximumProtocolCharacter = '~'; // U+007E. 175 const uint8_t maximumProtocolCharacter = '~'; // U+007E.
166 if (character < minimumProtocolCharacter || 176 if (character < minimumProtocolCharacter ||
167 character > maximumProtocolCharacter || 177 character > maximumProtocolCharacter ||
168 character == '"' || character == '(' || character == ')' || 178 character == '"' || character == '(' || character == ')' ||
169 character == ',' || character == '/' || 179 character == ',' || character == '/' ||
170 (character >= ':' && character <= '@') || // U+003A - U+0040 180 (character >= ':' && character <= '@') || // U+003A - U+0040
171 (character >= '[' && character <= ']') || // U+005B - u+005D 181 (character >= '[' && character <= ']') || // U+005B - u+005D
172 character == '{' || character == '}') 182 character == '{' || character == '}')
173 return PP_ERROR_BADARGUMENT; 183 return PP_ERROR_BADARGUMENT;
174 } 184 }
185 // Join protocols with the comma separator.
175 if (i != 0) 186 if (i != 0)
176 protocol_string.append(","); 187 protocol_string.append(",");
177 protocol_string.append(string_var->value()); 188 protocol_string.append(string_var->value());
178 } 189 }
179 WebString web_protocols = WebString::fromUTF8(protocol_string); 190 WebString web_protocols = WebString::fromUTF8(protocol_string);
180 191
181 // Validate |callback| (Doesn't support blocking callback) 192 // Validate |callback| (Doesn't support blocking callback)
182 if (!callback.func) 193 if (!callback.func)
183 return PP_ERROR_BLOCKS_MAIN_THREAD; 194 return PP_ERROR_BLOCKS_MAIN_THREAD;
184 195
(...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after
487 498
488 *receive_callback_var_ = received_messages_.front(); 499 *receive_callback_var_ = received_messages_.front();
489 received_messages_.pop(); 500 received_messages_.pop();
490 receive_callback_var_ = NULL; 501 receive_callback_var_ = NULL;
491 wait_for_receive_ = false; 502 wait_for_receive_ = false;
492 return PP_OK; 503 return PP_OK;
493 } 504 }
494 505
495 } // namespace ppapi 506 } // namespace ppapi
496 } // namespace webkit 507 } // namespace webkit
OLDNEW
« no previous file with comments | « ppapi/tests/test_websocket.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698