Hardening the 'url::Origin' implementation.

url/origin.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "url/origin.h"
 
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
+#include "url/url_canon.h"
+#include "url/url_constants.h"
+#include "url/url_util.h"
 
 namespace url {
 
-Origin::Origin() : string_("null") {}
+Origin::Origin() {
+  Init(GURL());
+}
 
-Origin::Origin(const std::string& origin) : string_(origin) {
-  DCHECK(origin == "null" || MatchPattern(origin, "?*://?*"));
-  DCHECK_GT(origin.size(), 0u);
-  DCHECK(origin == "file://" || origin[origin.size() - 1] != '/');
+Origin::Origin(const GURL& url) {
+  Init(url);
+}
+
+Origin::Origin(const std::string& scheme,
+               const std::string& host,
+               uint16 port) {
+  // Special-case unique origins (because GURL normalizes '://:0' into a
+  // valid URL, which is unexpected). Otherwise, pass the data through GURL

[Ryan Sleevi, 2015/05/28 07:46:29]

Blah. You mind filing a bug on Chrome for this?

Bonus points if you also throw Annevk a bug through the WHATWG to add it to the
interop test cases for the URL living standard

[Mike West, 2015/05/28 13:49:09]

Sure. https://crbug.com/493123
It doesn't seem to be a bug in the public `URL` constructor interface we expose
to the web. Perhaps KURL is acting differently than GURL here?

+  // for normalization:
+  if (!scheme.size() && !host.size() && !port) {
+    Init(GURL());
+  } else {
+    Init(GURL(scheme + kStandardSchemeSeparator + host +
+              (port ? ":" + base::IntToString(port) : "")));
+  }
+}
+
+Origin::Origin(const std::string& origin) {
+  // Pass the string through GURL for normalization:
+  Init(GURL(origin));
+}
+
+void Origin::Init(const GURL& url) {
+  DCHECK(!url.SchemeIsFileSystem() || url.inner_url());
+
+  // Start with a unique origin, parse from there:
+  scheme_.clear();
+  host_.clear();
+  port_ = 0;
+  unique_ = true;
+  serialization_requires_port_ = false;
+  valid_ = false;
+
+  url::Replacements<char> replacements;
+  replacements.ClearUsername();
+  replacements.ClearPassword();
+  replacements.ClearPath();
+  replacements.ClearQuery();
+  replacements.ClearRef();
+
+  GURL origin = url.SchemeIsFileSystem()
+                    ? url.inner_url()->ReplaceComponents(replacements)
+                    : url.ReplaceComponents(replacements);
+
+  if (!origin.is_valid())
+    return;
+
+  valid_ = true;
+
+  if (!origin.IsStandard())
+    return;
+
+  unique_ = false;
+  scheme_ = origin.scheme();
+
+  if (SchemeIs(kFileScheme))
+    return;
+
+  host_ = origin.host();
+  port_ = origin.EffectiveIntPort();
+  serialization_requires_port_ = origin.IntPort() != PORT_UNSPECIFIED;
+}
+
+std::string Origin::serialize() const {
+  if (unique_)
+    return kUniqueOriginSerialization;
+
+  if (host_.empty())
+    return scheme_ + kStandardSchemeSeparator;
+
+  return scheme_ + kStandardSchemeSeparator + host_ +
+         (serialization_requires_port_ ? ":" + base::IntToString(port_) : "");
+}
+
+bool Origin::SchemeIs(const char* scheme) const {
+  if (!scheme_.size())
+    return scheme == nullptr;
+  return url::LowerCaseEqualsASCII(scheme_.data(),
+                                   scheme_.data() + scheme_.size(), scheme);
+}
+
+bool Origin::SchemeIsCryptographic() const {
+  return SchemeIs(kHttpsScheme) || SchemeIs(kWssScheme);
+}
+
+bool Origin::IsSameOriginWith(const Origin& other) const {
+  return !unique_ && !other.unique_ && scheme_ == other.scheme_ &&
+         host_ == other.host_ && port_ == other.port_;
+}
+
+std::ostream& operator<<(std::ostream& out, const url::Origin& url) {
+  return out << url.serialize();
 }
 
 }  // namespace url