OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/url_formatter/url_formatter.h" | 5 #include "components/url_formatter/url_formatter.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <map> | 8 #include <iomanip> |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
11 #include "base/lazy_instance.h" | 11 #include "base/lazy_instance.h" |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/macros.h" | 13 #include "base/macros.h" |
14 #include "base/memory/singleton.h" | 14 #include "base/memory/scoped_ptr.h" |
15 #include "base/stl_util.h" | 15 #include "base/numerics/safe_conversions.h" |
16 #include "base/strings/string_tokenizer.h" | 16 #include "base/strings/string_piece.h" |
17 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
18 #include "base/strings/utf_offset_string_conversions.h" | 18 #include "base/strings/utf_offset_string_conversions.h" |
19 #include "base/strings/utf_string_conversions.h" | 19 #include "base/strings/utf_string_conversions.h" |
20 #include "base/synchronization/lock.h" | 20 #include "base/synchronization/lock.h" |
21 #include "third_party/icu/source/common/unicode/uidna.h" | 21 #include "third_party/icu/source/common/unicode/uidna.h" |
22 #include "third_party/icu/source/common/unicode/uniset.h" | 22 #include "third_party/icu/source/common/unicode/uniset.h" |
23 #include "third_party/icu/source/common/unicode/uscript.h" | 23 #include "third_party/icu/source/common/unicode/uscript.h" |
24 #include "third_party/icu/source/i18n/unicode/regex.h" | 24 #include "third_party/icu/source/i18n/unicode/regex.h" |
25 #include "third_party/icu/source/i18n/unicode/ulocdata.h" | 25 #include "third_party/icu/source/i18n/unicode/uspoof.h" |
26 #include "url/gurl.h" | 26 #include "url/gurl.h" |
27 #include "url/third_party/mozilla/url_parse.h" | 27 #include "url/third_party/mozilla/url_parse.h" |
28 | 28 |
29 namespace url_formatter { | 29 namespace url_formatter { |
30 | 30 |
31 namespace { | 31 namespace { |
32 | 32 |
33 base::string16 IDNToUnicodeWithAdjustments( | 33 base::string16 IDNToUnicodeWithAdjustments( |
34 const std::string& host, | 34 const std::string& host, |
35 const std::string& languages, | |
36 base::OffsetAdjuster::Adjustments* adjustments); | 35 base::OffsetAdjuster::Adjustments* adjustments); |
37 bool IDNToUnicodeOneComponent(const base::char16* comp, | 36 bool IDNToUnicodeOneComponent(const base::char16* comp, |
38 size_t comp_len, | 37 size_t comp_len, |
39 const std::string& languages, | |
40 base::string16* out); | 38 base::string16* out); |
41 | 39 |
42 class AppendComponentTransform { | 40 class AppendComponentTransform { |
43 public: | 41 public: |
44 AppendComponentTransform() {} | 42 AppendComponentTransform() {} |
45 virtual ~AppendComponentTransform() {} | 43 virtual ~AppendComponentTransform() {} |
46 | 44 |
47 virtual base::string16 Execute( | 45 virtual base::string16 Execute( |
48 const std::string& component_text, | 46 const std::string& component_text, |
49 base::OffsetAdjuster::Adjustments* adjustments) const = 0; | 47 base::OffsetAdjuster::Adjustments* adjustments) const = 0; |
50 | 48 |
51 // NOTE: No DISALLOW_COPY_AND_ASSIGN here, since gcc < 4.3.0 requires an | 49 // NOTE: No DISALLOW_COPY_AND_ASSIGN here, since gcc < 4.3.0 requires an |
52 // accessible copy constructor in order to call AppendFormattedComponent() | 50 // accessible copy constructor in order to call AppendFormattedComponent() |
53 // with an inline temporary (see http://gcc.gnu.org/bugs/#cxx%5Frvalbind ). | 51 // with an inline temporary (see http://gcc.gnu.org/bugs/#cxx%5Frvalbind ). |
54 }; | 52 }; |
55 | 53 |
56 class HostComponentTransform : public AppendComponentTransform { | 54 class HostComponentTransform : public AppendComponentTransform { |
57 public: | 55 public: |
58 explicit HostComponentTransform(const std::string& languages) | 56 explicit HostComponentTransform() {} |
59 : languages_(languages) {} | |
60 | 57 |
61 private: | 58 private: |
62 base::string16 Execute( | 59 base::string16 Execute( |
63 const std::string& component_text, | 60 const std::string& component_text, |
64 base::OffsetAdjuster::Adjustments* adjustments) const override { | 61 base::OffsetAdjuster::Adjustments* adjustments) const override { |
65 return IDNToUnicodeWithAdjustments(component_text, languages_, adjustments); | 62 return IDNToUnicodeWithAdjustments(component_text, adjustments); |
66 } | 63 } |
67 | |
68 const std::string& languages_; | |
69 }; | 64 }; |
70 | 65 |
71 class NonHostComponentTransform : public AppendComponentTransform { | 66 class NonHostComponentTransform : public AppendComponentTransform { |
72 public: | 67 public: |
73 explicit NonHostComponentTransform(net::UnescapeRule::Type unescape_rules) | 68 explicit NonHostComponentTransform(net::UnescapeRule::Type unescape_rules) |
74 : unescape_rules_(unescape_rules) {} | 69 : unescape_rules_(unescape_rules) {} |
75 | 70 |
76 private: | 71 private: |
77 base::string16 Execute( | 72 base::string16 Execute( |
78 const std::string& component_text, | 73 const std::string& component_text, |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
150 AdjustComponent(delta, &(parsed->host)); | 145 AdjustComponent(delta, &(parsed->host)); |
151 AdjustComponent(delta, &(parsed->port)); | 146 AdjustComponent(delta, &(parsed->port)); |
152 AdjustComponent(delta, &(parsed->path)); | 147 AdjustComponent(delta, &(parsed->path)); |
153 AdjustComponent(delta, &(parsed->query)); | 148 AdjustComponent(delta, &(parsed->query)); |
154 AdjustComponent(delta, &(parsed->ref)); | 149 AdjustComponent(delta, &(parsed->ref)); |
155 } | 150 } |
156 | 151 |
157 // Helper for FormatUrlWithOffsets(). | 152 // Helper for FormatUrlWithOffsets(). |
158 base::string16 FormatViewSourceUrl( | 153 base::string16 FormatViewSourceUrl( |
159 const GURL& url, | 154 const GURL& url, |
160 const std::string& languages, | |
161 FormatUrlTypes format_types, | 155 FormatUrlTypes format_types, |
162 net::UnescapeRule::Type unescape_rules, | 156 net::UnescapeRule::Type unescape_rules, |
163 url::Parsed* new_parsed, | 157 url::Parsed* new_parsed, |
164 size_t* prefix_end, | 158 size_t* prefix_end, |
165 base::OffsetAdjuster::Adjustments* adjustments) { | 159 base::OffsetAdjuster::Adjustments* adjustments) { |
166 DCHECK(new_parsed); | 160 DCHECK(new_parsed); |
167 const char kViewSource[] = "view-source:"; | 161 const char kViewSource[] = "view-source:"; |
168 const size_t kViewSourceLength = arraysize(kViewSource) - 1; | 162 const size_t kViewSourceLength = arraysize(kViewSource) - 1; |
169 | 163 |
170 // Format the underlying URL and record adjustments. | 164 // Format the underlying URL and record adjustments. |
171 const std::string& url_str(url.possibly_invalid_spec()); | 165 const std::string& url_str(url.possibly_invalid_spec()); |
172 adjustments->clear(); | 166 adjustments->clear(); |
173 base::string16 result( | 167 base::string16 result( |
174 base::ASCIIToUTF16(kViewSource) + | 168 base::ASCIIToUTF16(kViewSource) + |
175 FormatUrlWithAdjustments(GURL(url_str.substr(kViewSourceLength)), | 169 FormatUrlWithAdjustments(GURL(url_str.substr(kViewSourceLength)), |
176 languages, format_types, unescape_rules, | 170 std::string(), format_types, unescape_rules, |
177 new_parsed, prefix_end, adjustments)); | 171 new_parsed, prefix_end, adjustments)); |
178 // Revise |adjustments| by shifting to the offsets to prefix that the above | 172 // Revise |adjustments| by shifting to the offsets to prefix that the above |
179 // call to FormatUrl didn't get to see. | 173 // call to FormatUrl didn't get to see. |
180 for (base::OffsetAdjuster::Adjustments::iterator it = adjustments->begin(); | 174 for (base::OffsetAdjuster::Adjustments::iterator it = adjustments->begin(); |
181 it != adjustments->end(); ++it) | 175 it != adjustments->end(); ++it) |
182 it->original_offset += kViewSourceLength; | 176 it->original_offset += kViewSourceLength; |
183 | 177 |
184 // Adjust positions of the parsed components. | 178 // Adjust positions of the parsed components. |
185 if (new_parsed->scheme.is_nonempty()) { | 179 if (new_parsed->scheme.is_nonempty()) { |
186 // Assume "view-source:real-scheme" as a scheme. | 180 // Assume "view-source:real-scheme" as a scheme. |
187 new_parsed->scheme.len += kViewSourceLength; | 181 new_parsed->scheme.len += kViewSourceLength; |
188 } else { | 182 } else { |
189 new_parsed->scheme.begin = 0; | 183 new_parsed->scheme.begin = 0; |
190 new_parsed->scheme.len = kViewSourceLength - 1; | 184 new_parsed->scheme.len = kViewSourceLength - 1; |
191 } | 185 } |
192 AdjustAllComponentsButScheme(kViewSourceLength, new_parsed); | 186 AdjustAllComponentsButScheme(kViewSourceLength, new_parsed); |
193 | 187 |
194 if (prefix_end) | 188 if (prefix_end) |
195 *prefix_end += kViewSourceLength; | 189 *prefix_end += kViewSourceLength; |
196 | 190 |
197 return result; | 191 return result; |
198 } | 192 } |
199 | 193 |
200 // TODO(brettw) bug 734373: check the scripts for each host component and | 194 // TODO(brettw) We may want to skip this step in the case of file URLs to |
201 // don't un-IDN-ize if there is more than one. Alternatively, only IDN for | 195 // allow unicode UNC hostnames regardless of encodings. |
202 // scripts that the user has installed. For now, just put the entire | |
203 // path through IDN. Maybe this feature can be implemented in ICU itself? | |
204 // | |
205 // We may want to skip this step in the case of file URLs to allow unicode | |
206 // UNC hostnames regardless of encodings. | |
207 base::string16 IDNToUnicodeWithAdjustments( | 196 base::string16 IDNToUnicodeWithAdjustments( |
208 const std::string& host, | 197 const std::string& host, |
209 const std::string& languages, | |
210 base::OffsetAdjuster::Adjustments* adjustments) { | 198 base::OffsetAdjuster::Adjustments* adjustments) { |
211 if (adjustments) | 199 if (adjustments) |
212 adjustments->clear(); | 200 adjustments->clear(); |
213 // Convert the ASCII input to a base::string16 for ICU. | 201 // Convert the ASCII input to a base::string16 for ICU. |
214 base::string16 input16; | 202 base::string16 input16; |
215 input16.reserve(host.length()); | 203 input16.reserve(host.length()); |
216 input16.insert(input16.end(), host.begin(), host.end()); | 204 input16.insert(input16.end(), host.begin(), host.end()); |
217 | 205 |
218 // Do each component of the host separately, since we enforce script matching | 206 // Do each component of the host separately, since we enforce script matching |
219 // on a per-component basis. | 207 // on a per-component basis. |
220 base::string16 out16; | 208 base::string16 out16; |
221 for (size_t component_start = 0, component_end; | 209 for (size_t component_start = 0, component_end; |
222 component_start < input16.length(); | 210 component_start < input16.length(); |
223 component_start = component_end + 1) { | 211 component_start = component_end + 1) { |
224 // Find the end of the component. | 212 // Find the end of the component. |
225 component_end = input16.find('.', component_start); | 213 component_end = input16.find('.', component_start); |
226 if (component_end == base::string16::npos) | 214 if (component_end == base::string16::npos) |
227 component_end = input16.length(); // For getting the last component. | 215 component_end = input16.length(); // For getting the last component. |
228 size_t component_length = component_end - component_start; | 216 size_t component_length = component_end - component_start; |
229 size_t new_component_start = out16.length(); | 217 size_t new_component_start = out16.length(); |
230 bool converted_idn = false; | 218 bool converted_idn = false; |
231 if (component_end > component_start) { | 219 if (component_end > component_start) { |
232 // Add the substring that we just found. | 220 // Add the substring that we just found. |
233 converted_idn = | 221 converted_idn = |
234 IDNToUnicodeOneComponent(input16.data() + component_start, | 222 IDNToUnicodeOneComponent(input16.data() + component_start, |
235 component_length, languages, &out16); | 223 component_length, &out16); |
236 } | 224 } |
237 size_t new_component_length = out16.length() - new_component_start; | 225 size_t new_component_length = out16.length() - new_component_start; |
238 | 226 |
239 if (converted_idn && adjustments) { | 227 if (converted_idn && adjustments) { |
240 adjustments->push_back(base::OffsetAdjuster::Adjustment( | 228 adjustments->push_back(base::OffsetAdjuster::Adjustment( |
241 component_start, component_length, new_component_length)); | 229 component_start, component_length, new_component_length)); |
242 } | 230 } |
243 | 231 |
244 // Need to add the dot we just found (if we found one). | 232 // Need to add the dot we just found (if we found one). |
245 if (component_end < input16.length()) | 233 if (component_end < input16.length()) |
246 out16.push_back('.'); | 234 out16.push_back('.'); |
247 } | 235 } |
248 return out16; | 236 return out16; |
249 } | 237 } |
250 | 238 |
251 // Does some simple normalization of scripts so we can allow certain scripts | 239 // A helper class for IDN Spoof checking, used to ensure that no IDN |
252 // to exist together. | 240 // input is spoofable per Chromium's standard of spoofability. For a |
253 // TODO(brettw) bug 880223: we should allow some other languages to be | 241 // more thorough explanation of how spoof checking works in Chromium, |
254 // oombined such as Chinese and Latin. We will probably need a more | 242 // see http://dev.chromium.org/developers/design-documents/idn-in-google-chrome |
255 // complicated system of language pairs to have more fine-grained control. | 243 class IDNSpoofChecker { |
256 UScriptCode NormalizeScript(UScriptCode code) { | 244 public: |
257 switch (code) { | 245 IDNSpoofChecker(); |
258 case USCRIPT_KATAKANA: | 246 // Returns true if |label| is safe to display as Unicode. In the event |
Ryan Sleevi
2016/03/12 01:28:13
nit: a newline between 245 and 246 (maybe it's eas
jungshik at Google
2016/03/16 08:34:54
Done.
| |
259 case USCRIPT_HIRAGANA: | 247 // of library failure, all IDN inputs will be treated as unsafe. |
260 case USCRIPT_KATAKANA_OR_HIRAGANA: | 248 bool Check(base::StringPiece16 label); |
261 case USCRIPT_HANGUL: // This one is arguable. | 249 |
262 return USCRIPT_HAN; | 250 private: |
263 default: | 251 USpoofChecker* checker_; |
264 return code; | 252 icu::UnicodeSet deviation_characters_; |
253 icu::UnicodeSet latin_letters_; | |
254 icu::UnicodeSet non_ascii_latin_letters_; | |
255 void SetAllowedUnicodeSet(UErrorCode* status); | |
Ryan Sleevi
2016/03/12 01:28:13
STYLE: This method should appear between lines 250
jungshik at Google
2016/03/16 08:34:54
Done.
| |
256 DISALLOW_COPY_AND_ASSIGN(IDNSpoofChecker); | |
257 }; | |
258 | |
259 base::LazyInstance<IDNSpoofChecker>::Leaky g_idn_spoof_checker = | |
260 LAZY_INSTANCE_INITIALIZER; | |
261 base::LazyInstance<base::Lock>::Leaky g_dangerous_pattern_lock = | |
262 LAZY_INSTANCE_INITIALIZER; | |
263 icu::RegexMatcher* g_dangerous_pattern = nullptr; | |
264 | |
265 IDNSpoofChecker::IDNSpoofChecker() { | |
266 UErrorCode status = U_ZERO_ERROR; | |
267 checker_ = uspoof_open(&status); | |
268 if (U_FAILURE(status)) { | |
269 checker_ = nullptr; | |
270 LOG(ERROR) << "IDN spoof checker failed to open with error, " | |
271 << u_errorName(status) | |
272 << " ; all IDN will be shown in punycode."; | |
273 return; | |
265 } | 274 } |
266 } | 275 |
267 | 276 // By default, USpoofChecker is opened with all the checks enabled |
268 bool IsIDNComponentInSingleScript(const base::char16* str, int str_len) { | 277 // (USPOOF_{RESTRICTION_LEVEL, INVISIBLE, MIXED_SCRIPT_CONFUSABLE, |
269 UScriptCode first_script = USCRIPT_INVALID_CODE; | 278 // WHOLE_SCRIPT_CONFUSABLE, MIXED_NUMBERS, ANY_CASE}) |
270 bool is_first = true; | 279 // except for USPOOF_CHAR_LIMIT. |
271 | 280 // The default configuration is adjusted below as necessary. |
272 int i = 0; | 281 |
273 while (i < str_len) { | 282 // Set the restriction level to moderate. It allows mixing Latin with |
274 unsigned code_point; | 283 // another script (+ COMMON and INHERITED). |
275 U16_NEXT(str, i, str_len, code_point); | 284 // Except for Chinese(Han + Bopomofo), Japanese(Hiragana + Katakana + Han), |
276 | 285 // and Korean(Hangul + Han), only one script other than Common and Inherited |
277 UErrorCode err = U_ZERO_ERROR; | 286 // can be mixed with Latin. Cyrillic and Greek are not allowed to mix |
278 UScriptCode cur_script = uscript_getScript(code_point, &err); | 287 // with Latin. |
279 if (err != U_ZERO_ERROR) | 288 // See http://www.unicode.org/reports/tr39/#Restriction_Level_Detection |
280 return false; // Report mixed on error. | 289 uspoof_setRestrictionLevel(checker_, USPOOF_MODERATELY_RESTRICTIVE); |
281 cur_script = NormalizeScript(cur_script); | 290 |
282 | 291 // Restrict allowed characters in IDN labels and turn on USPOOF_CHAR_LIMIT. |
283 // TODO(brettw) We may have to check for USCRIPT_INHERENT as well. | 292 SetAllowedUnicodeSet(&status); |
284 if (is_first && cur_script != USCRIPT_COMMON) { | 293 |
285 first_script = cur_script; | 294 // Enable the return of auxillary (non-error) information. |
286 is_first = false; | 295 int32_t checks = uspoof_getChecks(checker_, &status); |
287 } else { | 296 checks |= USPOOF_AUX_INFO; |
288 if (cur_script != USCRIPT_COMMON && cur_script != first_script) | 297 |
289 return false; | 298 // Disable WHOLE_SCRIPT_CONFUSABLE check. The check has a marginal |
290 } | 299 // value when used against a single string as opposed to comparing |
300 // a pair of strings. In addition, it would also flag a number of common | |
301 // labels including the IDN TLD for Russian. | |
302 // A possible alternative would be to turn on the check and block | |
303 // a label only under the following conditions, but it'd better | |
304 // be done on the server-side (e.g. SafeBrowsing). | |
305 // 1. The label is whole-script confusable. | |
306 // 2. And the skeleton of the label matches the skeleton of one of top | |
307 // domain labels. See http://unicode.org/reports/tr39/#Confusable_Detection | |
308 // for the definition of skeleton. | |
309 // 3. And the label is different from the matched top domain label in #2. | |
310 checks &= ~USPOOF_WHOLE_SCRIPT_CONFUSABLE; | |
311 | |
312 uspoof_setChecks(checker_, checks, &status); | |
313 | |
314 // Four characters handled differently by IDNA 2003 and IDNA 2008. | |
315 // UTS46 transitional processing treat them as IDNA 2003 does; | |
316 // maps U+00DF and U+03C2 and drops U+200[CD]. | |
317 deviation_characters_ = icu::UnicodeSet( | |
318 UNICODE_STRING_SIMPLE("[\\u00df\\u03c2\\u200c\\u200d]"), status); | |
319 deviation_characters_.freeze(); | |
320 | |
321 latin_letters_ = icu::UnicodeSet( | |
322 UNICODE_STRING_SIMPLE("[:Latin:]"), status); | |
323 latin_letters_.freeze(); | |
324 | |
325 // Latin letters outside the ASCII. 'Script_Extensions=Latin' is | |
326 // not necessary because additional characters pulled | |
327 // in with scx=Latn are not included in the allowed set. | |
328 non_ascii_latin_letters_ = icu::UnicodeSet( | |
329 UNICODE_STRING_SIMPLE("[[:Latin:] - [a-zA-Z]]"), status); | |
330 non_ascii_latin_letters_.freeze(); | |
331 | |
332 DCHECK(U_SUCCESS(status)); | |
333 } | |
334 | |
335 bool IDNSpoofChecker::Check(base::StringPiece16 label) { | |
336 UErrorCode status = U_ZERO_ERROR; | |
337 int32_t results = uspoof_check(checker_, label.data(), | |
338 base::checked_cast<int32_t>(label.size()), | |
339 NULL, &status); | |
340 VLOG(5) << base::UTF16ToUTF8(label) << ":0x" << std::setfill('0') | |
341 << std::setw(8) << std::hex << results; | |
342 VLOG_IF(5, results & USPOOF_INVISIBLE) << base::UTF16ToUTF8(label) | |
Ryan Sleevi
2016/03/12 01:28:13
nit: Is it necessary to convert label here the sec
jungshik at Google
2016/03/16 08:34:54
Yup. I deleted it. I used it as a quicker way to s
| |
343 << " invisibility check failed"; | |
344 // If uspoof_check fails or any of check is flagged, treat any IDN as | |
345 // unsafe. | |
346 if (U_FAILURE(status) || (results & USPOOF_ALL_CHECKS)) | |
347 return false; | |
348 | |
349 icu::UnicodeString label_string(FALSE, label.data(), | |
350 base::checked_cast<int32_t>(label.size())); | |
351 | |
352 // A punycode label with 'xn--' prefix is not subject to the URL | |
353 // canonicalization and is stored as it is in GURL. If it encodes a deviation | |
354 // character (UTS 46; e.g. U+00DF/sharp-s), it should be still shown in | |
355 // punycode instead of Unicode. | |
356 // Without this check, xn--fu-hia for 'fu<sharp-s>' would be | |
357 // shown in 'fu<sharp-s>' while 'fu<sharp-s>' typed or copy'n'pasted in | |
358 // Unicode would be canonicalized to 'fuss'. | |
359 // This additional check is necessary because | |
360 // "UTS 46 section 4 Processing step 4" applies validity criteria for | |
361 // non-transitional processing to any punycode labels regardless of | |
362 // whether we choose transitional or non-transitional. | |
363 if (deviation_characters_.containsSome(label_string)) { | |
364 VLOG(5) << base::UTF16ToUTF8(label) | |
365 << " deviation character in punycode"; | |
Ryan Sleevi
2016/03/12 01:28:13
necessary?
jungshik at Google
2016/03/16 08:34:54
Deleted it. Not necessary any more. Moreover, I ca
| |
366 return false; | |
291 } | 367 } |
292 return true; | 368 |
293 } | 369 // If there's no script mixing, the input is regarded as safe |
294 | 370 // without any extra check. |
295 // Check if the script of a language can be 'safely' mixed with | 371 results &= USPOOF_RESTRICTION_LEVEL_MASK; |
296 // Latin letters in the ASCII range. | 372 if (results == USPOOF_ASCII || results == USPOOF_SINGLE_SCRIPT_RESTRICTIVE) |
297 bool IsCompatibleWithASCIILetters(const std::string& lang) { | 373 return true; |
298 // For now, just list Chinese, Japanese and Korean (positive list). | 374 |
299 // An alternative is negative-listing (languages using Greek and | 375 // When check is passed at 'highly restrictive' level, |label| is |
300 // Cyrillic letters), but it can be more dangerous. | 376 // made up of one of the following script sets optionally mixed with Latin. |
301 return !lang.substr(0, 2).compare("zh") || !lang.substr(0, 2).compare("ja") || | 377 // - Chinese: Han, Bopomofo, Common |
302 !lang.substr(0, 2).compare("ko"); | 378 // - Japanese: Han, Hiragana, Katakana, Common |
303 } | 379 // - Korean: Hangul, Han, Common |
304 | 380 // Treat this case as a 'logical' single script unless Latin is mixed. |
305 typedef std::map<std::string, icu::UnicodeSet*> LangToExemplarSetMap; | 381 if (results == USPOOF_HIGHLY_RESTRICTIVE && |
306 | 382 latin_letters_.containsNone(label_string)) |
307 class LangToExemplarSet { | 383 return true; |
308 public: | 384 |
309 static LangToExemplarSet* GetInstance() { | 385 // Additional checks for |label| with multiple scripts, one of which |
310 return base::Singleton<LangToExemplarSet>::get(); | 386 // is Latin. |
387 | |
388 // Disallow non-ASCII Latin letters to mix with a non-Latin script. | |
389 if (non_ascii_latin_letters_.containsSome(label_string)) | |
390 return false; | |
391 | |
392 base::AutoLock lock(g_dangerous_pattern_lock.Get()); | |
393 if (g_dangerous_pattern == nullptr) { | |
394 // Disallow the katakana no, so, zo, or n, as they may be | |
395 // mistaken for slashes when they're surrounded by non-Japanese | |
396 // scripts (i.e. scripts other than Katakana, Hiragana or Han). | |
397 // If we block {no, so, zo, n} next to a non-Japanese script on | |
398 // either side, legitimate cases like '{vitamin in Katakana}b6' | |
399 // are blocked. | |
400 g_dangerous_pattern = new icu::RegexMatcher( | |
401 icu::UnicodeString( | |
402 "^[\\u30ce\\u30f3\\u30bd\\u30be]$" | |
403 "|[^\\p{scx=kana}\\p{scx=hira}\\p{scx=hani}]" | |
404 "[\\u30ce\\u30f3\\u30bd\\u30be]" | |
405 "[^\\p{scx=kana}\\p{scx=hira}\\p{scx=hani}]", -1, US_INV), | |
406 0, status); | |
311 } | 407 } |
312 | 408 g_dangerous_pattern->reset(label_string); |
313 private: | 409 return !g_dangerous_pattern->find(); |
314 LangToExemplarSetMap map; | 410 } |
315 LangToExemplarSet() {} | 411 |
316 ~LangToExemplarSet() { | 412 void IDNSpoofChecker::SetAllowedUnicodeSet(UErrorCode* status) { |
317 STLDeleteContainerPairSecondPointers(map.begin(), map.end()); | 413 if (U_FAILURE(*status)) |
318 } | 414 return; |
319 | 415 |
320 friend class base::Singleton<LangToExemplarSet>; | 416 // The recommended set is a set of characters for identifiers in a |
321 friend struct base::DefaultSingletonTraits<LangToExemplarSet>; | 417 // security-sensitive environment taken from UTR 39 |
322 friend bool GetExemplarSetForLang(const std::string&, icu::UnicodeSet**); | 418 // (http://unicode.org/reports/tr39/) and |
323 friend void SetExemplarSetForLang(const std::string&, icu::UnicodeSet*); | 419 // http://www.unicode.org/Public/security/latest/xidmodifications.txt. |
324 | 420 // The inclusion set comes from "Candidate Characters for Inclusion |
325 DISALLOW_COPY_AND_ASSIGN(LangToExemplarSet); | 421 // in idenfiers" of UTR 31 (http://www.unicode.org/reports/tr31). |
326 }; | 422 // The list may change over the time and will be updated whenever the |
327 | 423 // version of ICU used in Chromium is updated. |
328 bool GetExemplarSetForLang(const std::string& lang, | 424 const icu::UnicodeSet* recommended_set = |
329 icu::UnicodeSet** lang_set) { | 425 uspoof_getRecommendedUnicodeSet(status); |
330 const LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map; | 426 icu::UnicodeSet allowed_set; |
331 LangToExemplarSetMap::const_iterator pos = map.find(lang); | 427 allowed_set.addAll(*recommended_set); |
332 if (pos != map.end()) { | 428 const icu::UnicodeSet* inclusion_set = uspoof_getInclusionUnicodeSet(status); |
333 *lang_set = pos->second; | 429 allowed_set.addAll(*inclusion_set); |
334 return true; | 430 |
335 } | 431 // From UTR 31 Table 6: |
336 return false; | 432 // http://www.unicode.org/reports/tr31/#Aspirational_Use_Scripts and |
337 } | 433 // We cannot add all the characters of aspirational scripts because |
338 | 434 // some characters are excluded. Instead, use characters listed |
339 void SetExemplarSetForLang(const std::string& lang, icu::UnicodeSet* lang_set) { | 435 // with Status/Type = Aspirational at |
340 LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map; | 436 // http://www.unicode.org/Public/security/latest/xidmodifications.txt |
341 map.insert(std::make_pair(lang, lang_set)); | 437 // The list has to be updated when a new version of Unicode is |
342 } | 438 // released. The current version is 8.0.0. |
343 | 439 const icu::UnicodeSet aspirational_scripts( |
344 static base::LazyInstance<base::Lock>::Leaky g_lang_set_lock = | 440 icu::UnicodeString( |
345 LAZY_INSTANCE_INITIALIZER; | 441 // Unified Canadian Syllabics |
346 | 442 "[\\u1401-\\u166C\\u166F-\\u167F" |
347 // Returns true if all the characters in component_characters are used by | 443 // Mongolian |
348 // the language |lang|. | 444 "\\u1810-\\u1819\\u1820-\\u1877\\u1880-\\u18AA" |
349 bool IsComponentCoveredByLang(const icu::UnicodeSet& component_characters, | 445 // Unified Canadian Syllabics |
350 const std::string& lang) { | 446 "\\u18B0-\\u18F5" |
351 CR_DEFINE_STATIC_LOCAL(const icu::UnicodeSet, kASCIILetters, ('a', 'z')); | 447 // Tifinagh |
352 icu::UnicodeSet* lang_set = nullptr; | 448 "\\u2D30-\\u2D67\\u2D7F" |
353 // We're called from both the UI thread and the history thread. | 449 // Yi |
354 { | 450 "\\uA000-\\uA48C" |
355 base::AutoLock lock(g_lang_set_lock.Get()); | 451 // Miao |
356 if (!GetExemplarSetForLang(lang, &lang_set)) { | 452 "\\U00016F00-\\U00016F44\\U00016F50-\\U00016F7F" |
357 UErrorCode status = U_ZERO_ERROR; | 453 "\\U00016F8F-\\U00016F9F]", |
358 ULocaleData* uld = ulocdata_open(lang.c_str(), &status); | 454 -1, US_INV), |
359 // TODO(jungshik) Turn this check on when the ICU data file is | 455 *status); |
360 // rebuilt with the minimal subset of locale data for languages | 456 allowed_set.addAll(aspirational_scripts); |
361 // to which Chrome is not localized but which we offer in the list | 457 |
362 // of languages selectable for Accept-Languages. With the rebuilt ICU | 458 // U+0338 is included in the recommended set while U+05F4 and U+2027 |
363 // data, ulocdata_open never should fall back to the default locale. | 459 // are in the inclusion set, but are blacklisted as a part of |
364 // (issue 2078) | 460 // Mozilla's IDN blacklist ( |
365 // DCHECK(U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING); | 461 // http://kb.mozillazine.org/Network.IDN.blacklist_chars). |
366 if (U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING) { | 462 // Only U+0338 is dropped because it can look like a slash when rendered |
367 lang_set = reinterpret_cast<icu::UnicodeSet*>(ulocdata_getExemplarSet( | 463 // with a broken font. U+05F4 (Hebrew Punctuation Gershayim) |
368 uld, nullptr, 0, ULOCDATA_ES_STANDARD, &status)); | 464 // and U+2027 (Hyphenation Point) have little risk and are allowed. |
369 // On success, if |lang| is compatible with ASCII Latin letters, add | 465 allowed_set.remove(0x338u); // Combining Long Solidus Overlay |
370 // them. | 466 |
371 if (lang_set && IsCompatibleWithASCIILetters(lang)) | 467 uspoof_setAllowedUnicodeSet(checker_, &allowed_set, status); |
372 lang_set->addAll(kASCIILetters); | |
373 } | |
374 | |
375 if (!lang_set) | |
376 lang_set = new icu::UnicodeSet(1, 0); | |
377 | |
378 lang_set->freeze(); | |
379 SetExemplarSetForLang(lang, lang_set); | |
380 ulocdata_close(uld); | |
381 } | |
382 } | |
383 return !lang_set->isEmpty() && lang_set->containsAll(component_characters); | |
384 } | 468 } |
385 | 469 |
386 // Returns true if the given Unicode host component is safe to display to the | 470 // Returns true if the given Unicode host component is safe to display to the |
387 // user. | 471 // user. Note that this function does not deal with pure ASCII domain labels |
388 bool IsIDNComponentSafe(const base::char16* str, | 472 // at all even though it's possible to make up look-alike labels with |
389 int str_len, | 473 // ASCII characters alone. |
390 const std::string& languages) { | 474 bool IsIDNComponentSafe(base::StringPiece16 label) { |
391 // Most common cases (non-IDN) do not reach here so that we don't | 475 return g_idn_spoof_checker.Get().Check(label); |
392 // need a fast return path. | |
393 // TODO(jungshik) : Check if there's any character inappropriate | |
394 // (although allowed) for domain names. | |
395 // See http://www.unicode.org/reports/tr39/#IDN_Security_Profiles and | |
396 // http://www.unicode.org/reports/tr39/data/xidmodifications.txt | |
397 // For now, we borrow the list from Mozilla and tweaked it slightly. | |
398 // (e.g. Characters like U+00A0, U+3000, U+3002 are omitted because | |
399 // they're gonna be canonicalized to U+0020 and full stop before | |
400 // reaching here.) | |
401 // The original list is available at | |
402 // http://kb.mozillazine.org/Network.IDN.blacklist_chars and | |
403 // at | |
404 // http://mxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#703 | |
405 | |
406 UErrorCode status = U_ZERO_ERROR; | |
407 #ifdef U_WCHAR_IS_UTF16 | |
408 icu::UnicodeSet dangerous_characters( | |
409 icu::UnicodeString( | |
410 L"[[\\ \u00ad\u00bc\u00bd\u01c3\u0337\u0338" | |
411 L"\u05c3\u05f4\u06d4\u0702\u115f\u1160][\u2000-\u200b]" | |
412 L"[\u2024\u2027\u2028\u2029\u2039\u203a\u2044\u205f]" | |
413 L"[\u2154-\u2156][\u2159-\u215b][\u215f\u2215\u23ae" | |
414 L"\u29f6\u29f8\u2afb\u2afd][\u2ff0-\u2ffb][\u3014" | |
415 L"\u3015\u3033\u3164\u321d\u321e\u33ae\u33af\u33c6\u33df\ufe14" | |
416 L"\ufe15\ufe3f\ufe5d\ufe5e\ufeff\uff0e\uff06\uff61\uffa0\ufff9]" | |
417 L"[\ufffa-\ufffd]\U0001f50f\U0001f510\U0001f512\U0001f513]"), | |
418 status); | |
419 DCHECK(U_SUCCESS(status)); | |
420 icu::RegexMatcher dangerous_patterns( | |
421 icu::UnicodeString( | |
422 // Lone katakana no, so, or n | |
423 L"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]" | |
424 // Repeating Japanese accent characters | |
425 L"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"), | |
426 0, status); | |
427 #else | |
428 icu::UnicodeSet dangerous_characters( | |
429 icu::UnicodeString( | |
430 "[[\\u0020\\u00ad\\u00bc\\u00bd\\u01c3\\u0337\\u0338" | |
431 "\\u05c3\\u05f4\\u06d4\\u0702\\u115f\\u1160][\\u2000-\\u200b]" | |
432 "[\\u2024\\u2027\\u2028\\u2029\\u2039\\u203a\\u2044\\u205f]" | |
433 "[\\u2154-\\u2156][\\u2159-\\u215b][\\u215f\\u2215\\u23ae" | |
434 "\\u29f6\\u29f8\\u2afb\\u2afd][\\u2ff0-\\u2ffb][\\u3014" | |
435 "\\u3015\\u3033\\u3164\\u321d\\u321e\\u33ae\\u33af\\u33c6\\u33df\\ufe" | |
436 "14" | |
437 "\\ufe15\\ufe3f\\ufe5d\\ufe5e\\ufeff\\uff0e\\uff06\\uff61\\uffa0\\uff" | |
438 "f9]" | |
439 "[\\ufffa-\\ufffd]\\U0001f50f\\U0001f510\\U0001f512\\U0001f513]", | |
440 -1, US_INV), | |
441 status); | |
442 DCHECK(U_SUCCESS(status)); | |
443 icu::RegexMatcher dangerous_patterns( | |
444 icu::UnicodeString( | |
445 // Lone katakana no, so, or n | |
446 "[^\\p{Katakana}][\\u30ce\\u30f3\\u30bd][^\\p{Katakana}]" | |
447 // Repeating Japanese accent characters | |
448 "|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"), | |
449 0, status); | |
450 #endif | |
451 DCHECK(U_SUCCESS(status)); | |
452 icu::UnicodeSet component_characters; | |
453 icu::UnicodeString component_string(str, str_len); | |
454 component_characters.addAll(component_string); | |
455 if (dangerous_characters.containsSome(component_characters)) | |
456 return false; | |
457 | |
458 DCHECK(U_SUCCESS(status)); | |
459 dangerous_patterns.reset(component_string); | |
460 if (dangerous_patterns.find()) | |
461 return false; | |
462 | |
463 // If the language list is empty, the result is completely determined | |
464 // by whether a component is a single script or not. This will block | |
465 // even "safe" script mixing cases like <Chinese, Latin-ASCII> that are | |
466 // allowed with |languages| (while it blocks Chinese + Latin letters with | |
467 // an accent as should be the case), but we want to err on the safe side | |
468 // when |languages| is empty. | |
469 if (languages.empty()) | |
470 return IsIDNComponentInSingleScript(str, str_len); | |
471 | |
472 // |common_characters| is made up of ASCII numbers, hyphen, plus and | |
473 // underscore that are used across scripts and allowed in domain names. | |
474 // (sync'd with characters allowed in url_canon_host with square | |
475 // brackets excluded.) See kHostCharLookup[] array in url_canon_host.cc. | |
476 icu::UnicodeSet common_characters(UNICODE_STRING_SIMPLE("[[0-9]\\-_+\\ ]"), | |
477 status); | |
478 DCHECK(U_SUCCESS(status)); | |
479 // Subtract common characters because they're always allowed so that | |
480 // we just have to check if a language-specific set contains | |
481 // the remainder. | |
482 component_characters.removeAll(common_characters); | |
483 | |
484 base::StringTokenizer t(languages, ","); | |
485 while (t.GetNext()) { | |
486 if (IsComponentCoveredByLang(component_characters, t.token())) | |
487 return true; | |
488 } | |
489 return false; | |
490 } | 476 } |
491 | 477 |
492 // A wrapper to use LazyInstance<>::Leaky with ICU's UIDNA, a C pointer to | 478 // A wrapper to use LazyInstance<>::Leaky with ICU's UIDNA, a C pointer to |
493 // a UTS46/IDNA 2008 handling object opened with uidna_openUTS46(). | 479 // a UTS46/IDNA 2008 handling object opened with uidna_openUTS46(). |
494 // | 480 // |
495 // We use UTS46 with BiDiCheck to migrate from IDNA 2003 to IDNA 2008 with | 481 // We use UTS46 with BiDiCheck to migrate from IDNA 2003 to IDNA 2008 with |
496 // the backward compatibility in mind. What it does: | 482 // the backward compatibility in mind. What it does: |
497 // | 483 // |
498 // 1. Use the up-to-date Unicode data. | 484 // 1. Use the up-to-date Unicode data. |
499 // 2. Define a case folding/mapping with the up-to-date Unicode data as | 485 // 2. Define a case folding/mapping with the up-to-date Unicode data as |
(...skipping 15 matching lines...) Expand all Loading... | |
515 // TODO(jungshik): Change options as different parties (browsers, | 501 // TODO(jungshik): Change options as different parties (browsers, |
516 // registrars, search engines) converge toward a consensus. | 502 // registrars, search engines) converge toward a consensus. |
517 value = uidna_openUTS46(UIDNA_CHECK_BIDI, &err); | 503 value = uidna_openUTS46(UIDNA_CHECK_BIDI, &err); |
518 if (U_FAILURE(err)) | 504 if (U_FAILURE(err)) |
519 value = NULL; | 505 value = NULL; |
520 } | 506 } |
521 | 507 |
522 UIDNA* value; | 508 UIDNA* value; |
523 }; | 509 }; |
524 | 510 |
525 static base::LazyInstance<UIDNAWrapper>::Leaky g_uidna = | 511 base::LazyInstance<UIDNAWrapper>::Leaky g_uidna = LAZY_INSTANCE_INITIALIZER; |
526 LAZY_INSTANCE_INITIALIZER; | |
527 | 512 |
528 // Converts one component of a host (between dots) to IDN if safe. The result | 513 // Converts one component (label) of a host (between dots) to Unicode if safe. |
529 // will be APPENDED to the given output string and will be the same as the input | 514 // The result will be APPENDED to the given output string and will be the |
530 // if it is not IDN or the IDN is unsafe to display. Returns whether any | 515 // same as the input if it is not IDN in ACE/punycode or the IDN is unsafe to |
531 // conversion was performed. | 516 // display. |
517 // Returns whether any conversion was performed. | |
532 bool IDNToUnicodeOneComponent(const base::char16* comp, | 518 bool IDNToUnicodeOneComponent(const base::char16* comp, |
533 size_t comp_len, | 519 size_t comp_len, |
534 const std::string& languages, | |
535 base::string16* out) { | 520 base::string16* out) { |
536 DCHECK(out); | 521 DCHECK(out); |
537 if (comp_len == 0) | 522 if (comp_len == 0) |
538 return false; | 523 return false; |
539 | 524 |
540 // Only transform if the input can be an IDN component. | 525 // Only transform if the input can be an IDN component. |
541 static const base::char16 kIdnPrefix[] = {'x', 'n', '-', '-'}; | 526 static const base::char16 kIdnPrefix[] = {'x', 'n', '-', '-'}; |
542 if ((comp_len > arraysize(kIdnPrefix)) && | 527 if ((comp_len > arraysize(kIdnPrefix)) && |
543 !memcmp(comp, kIdnPrefix, sizeof(kIdnPrefix))) { | 528 !memcmp(comp, kIdnPrefix, sizeof(kIdnPrefix))) { |
544 UIDNA* uidna = g_uidna.Get().value; | 529 UIDNA* uidna = g_uidna.Get().value; |
545 DCHECK(uidna != NULL); | 530 DCHECK(uidna != NULL); |
546 size_t original_length = out->length(); | 531 size_t original_length = out->length(); |
547 int output_length = 64; | 532 int32_t output_length = 64; |
548 UIDNAInfo info = UIDNA_INFO_INITIALIZER; | 533 UIDNAInfo info = UIDNA_INFO_INITIALIZER; |
549 UErrorCode status; | 534 UErrorCode status; |
550 do { | 535 do { |
551 out->resize(original_length + output_length); | 536 out->resize(original_length + output_length); |
552 status = U_ZERO_ERROR; | 537 status = U_ZERO_ERROR; |
553 // This returns the actual length required. If this is more than 64 | 538 // This returns the actual length required. If this is more than 64 |
554 // code units, |status| will be U_BUFFER_OVERFLOW_ERROR and we'll try | 539 // code units, |status| will be U_BUFFER_OVERFLOW_ERROR and we'll try |
555 // the conversion again, but with a sufficiently large buffer. | 540 // the conversion again, but with a sufficiently large buffer. |
556 output_length = uidna_labelToUnicode( | 541 output_length = uidna_labelToUnicode( |
557 uidna, comp, static_cast<int32_t>(comp_len), &(*out)[original_length], | 542 uidna, comp, static_cast<int32_t>(comp_len), &(*out)[original_length], |
558 output_length, &info, &status); | 543 output_length, &info, &status); |
559 } while ((status == U_BUFFER_OVERFLOW_ERROR && info.errors == 0)); | 544 } while ((status == U_BUFFER_OVERFLOW_ERROR && info.errors == 0)); |
560 | 545 |
561 if (U_SUCCESS(status) && info.errors == 0) { | 546 if (U_SUCCESS(status) && info.errors == 0) { |
562 // Converted successfully. Ensure that the converted component | 547 // Converted successfully. Ensure that the converted component |
563 // can be safely displayed to the user. | 548 // can be safely displayed to the user. |
564 out->resize(original_length + output_length); | 549 out->resize(original_length + output_length); |
565 if (IsIDNComponentSafe(out->data() + original_length, output_length, | 550 if (IsIDNComponentSafe( |
566 languages)) | 551 base::StringPiece16(out->data() + original_length, |
552 base::checked_cast<size_t>(output_length)))) | |
567 return true; | 553 return true; |
568 } | 554 } |
569 | 555 |
556 VLOG(5) << "label=" | |
557 << base::UTF16ToUTF8(base::StringPiece16(comp, comp_len)) | |
558 << ",error=" << u_errorName(status) | |
559 << ",info=0x" << std::setfill('0') << std::setw(4) << std::hex | |
560 << info.errors; | |
Ryan Sleevi
2016/03/12 01:28:13
Is this needed?
jungshik at Google
2016/03/16 08:34:54
Deleting it because it's only for my debugging dur
| |
561 | |
570 // Something went wrong. Revert to original string. | 562 // Something went wrong. Revert to original string. |
571 out->resize(original_length); | 563 out->resize(original_length); |
572 } | 564 } |
573 | 565 |
574 // We get here with no IDN or on error, in which case we just append the | 566 // We get here with no IDN or on error, in which case we just append the |
575 // literal input. | 567 // literal input. |
576 out->append(comp, comp_len); | 568 out->append(comp, comp_len); |
577 return false; | 569 return false; |
578 } | 570 } |
579 | 571 |
(...skipping 11 matching lines...) Expand all Loading... | |
591 const std::string& languages, | 583 const std::string& languages, |
592 FormatUrlTypes format_types, | 584 FormatUrlTypes format_types, |
593 net::UnescapeRule::Type unescape_rules, | 585 net::UnescapeRule::Type unescape_rules, |
594 url::Parsed* new_parsed, | 586 url::Parsed* new_parsed, |
595 size_t* prefix_end, | 587 size_t* prefix_end, |
596 size_t* offset_for_adjustment) { | 588 size_t* offset_for_adjustment) { |
597 std::vector<size_t> offsets; | 589 std::vector<size_t> offsets; |
598 if (offset_for_adjustment) | 590 if (offset_for_adjustment) |
599 offsets.push_back(*offset_for_adjustment); | 591 offsets.push_back(*offset_for_adjustment); |
600 base::string16 result = | 592 base::string16 result = |
601 FormatUrlWithOffsets(url, languages, format_types, unescape_rules, | 593 FormatUrlWithOffsets(url, std::string(), format_types, unescape_rules, |
602 new_parsed, prefix_end, &offsets); | 594 new_parsed, prefix_end, &offsets); |
603 if (offset_for_adjustment) | 595 if (offset_for_adjustment) |
604 *offset_for_adjustment = offsets[0]; | 596 *offset_for_adjustment = offsets[0]; |
605 return result; | 597 return result; |
606 } | 598 } |
607 | 599 |
608 base::string16 FormatUrlWithOffsets( | 600 base::string16 FormatUrlWithOffsets( |
609 const GURL& url, | 601 const GURL& url, |
610 const std::string& languages, | 602 const std::string& languages, |
611 FormatUrlTypes format_types, | 603 FormatUrlTypes format_types, |
612 net::UnescapeRule::Type unescape_rules, | 604 net::UnescapeRule::Type unescape_rules, |
613 url::Parsed* new_parsed, | 605 url::Parsed* new_parsed, |
614 size_t* prefix_end, | 606 size_t* prefix_end, |
615 std::vector<size_t>* offsets_for_adjustment) { | 607 std::vector<size_t>* offsets_for_adjustment) { |
616 base::OffsetAdjuster::Adjustments adjustments; | 608 base::OffsetAdjuster::Adjustments adjustments; |
617 const base::string16& format_url_return_value = | 609 const base::string16& format_url_return_value = |
618 FormatUrlWithAdjustments(url, languages, format_types, unescape_rules, | 610 FormatUrlWithAdjustments(url, std::string(), format_types, unescape_rules, |
619 new_parsed, prefix_end, &adjustments); | 611 new_parsed, prefix_end, &adjustments); |
620 base::OffsetAdjuster::AdjustOffsets(adjustments, offsets_for_adjustment); | 612 base::OffsetAdjuster::AdjustOffsets(adjustments, offsets_for_adjustment); |
621 if (offsets_for_adjustment) { | 613 if (offsets_for_adjustment) { |
622 std::for_each( | 614 std::for_each( |
623 offsets_for_adjustment->begin(), offsets_for_adjustment->end(), | 615 offsets_for_adjustment->begin(), offsets_for_adjustment->end(), |
624 base::LimitOffset<std::string>(format_url_return_value.length())); | 616 base::LimitOffset<std::string>(format_url_return_value.length())); |
625 } | 617 } |
626 return format_url_return_value; | 618 return format_url_return_value; |
627 } | 619 } |
628 | 620 |
(...skipping 14 matching lines...) Expand all Loading... | |
643 *new_parsed = url::Parsed(); | 635 *new_parsed = url::Parsed(); |
644 | 636 |
645 // Special handling for view-source:. Don't use content::kViewSourceScheme | 637 // Special handling for view-source:. Don't use content::kViewSourceScheme |
646 // because this library shouldn't depend on chrome. | 638 // because this library shouldn't depend on chrome. |
647 const char kViewSource[] = "view-source"; | 639 const char kViewSource[] = "view-source"; |
648 // Reject "view-source:view-source:..." to avoid deep recursion. | 640 // Reject "view-source:view-source:..." to avoid deep recursion. |
649 const char kViewSourceTwice[] = "view-source:view-source:"; | 641 const char kViewSourceTwice[] = "view-source:view-source:"; |
650 if (url.SchemeIs(kViewSource) && | 642 if (url.SchemeIs(kViewSource) && |
651 !base::StartsWith(url.possibly_invalid_spec(), kViewSourceTwice, | 643 !base::StartsWith(url.possibly_invalid_spec(), kViewSourceTwice, |
652 base::CompareCase::INSENSITIVE_ASCII)) { | 644 base::CompareCase::INSENSITIVE_ASCII)) { |
653 return FormatViewSourceUrl(url, languages, format_types, unescape_rules, | 645 return FormatViewSourceUrl(url, format_types, unescape_rules, |
654 new_parsed, prefix_end, adjustments); | 646 new_parsed, prefix_end, adjustments); |
655 } | 647 } |
656 | 648 |
657 // We handle both valid and invalid URLs (this will give us the spec | 649 // We handle both valid and invalid URLs (this will give us the spec |
658 // regardless of validity). | 650 // regardless of validity). |
659 const std::string& spec = url.possibly_invalid_spec(); | 651 const std::string& spec = url.possibly_invalid_spec(); |
660 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec(); | 652 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec(); |
661 | 653 |
662 // Scheme & separators. These are ASCII. | 654 // Scheme & separators. These are ASCII. |
663 base::string16 url_string; | 655 base::string16 url_string; |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
713 AppendFormattedComponent(spec, parsed.password, | 705 AppendFormattedComponent(spec, parsed.password, |
714 NonHostComponentTransform(unescape_rules), | 706 NonHostComponentTransform(unescape_rules), |
715 &url_string, &new_parsed->password, adjustments); | 707 &url_string, &new_parsed->password, adjustments); |
716 if (parsed.username.is_valid() || parsed.password.is_valid()) | 708 if (parsed.username.is_valid() || parsed.password.is_valid()) |
717 url_string.push_back('@'); | 709 url_string.push_back('@'); |
718 } | 710 } |
719 if (prefix_end) | 711 if (prefix_end) |
720 *prefix_end = static_cast<size_t>(url_string.length()); | 712 *prefix_end = static_cast<size_t>(url_string.length()); |
721 | 713 |
722 // Host. | 714 // Host. |
723 AppendFormattedComponent(spec, parsed.host, HostComponentTransform(languages), | 715 AppendFormattedComponent(spec, parsed.host, HostComponentTransform(), |
724 &url_string, &new_parsed->host, adjustments); | 716 &url_string, &new_parsed->host, adjustments); |
725 | 717 |
726 // Port. | 718 // Port. |
727 if (parsed.port.is_nonempty()) { | 719 if (parsed.port.is_nonempty()) { |
728 url_string.push_back(':'); | 720 url_string.push_back(':'); |
729 new_parsed->port.begin = url_string.length(); | 721 new_parsed->port.begin = url_string.length(); |
730 url_string.insert(url_string.end(), spec.begin() + parsed.port.begin, | 722 url_string.insert(url_string.end(), spec.begin() + parsed.port.begin, |
731 spec.begin() + parsed.port.end()); | 723 spec.begin() + parsed.port.end()); |
732 new_parsed->port.len = url_string.length() - new_parsed->port.begin; | 724 new_parsed->port.len = url_string.length() - new_parsed->port.begin; |
733 } else { | 725 } else { |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
789 // the hostname. | 781 // the hostname. |
790 return url.IsStandard() && !url.SchemeIsFile() && !url.SchemeIsFileSystem() && | 782 return url.IsStandard() && !url.SchemeIsFile() && !url.SchemeIsFileSystem() && |
791 !url.has_query() && !url.has_ref() && url.path() == "/"; | 783 !url.has_query() && !url.has_ref() && url.path() == "/"; |
792 } | 784 } |
793 | 785 |
794 void AppendFormattedHost(const GURL& url, | 786 void AppendFormattedHost(const GURL& url, |
795 const std::string& languages, | 787 const std::string& languages, |
796 base::string16* output) { | 788 base::string16* output) { |
797 AppendFormattedComponent( | 789 AppendFormattedComponent( |
798 url.possibly_invalid_spec(), url.parsed_for_possibly_invalid_spec().host, | 790 url.possibly_invalid_spec(), url.parsed_for_possibly_invalid_spec().host, |
799 HostComponentTransform(languages), output, NULL, NULL); | 791 HostComponentTransform(), output, NULL, NULL); |
800 } | 792 } |
801 | 793 |
802 base::string16 IDNToUnicode(const std::string& host, | 794 base::string16 IDNToUnicode(const std::string& host, |
803 const std::string& languages) { | 795 const std::string& languages) { |
804 return IDNToUnicodeWithAdjustments(host, languages, NULL); | 796 return IDNToUnicodeWithAdjustments(host, NULL); |
805 } | 797 } |
806 | 798 |
807 base::string16 StripWWW(const base::string16& text) { | 799 base::string16 StripWWW(const base::string16& text) { |
808 const base::string16 www(base::ASCIIToUTF16("www.")); | 800 const base::string16 www(base::ASCIIToUTF16("www.")); |
809 return base::StartsWith(text, www, base::CompareCase::SENSITIVE) | 801 return base::StartsWith(text, www, base::CompareCase::SENSITIVE) |
810 ? text.substr(www.length()) : text; | 802 ? text.substr(www.length()) : text; |
811 } | 803 } |
812 | 804 |
813 base::string16 StripWWWFromHost(const GURL& url) { | 805 base::string16 StripWWWFromHost(const GURL& url) { |
814 DCHECK(url.is_valid()); | 806 DCHECK(url.is_valid()); |
815 return StripWWW(base::ASCIIToUTF16(url.host_piece())); | 807 return StripWWW(base::ASCIIToUTF16(url.host_piece())); |
816 } | 808 } |
817 | 809 |
818 } // namespace url_formatter | 810 } // namespace url_formatter |
OLD | NEW |