OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/url_formatter/url_formatter.h" | 5 #include "components/url_formatter/url_formatter.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <map> | |
9 #include <utility> | 8 #include <utility> |
10 | 9 |
11 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
12 #include "base/logging.h" | |
13 #include "base/macros.h" | 11 #include "base/macros.h" |
14 #include "base/memory/singleton.h" | 12 #include "base/memory/scoped_ptr.h" |
15 #include "base/stl_util.h" | 13 #include "base/numerics/safe_conversions.h" |
16 #include "base/strings/string_tokenizer.h" | 14 #include "base/strings/string_piece.h" |
17 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
18 #include "base/strings/utf_offset_string_conversions.h" | 16 #include "base/strings/utf_offset_string_conversions.h" |
19 #include "base/strings/utf_string_conversions.h" | 17 #include "base/strings/utf_string_conversions.h" |
20 #include "base/synchronization/lock.h" | 18 #include "base/threading/thread_local_storage.h" |
21 #include "third_party/icu/source/common/unicode/uidna.h" | 19 #include "third_party/icu/source/common/unicode/uidna.h" |
22 #include "third_party/icu/source/common/unicode/uniset.h" | 20 #include "third_party/icu/source/common/unicode/uniset.h" |
23 #include "third_party/icu/source/common/unicode/uscript.h" | 21 #include "third_party/icu/source/common/unicode/uscript.h" |
| 22 #include "third_party/icu/source/common/unicode/uvernum.h" |
24 #include "third_party/icu/source/i18n/unicode/regex.h" | 23 #include "third_party/icu/source/i18n/unicode/regex.h" |
25 #include "third_party/icu/source/i18n/unicode/ulocdata.h" | 24 #include "third_party/icu/source/i18n/unicode/uspoof.h" |
26 #include "url/gurl.h" | 25 #include "url/gurl.h" |
27 #include "url/third_party/mozilla/url_parse.h" | 26 #include "url/third_party/mozilla/url_parse.h" |
28 | 27 |
29 namespace url_formatter { | 28 namespace url_formatter { |
30 | 29 |
31 namespace { | 30 namespace { |
32 | 31 |
33 base::string16 IDNToUnicodeWithAdjustments( | 32 base::string16 IDNToUnicodeWithAdjustments( |
34 const std::string& host, | 33 const std::string& host, |
35 const std::string& languages, | |
36 base::OffsetAdjuster::Adjustments* adjustments); | 34 base::OffsetAdjuster::Adjustments* adjustments); |
37 bool IDNToUnicodeOneComponent(const base::char16* comp, | 35 bool IDNToUnicodeOneComponent(const base::char16* comp, |
38 size_t comp_len, | 36 size_t comp_len, |
39 const std::string& languages, | |
40 base::string16* out); | 37 base::string16* out); |
41 | 38 |
42 class AppendComponentTransform { | 39 class AppendComponentTransform { |
43 public: | 40 public: |
44 AppendComponentTransform() {} | 41 AppendComponentTransform() {} |
45 virtual ~AppendComponentTransform() {} | 42 virtual ~AppendComponentTransform() {} |
46 | 43 |
47 virtual base::string16 Execute( | 44 virtual base::string16 Execute( |
48 const std::string& component_text, | 45 const std::string& component_text, |
49 base::OffsetAdjuster::Adjustments* adjustments) const = 0; | 46 base::OffsetAdjuster::Adjustments* adjustments) const = 0; |
50 | 47 |
51 // NOTE: No DISALLOW_COPY_AND_ASSIGN here, since gcc < 4.3.0 requires an | 48 // NOTE: No DISALLOW_COPY_AND_ASSIGN here, since gcc < 4.3.0 requires an |
52 // accessible copy constructor in order to call AppendFormattedComponent() | 49 // accessible copy constructor in order to call AppendFormattedComponent() |
53 // with an inline temporary (see http://gcc.gnu.org/bugs/#cxx%5Frvalbind ). | 50 // with an inline temporary (see http://gcc.gnu.org/bugs/#cxx%5Frvalbind ). |
54 }; | 51 }; |
55 | 52 |
56 class HostComponentTransform : public AppendComponentTransform { | 53 class HostComponentTransform : public AppendComponentTransform { |
57 public: | 54 public: |
58 explicit HostComponentTransform(const std::string& languages) | 55 HostComponentTransform() {} |
59 : languages_(languages) {} | |
60 | 56 |
61 private: | 57 private: |
62 base::string16 Execute( | 58 base::string16 Execute( |
63 const std::string& component_text, | 59 const std::string& component_text, |
64 base::OffsetAdjuster::Adjustments* adjustments) const override { | 60 base::OffsetAdjuster::Adjustments* adjustments) const override { |
65 return IDNToUnicodeWithAdjustments(component_text, languages_, adjustments); | 61 return IDNToUnicodeWithAdjustments(component_text, adjustments); |
66 } | 62 } |
67 | |
68 const std::string& languages_; | |
69 }; | 63 }; |
70 | 64 |
71 class NonHostComponentTransform : public AppendComponentTransform { | 65 class NonHostComponentTransform : public AppendComponentTransform { |
72 public: | 66 public: |
73 explicit NonHostComponentTransform(net::UnescapeRule::Type unescape_rules) | 67 explicit NonHostComponentTransform(net::UnescapeRule::Type unescape_rules) |
74 : unescape_rules_(unescape_rules) {} | 68 : unescape_rules_(unescape_rules) {} |
75 | 69 |
76 private: | 70 private: |
77 base::string16 Execute( | 71 base::string16 Execute( |
78 const std::string& component_text, | 72 const std::string& component_text, |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
150 AdjustComponent(delta, &(parsed->host)); | 144 AdjustComponent(delta, &(parsed->host)); |
151 AdjustComponent(delta, &(parsed->port)); | 145 AdjustComponent(delta, &(parsed->port)); |
152 AdjustComponent(delta, &(parsed->path)); | 146 AdjustComponent(delta, &(parsed->path)); |
153 AdjustComponent(delta, &(parsed->query)); | 147 AdjustComponent(delta, &(parsed->query)); |
154 AdjustComponent(delta, &(parsed->ref)); | 148 AdjustComponent(delta, &(parsed->ref)); |
155 } | 149 } |
156 | 150 |
157 // Helper for FormatUrlWithOffsets(). | 151 // Helper for FormatUrlWithOffsets(). |
158 base::string16 FormatViewSourceUrl( | 152 base::string16 FormatViewSourceUrl( |
159 const GURL& url, | 153 const GURL& url, |
160 const std::string& languages, | |
161 FormatUrlTypes format_types, | 154 FormatUrlTypes format_types, |
162 net::UnescapeRule::Type unescape_rules, | 155 net::UnescapeRule::Type unescape_rules, |
163 url::Parsed* new_parsed, | 156 url::Parsed* new_parsed, |
164 size_t* prefix_end, | 157 size_t* prefix_end, |
165 base::OffsetAdjuster::Adjustments* adjustments) { | 158 base::OffsetAdjuster::Adjustments* adjustments) { |
166 DCHECK(new_parsed); | 159 DCHECK(new_parsed); |
167 const char kViewSource[] = "view-source:"; | 160 const char kViewSource[] = "view-source:"; |
168 const size_t kViewSourceLength = arraysize(kViewSource) - 1; | 161 const size_t kViewSourceLength = arraysize(kViewSource) - 1; |
169 | 162 |
170 // Format the underlying URL and record adjustments. | 163 // Format the underlying URL and record adjustments. |
171 const std::string& url_str(url.possibly_invalid_spec()); | 164 const std::string& url_str(url.possibly_invalid_spec()); |
172 adjustments->clear(); | 165 adjustments->clear(); |
173 base::string16 result( | 166 base::string16 result( |
174 base::ASCIIToUTF16(kViewSource) + | 167 base::ASCIIToUTF16(kViewSource) + |
175 FormatUrlWithAdjustments(GURL(url_str.substr(kViewSourceLength)), | 168 FormatUrlWithAdjustments(GURL(url_str.substr(kViewSourceLength)), |
176 languages, format_types, unescape_rules, | 169 std::string(), format_types, unescape_rules, |
177 new_parsed, prefix_end, adjustments)); | 170 new_parsed, prefix_end, adjustments)); |
178 // Revise |adjustments| by shifting to the offsets to prefix that the above | 171 // Revise |adjustments| by shifting to the offsets to prefix that the above |
179 // call to FormatUrl didn't get to see. | 172 // call to FormatUrl didn't get to see. |
180 for (base::OffsetAdjuster::Adjustments::iterator it = adjustments->begin(); | 173 for (base::OffsetAdjuster::Adjustments::iterator it = adjustments->begin(); |
181 it != adjustments->end(); ++it) | 174 it != adjustments->end(); ++it) |
182 it->original_offset += kViewSourceLength; | 175 it->original_offset += kViewSourceLength; |
183 | 176 |
184 // Adjust positions of the parsed components. | 177 // Adjust positions of the parsed components. |
185 if (new_parsed->scheme.is_nonempty()) { | 178 if (new_parsed->scheme.is_nonempty()) { |
186 // Assume "view-source:real-scheme" as a scheme. | 179 // Assume "view-source:real-scheme" as a scheme. |
187 new_parsed->scheme.len += kViewSourceLength; | 180 new_parsed->scheme.len += kViewSourceLength; |
188 } else { | 181 } else { |
189 new_parsed->scheme.begin = 0; | 182 new_parsed->scheme.begin = 0; |
190 new_parsed->scheme.len = kViewSourceLength - 1; | 183 new_parsed->scheme.len = kViewSourceLength - 1; |
191 } | 184 } |
192 AdjustAllComponentsButScheme(kViewSourceLength, new_parsed); | 185 AdjustAllComponentsButScheme(kViewSourceLength, new_parsed); |
193 | 186 |
194 if (prefix_end) | 187 if (prefix_end) |
195 *prefix_end += kViewSourceLength; | 188 *prefix_end += kViewSourceLength; |
196 | 189 |
197 return result; | 190 return result; |
198 } | 191 } |
199 | 192 |
200 // TODO(brettw) bug 734373: check the scripts for each host component and | 193 // TODO(brettw): We may want to skip this step in the case of file URLs to |
201 // don't un-IDN-ize if there is more than one. Alternatively, only IDN for | 194 // allow unicode UNC hostnames regardless of encodings. |
202 // scripts that the user has installed. For now, just put the entire | |
203 // path through IDN. Maybe this feature can be implemented in ICU itself? | |
204 // | |
205 // We may want to skip this step in the case of file URLs to allow unicode | |
206 // UNC hostnames regardless of encodings. | |
207 base::string16 IDNToUnicodeWithAdjustments( | 195 base::string16 IDNToUnicodeWithAdjustments( |
208 const std::string& host, | 196 const std::string& host, |
209 const std::string& languages, | |
210 base::OffsetAdjuster::Adjustments* adjustments) { | 197 base::OffsetAdjuster::Adjustments* adjustments) { |
211 if (adjustments) | 198 if (adjustments) |
212 adjustments->clear(); | 199 adjustments->clear(); |
213 // Convert the ASCII input to a base::string16 for ICU. | 200 // Convert the ASCII input to a base::string16 for ICU. |
214 base::string16 input16; | 201 base::string16 input16; |
215 input16.reserve(host.length()); | 202 input16.reserve(host.length()); |
216 input16.insert(input16.end(), host.begin(), host.end()); | 203 input16.insert(input16.end(), host.begin(), host.end()); |
217 | 204 |
218 // Do each component of the host separately, since we enforce script matching | 205 // Do each component of the host separately, since we enforce script matching |
219 // on a per-component basis. | 206 // on a per-component basis. |
220 base::string16 out16; | 207 base::string16 out16; |
221 for (size_t component_start = 0, component_end; | 208 for (size_t component_start = 0, component_end; |
222 component_start < input16.length(); | 209 component_start < input16.length(); |
223 component_start = component_end + 1) { | 210 component_start = component_end + 1) { |
224 // Find the end of the component. | 211 // Find the end of the component. |
225 component_end = input16.find('.', component_start); | 212 component_end = input16.find('.', component_start); |
226 if (component_end == base::string16::npos) | 213 if (component_end == base::string16::npos) |
227 component_end = input16.length(); // For getting the last component. | 214 component_end = input16.length(); // For getting the last component. |
228 size_t component_length = component_end - component_start; | 215 size_t component_length = component_end - component_start; |
229 size_t new_component_start = out16.length(); | 216 size_t new_component_start = out16.length(); |
230 bool converted_idn = false; | 217 bool converted_idn = false; |
231 if (component_end > component_start) { | 218 if (component_end > component_start) { |
232 // Add the substring that we just found. | 219 // Add the substring that we just found. |
233 converted_idn = | 220 converted_idn = |
234 IDNToUnicodeOneComponent(input16.data() + component_start, | 221 IDNToUnicodeOneComponent(input16.data() + component_start, |
235 component_length, languages, &out16); | 222 component_length, &out16); |
236 } | 223 } |
237 size_t new_component_length = out16.length() - new_component_start; | 224 size_t new_component_length = out16.length() - new_component_start; |
238 | 225 |
239 if (converted_idn && adjustments) { | 226 if (converted_idn && adjustments) { |
240 adjustments->push_back(base::OffsetAdjuster::Adjustment( | 227 adjustments->push_back(base::OffsetAdjuster::Adjustment( |
241 component_start, component_length, new_component_length)); | 228 component_start, component_length, new_component_length)); |
242 } | 229 } |
243 | 230 |
244 // Need to add the dot we just found (if we found one). | 231 // Need to add the dot we just found (if we found one). |
245 if (component_end < input16.length()) | 232 if (component_end < input16.length()) |
246 out16.push_back('.'); | 233 out16.push_back('.'); |
247 } | 234 } |
248 return out16; | 235 return out16; |
249 } | 236 } |
250 | 237 |
251 // Does some simple normalization of scripts so we can allow certain scripts | 238 // A helper class for IDN Spoof checking, used to ensure that no IDN input is |
252 // to exist together. | 239 // spoofable per Chromium's standard of spoofability. For a more thorough |
253 // TODO(brettw) bug 880223: we should allow some other languages to be | 240 // explanation of how spoof checking works in Chromium, see |
254 // oombined such as Chinese and Latin. We will probably need a more | 241 // http://dev.chromium.org/developers/design-documents/idn-in-google-chrome . |
255 // complicated system of language pairs to have more fine-grained control. | 242 class IDNSpoofChecker { |
256 UScriptCode NormalizeScript(UScriptCode code) { | 243 public: |
257 switch (code) { | 244 IDNSpoofChecker(); |
258 case USCRIPT_KATAKANA: | 245 |
259 case USCRIPT_HIRAGANA: | 246 // Returns true if |label| is safe to display as Unicode. In the event of |
260 case USCRIPT_KATAKANA_OR_HIRAGANA: | 247 // library failure, all IDN inputs will be treated as unsafe. |
261 case USCRIPT_HANGUL: // This one is arguable. | 248 bool Check(base::StringPiece16 label); |
262 return USCRIPT_HAN; | 249 |
263 default: | 250 private: |
264 return code; | 251 void SetAllowedUnicodeSet(UErrorCode* status); |
| 252 |
| 253 USpoofChecker* checker_; |
| 254 icu::UnicodeSet deviation_characters_; |
| 255 icu::UnicodeSet latin_letters_; |
| 256 icu::UnicodeSet non_ascii_latin_letters_; |
| 257 |
| 258 DISALLOW_COPY_AND_ASSIGN(IDNSpoofChecker); |
| 259 }; |
| 260 |
| 261 base::LazyInstance<IDNSpoofChecker>::Leaky g_idn_spoof_checker = |
| 262 LAZY_INSTANCE_INITIALIZER; |
| 263 base::ThreadLocalStorage::StaticSlot tls_index = TLS_INITIALIZER; |
| 264 |
| 265 void OnThreadTermination(void* regex_matcher) { |
| 266 delete reinterpret_cast<icu::RegexMatcher*>(regex_matcher); |
| 267 } |
| 268 |
| 269 IDNSpoofChecker::IDNSpoofChecker() { |
| 270 UErrorCode status = U_ZERO_ERROR; |
| 271 checker_ = uspoof_open(&status); |
| 272 if (U_FAILURE(status)) { |
| 273 checker_ = nullptr; |
| 274 return; |
265 } | 275 } |
266 } | 276 |
267 | 277 // At this point, USpoofChecker has all the checks enabled except |
268 bool IsIDNComponentInSingleScript(const base::char16* str, int str_len) { | 278 // for USPOOF_CHAR_LIMIT (USPOOF_{RESTRICTION_LEVEL, INVISIBLE, |
269 UScriptCode first_script = USCRIPT_INVALID_CODE; | 279 // MIXED_SCRIPT_CONFUSABLE, WHOLE_SCRIPT_CONFUSABLE, MIXED_NUMBERS, ANY_CASE}) |
270 bool is_first = true; | 280 // This default configuration is adjusted below as necessary. |
271 | 281 |
272 int i = 0; | 282 // Set the restriction level to moderate. It allows mixing Latin with another |
273 while (i < str_len) { | 283 // script (+ COMMON and INHERITED). Except for Chinese(Han + Bopomofo), |
274 unsigned code_point; | 284 // Japanese(Hiragana + Katakana + Han), and Korean(Hangul + Han), only one |
275 U16_NEXT(str, i, str_len, code_point); | 285 // script other than Common and Inherited can be mixed with Latin. Cyrillic |
276 | 286 // and Greek are not allowed to mix with Latin. |
277 UErrorCode err = U_ZERO_ERROR; | 287 // See http://www.unicode.org/reports/tr39/#Restriction_Level_Detection |
278 UScriptCode cur_script = uscript_getScript(code_point, &err); | 288 uspoof_setRestrictionLevel(checker_, USPOOF_MODERATELY_RESTRICTIVE); |
279 if (err != U_ZERO_ERROR) | 289 |
280 return false; // Report mixed on error. | 290 // Restrict allowed characters in IDN labels and turn on USPOOF_CHAR_LIMIT. |
281 cur_script = NormalizeScript(cur_script); | 291 SetAllowedUnicodeSet(&status); |
282 | 292 |
283 // TODO(brettw) We may have to check for USCRIPT_INHERENT as well. | 293 // Enable the return of auxillary (non-error) information. |
284 if (is_first && cur_script != USCRIPT_COMMON) { | 294 int32_t checks = uspoof_getChecks(checker_, &status) | USPOOF_AUX_INFO; |
285 first_script = cur_script; | 295 |
286 is_first = false; | 296 // Disable WHOLE_SCRIPT_CONFUSABLE check. The check has a marginal value when |
287 } else { | 297 // used against a single string as opposed to comparing a pair of strings. In |
288 if (cur_script != USCRIPT_COMMON && cur_script != first_script) | 298 // addition, it would also flag a number of common labels including the IDN |
289 return false; | 299 // TLD for Russian. |
290 } | 300 // A possible alternative would be to turn on the check and block a label |
| 301 // only under the following conditions, but it'd better be done on the |
| 302 // server-side (e.g. SafeBrowsing): |
| 303 // 1. The label is whole-script confusable. |
| 304 // 2. And the skeleton of the label matches the skeleton of one of top |
| 305 // domain labels. See http://unicode.org/reports/tr39/#Confusable_Detection |
| 306 // for the definition of skeleton. |
| 307 // 3. And the label is different from the matched top domain label in #2. |
| 308 checks &= ~USPOOF_WHOLE_SCRIPT_CONFUSABLE; |
| 309 |
| 310 uspoof_setChecks(checker_, checks, &status); |
| 311 |
| 312 // Four characters handled differently by IDNA 2003 and IDNA 2008. UTS46 |
| 313 // transitional processing treats them as IDNA 2003 does; maps U+00DF and |
| 314 // U+03C2 and drops U+200[CD]. |
| 315 deviation_characters_ = |
| 316 icu::UnicodeSet(UNICODE_STRING_SIMPLE("[\\u00df\\u03c2\\u200c\\u200d]"), |
| 317 status); |
| 318 deviation_characters_.freeze(); |
| 319 |
| 320 latin_letters_ = |
| 321 icu::UnicodeSet(UNICODE_STRING_SIMPLE("[:Latin:]"), status); |
| 322 latin_letters_.freeze(); |
| 323 |
| 324 // Latin letters outside ASCII. 'Script_Extensions=Latin' is not necessary |
| 325 // because additional characters pulled in with scx=Latn are not included in |
| 326 // the allowed set. |
| 327 non_ascii_latin_letters_ = icu::UnicodeSet( |
| 328 UNICODE_STRING_SIMPLE("[[:Latin:] - [a-zA-Z]]"), status); |
| 329 non_ascii_latin_letters_.freeze(); |
| 330 |
| 331 DCHECK(U_SUCCESS(status)); |
| 332 } |
| 333 |
| 334 bool IDNSpoofChecker::Check(base::StringPiece16 label) { |
| 335 UErrorCode status = U_ZERO_ERROR; |
| 336 int32_t result = uspoof_check(checker_, label.data(), |
| 337 base::checked_cast<int32_t>(label.size()), |
| 338 NULL, &status); |
| 339 // If uspoof_check fails (due to library failure), or if any of the checks |
| 340 // fail, treat the IDN as unsafe. |
| 341 if (U_FAILURE(status) || (result & USPOOF_ALL_CHECKS)) |
| 342 return false; |
| 343 |
| 344 icu::UnicodeString label_string(FALSE, label.data(), |
| 345 base::checked_cast<int32_t>(label.size())); |
| 346 |
| 347 // A punycode label with 'xn--' prefix is not subject to the URL |
| 348 // canonicalization and is stored as it is in GURL. If it encodes a deviation |
| 349 // character (UTS 46; e.g. U+00DF/sharp-s), it should be still shown in |
| 350 // punycode instead of Unicode. Without this check, xn--fu-hia for |
| 351 // 'fu<sharp-s>' would be converted to 'fu<sharp-s>' for display because |
| 352 // "UTS 46 section 4 Processing step 4" applies validity criteria for |
| 353 // non-transitional processing (i.e. do not map deviation characters) to any |
| 354 // punycode labels regardless of whether transitional or non-transitional is |
| 355 // chosen. On the other hand, 'fu<sharp-s>' typed or copy and pasted |
| 356 // as Unicode would be canonicalized to 'fuss' by GURL and is displayed as |
| 357 // such. See http://crbug.com/595263 . |
| 358 if (deviation_characters_.containsSome(label_string)) |
| 359 return false; |
| 360 |
| 361 // If there's no script mixing, the input is regarded as safe without any |
| 362 // extra check. |
| 363 result &= USPOOF_RESTRICTION_LEVEL_MASK; |
| 364 if (result == USPOOF_ASCII || result == USPOOF_SINGLE_SCRIPT_RESTRICTIVE) |
| 365 return true; |
| 366 |
| 367 // When check is passed at 'highly restrictive' level, |label| is |
| 368 // made up of one of the following script sets optionally mixed with Latin. |
| 369 // - Chinese: Han, Bopomofo, Common |
| 370 // - Japanese: Han, Hiragana, Katakana, Common |
| 371 // - Korean: Hangul, Han, Common |
| 372 // Treat this case as a 'logical' single script unless Latin is mixed. |
| 373 if (result == USPOOF_HIGHLY_RESTRICTIVE && |
| 374 latin_letters_.containsNone(label_string)) |
| 375 return true; |
| 376 |
| 377 // Additional checks for |label| with multiple scripts, one of which is Latin. |
| 378 // Disallow non-ASCII Latin letters to mix with a non-Latin script. |
| 379 if (non_ascii_latin_letters_.containsSome(label_string)) |
| 380 return false; |
| 381 |
| 382 if (!tls_index.initialized()) |
| 383 tls_index.Initialize(&OnThreadTermination); |
| 384 icu::RegexMatcher* dangerous_pattern = |
| 385 reinterpret_cast<icu::RegexMatcher*>(tls_index.Get()); |
| 386 if (!dangerous_pattern) { |
| 387 // Disallow the katakana no, so, zo, or n, as they may be mistaken for |
| 388 // slashes when they're surrounded by non-Japanese scripts (i.e. scripts |
| 389 // other than Katakana, Hiragana or Han). If {no, so, zo, n} next to a |
| 390 // non-Japanese script on either side is disallowed, legitimate cases like |
| 391 // '{vitamin in Katakana}b6' are blocked. Note that trying to block those |
| 392 // characters when used alone as a label is futile because those cases |
| 393 // would not reach here. |
| 394 dangerous_pattern = new icu::RegexMatcher( |
| 395 icu::UnicodeString( |
| 396 "[^\\p{scx=kana}\\p{scx=hira}\\p{scx=hani}]" |
| 397 "[\\u30ce\\u30f3\\u30bd\\u30be]" |
| 398 "[^\\p{scx=kana}\\p{scx=hira}\\p{scx=hani}]", -1, US_INV), |
| 399 0, status); |
| 400 tls_index.Set(dangerous_pattern); |
291 } | 401 } |
292 return true; | 402 dangerous_pattern->reset(label_string); |
293 } | 403 return !dangerous_pattern->find(); |
294 | 404 } |
295 // Check if the script of a language can be 'safely' mixed with | 405 |
296 // Latin letters in the ASCII range. | 406 void IDNSpoofChecker::SetAllowedUnicodeSet(UErrorCode* status) { |
297 bool IsCompatibleWithASCIILetters(const std::string& lang) { | 407 if (U_FAILURE(*status)) |
298 // For now, just list Chinese, Japanese and Korean (positive list). | 408 return; |
299 // An alternative is negative-listing (languages using Greek and | 409 |
300 // Cyrillic letters), but it can be more dangerous. | 410 // The recommended set is a set of characters for identifiers in a |
301 return !lang.substr(0, 2).compare("zh") || !lang.substr(0, 2).compare("ja") || | 411 // security-sensitive environment taken from UTR 39 |
302 !lang.substr(0, 2).compare("ko"); | 412 // (http://unicode.org/reports/tr39/) and |
303 } | 413 // http://www.unicode.org/Public/security/latest/xidmodifications.txt . |
304 | 414 // The inclusion set comes from "Candidate Characters for Inclusion |
305 typedef std::map<std::string, icu::UnicodeSet*> LangToExemplarSetMap; | 415 // in idenfiers" of UTR 31 (http://www.unicode.org/reports/tr31). The list |
306 | 416 // may change over the time and will be updated whenever the version of ICU |
307 class LangToExemplarSet { | 417 // used in Chromium is updated. |
308 public: | 418 const icu::UnicodeSet* recommended_set = |
309 static LangToExemplarSet* GetInstance() { | 419 uspoof_getRecommendedUnicodeSet(status); |
310 return base::Singleton<LangToExemplarSet>::get(); | 420 icu::UnicodeSet allowed_set; |
311 } | 421 allowed_set.addAll(*recommended_set); |
312 | 422 const icu::UnicodeSet* inclusion_set = uspoof_getInclusionUnicodeSet(status); |
313 private: | 423 allowed_set.addAll(*inclusion_set); |
314 LangToExemplarSetMap map; | 424 |
315 LangToExemplarSet() {} | 425 // Five aspirational scripts are taken from UTR 31 Table 6 at |
316 ~LangToExemplarSet() { | 426 // http://www.unicode.org/reports/tr31/#Aspirational_Use_Scripts . |
317 STLDeleteContainerPairSecondPointers(map.begin(), map.end()); | 427 // Not all the characters of aspirational scripts are suitable for |
318 } | 428 // identifiers. Therefore, only characters belonging to |
319 | 429 // [:Identifier_Type=Aspirational:] (listed in 'Status/Type=Aspirational' |
320 friend class base::Singleton<LangToExemplarSet>; | 430 // section at |
321 friend struct base::DefaultSingletonTraits<LangToExemplarSet>; | 431 // http://www.unicode.org/Public/security/latest/xidmodifications.txt) are |
322 friend bool GetExemplarSetForLang(const std::string&, icu::UnicodeSet**); | 432 // are added to the allowed set. The list has to be updated when a new |
323 friend void SetExemplarSetForLang(const std::string&, icu::UnicodeSet*); | 433 // version of Unicode is released. The current version is 8.0.0 and ICU 58 |
324 | 434 // will have Unicode 9.0 data. |
325 DISALLOW_COPY_AND_ASSIGN(LangToExemplarSet); | 435 #if U_ICU_VERSION_MAJOR_NUM < 58 |
326 }; | 436 const icu::UnicodeSet aspirational_scripts( |
327 | 437 icu::UnicodeString( |
328 bool GetExemplarSetForLang(const std::string& lang, | 438 // Unified Canadian Syllabics |
329 icu::UnicodeSet** lang_set) { | 439 "[\\u1401-\\u166C\\u166F-\\u167F" |
330 const LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map; | 440 // Mongolian |
331 LangToExemplarSetMap::const_iterator pos = map.find(lang); | 441 "\\u1810-\\u1819\\u1820-\\u1877\\u1880-\\u18AA" |
332 if (pos != map.end()) { | 442 // Unified Canadian Syllabics |
333 *lang_set = pos->second; | 443 "\\u18B0-\\u18F5" |
334 return true; | 444 // Tifinagh |
335 } | 445 "\\u2D30-\\u2D67\\u2D7F" |
336 return false; | 446 // Yi |
337 } | 447 "\\uA000-\\uA48C" |
338 | 448 // Miao |
339 void SetExemplarSetForLang(const std::string& lang, icu::UnicodeSet* lang_set) { | 449 "\\U00016F00-\\U00016F44\\U00016F50-\\U00016F7F" |
340 LangToExemplarSetMap& map = LangToExemplarSet::GetInstance()->map; | 450 "\\U00016F8F-\\U00016F9F]", |
341 map.insert(std::make_pair(lang, lang_set)); | 451 -1, US_INV), |
342 } | 452 *status); |
343 | 453 allowed_set.addAll(aspirational_scripts); |
344 static base::LazyInstance<base::Lock>::Leaky g_lang_set_lock = | 454 #else |
345 LAZY_INSTANCE_INITIALIZER; | 455 #error "Update aspirational_scripts per Unicode 9.0" |
346 | 456 #endif |
347 // Returns true if all the characters in component_characters are used by | 457 |
348 // the language |lang|. | 458 // U+0338 is included in the recommended set, while U+05F4 and U+2027 are in |
349 bool IsComponentCoveredByLang(const icu::UnicodeSet& component_characters, | 459 // the inclusion set. However, they are blacklisted as a part of Mozilla's |
350 const std::string& lang) { | 460 // IDN blacklist (http://kb.mozillazine.org/Network.IDN.blacklist_chars). |
351 CR_DEFINE_STATIC_LOCAL(const icu::UnicodeSet, kASCIILetters, ('a', 'z')); | 461 // U+0338 and U+2027 are dropped; the former can look like a slash when |
352 icu::UnicodeSet* lang_set = nullptr; | 462 // rendered with a broken font, and the latter can be confused with U+30FB |
353 // We're called from both the UI thread and the history thread. | 463 // (Katakana Middle Dot). U+05F4 (Hebrew Punctuation Gershayim) is kept, |
354 { | 464 // even though it can look like a double quotation mark. Using it in Hebrew |
355 base::AutoLock lock(g_lang_set_lock.Get()); | 465 // should be safe. When used with a non-Hebrew script, it'd be filtered by |
356 if (!GetExemplarSetForLang(lang, &lang_set)) { | 466 // other checks in place. |
357 UErrorCode status = U_ZERO_ERROR; | 467 allowed_set.remove(0x338u); // Combining Long Solidus Overlay |
358 ULocaleData* uld = ulocdata_open(lang.c_str(), &status); | 468 allowed_set.remove(0x2027u); // Hyphenation Point |
359 // TODO(jungshik) Turn this check on when the ICU data file is | 469 |
360 // rebuilt with the minimal subset of locale data for languages | 470 uspoof_setAllowedUnicodeSet(checker_, &allowed_set, status); |
361 // to which Chrome is not localized but which we offer in the list | |
362 // of languages selectable for Accept-Languages. With the rebuilt ICU | |
363 // data, ulocdata_open never should fall back to the default locale. | |
364 // (issue 2078) | |
365 // DCHECK(U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING); | |
366 if (U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING) { | |
367 lang_set = reinterpret_cast<icu::UnicodeSet*>(ulocdata_getExemplarSet( | |
368 uld, nullptr, 0, ULOCDATA_ES_STANDARD, &status)); | |
369 // On success, if |lang| is compatible with ASCII Latin letters, add | |
370 // them. | |
371 if (lang_set && IsCompatibleWithASCIILetters(lang)) | |
372 lang_set->addAll(kASCIILetters); | |
373 } | |
374 | |
375 if (!lang_set) | |
376 lang_set = new icu::UnicodeSet(1, 0); | |
377 | |
378 lang_set->freeze(); | |
379 SetExemplarSetForLang(lang, lang_set); | |
380 ulocdata_close(uld); | |
381 } | |
382 } | |
383 return !lang_set->isEmpty() && lang_set->containsAll(component_characters); | |
384 } | 471 } |
385 | 472 |
386 // Returns true if the given Unicode host component is safe to display to the | 473 // Returns true if the given Unicode host component is safe to display to the |
387 // user. | 474 // user. Note that this function does not deal with pure ASCII domain labels at |
388 bool IsIDNComponentSafe(const base::char16* str, | 475 // all even though it's possible to make up look-alike labels with ASCII |
389 int str_len, | 476 // characters alone. |
390 const std::string& languages) { | 477 bool IsIDNComponentSafe(base::StringPiece16 label) { |
391 // Most common cases (non-IDN) do not reach here so that we don't | 478 return g_idn_spoof_checker.Get().Check(label); |
392 // need a fast return path. | |
393 // TODO(jungshik) : Check if there's any character inappropriate | |
394 // (although allowed) for domain names. | |
395 // See http://www.unicode.org/reports/tr39/#IDN_Security_Profiles and | |
396 // http://www.unicode.org/reports/tr39/data/xidmodifications.txt | |
397 // For now, we borrow the list from Mozilla and tweaked it slightly. | |
398 // (e.g. Characters like U+00A0, U+3000, U+3002 are omitted because | |
399 // they're gonna be canonicalized to U+0020 and full stop before | |
400 // reaching here.) | |
401 // The original list is available at | |
402 // http://kb.mozillazine.org/Network.IDN.blacklist_chars and | |
403 // at | |
404 // http://mxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#703 | |
405 | |
406 UErrorCode status = U_ZERO_ERROR; | |
407 #ifdef U_WCHAR_IS_UTF16 | |
408 icu::UnicodeSet dangerous_characters( | |
409 icu::UnicodeString( | |
410 L"[[\\ \u00ad\u00bc\u00bd\u01c3\u0337\u0338" | |
411 L"\u05c3\u05f4\u06d4\u0702\u115f\u1160][\u2000-\u200b]" | |
412 L"[\u2024\u2027\u2028\u2029\u2039\u203a\u2044\u205f]" | |
413 L"[\u2154-\u2156][\u2159-\u215b][\u215f\u2215\u23ae" | |
414 L"\u29f6\u29f8\u2afb\u2afd][\u2ff0-\u2ffb][\u3014" | |
415 L"\u3015\u3033\u3164\u321d\u321e\u33ae\u33af\u33c6\u33df\ufe14" | |
416 L"\ufe15\ufe3f\ufe5d\ufe5e\ufeff\uff0e\uff06\uff61\uffa0\ufff9]" | |
417 L"[\ufffa-\ufffd]\U0001f50f\U0001f510\U0001f512\U0001f513]"), | |
418 status); | |
419 DCHECK(U_SUCCESS(status)); | |
420 icu::RegexMatcher dangerous_patterns( | |
421 icu::UnicodeString( | |
422 // Lone katakana no, so, or n | |
423 L"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]" | |
424 // Repeating Japanese accent characters | |
425 L"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"), | |
426 0, status); | |
427 #else | |
428 icu::UnicodeSet dangerous_characters( | |
429 icu::UnicodeString( | |
430 "[[\\u0020\\u00ad\\u00bc\\u00bd\\u01c3\\u0337\\u0338" | |
431 "\\u05c3\\u05f4\\u06d4\\u0702\\u115f\\u1160][\\u2000-\\u200b]" | |
432 "[\\u2024\\u2027\\u2028\\u2029\\u2039\\u203a\\u2044\\u205f]" | |
433 "[\\u2154-\\u2156][\\u2159-\\u215b][\\u215f\\u2215\\u23ae" | |
434 "\\u29f6\\u29f8\\u2afb\\u2afd][\\u2ff0-\\u2ffb][\\u3014" | |
435 "\\u3015\\u3033\\u3164\\u321d\\u321e\\u33ae\\u33af\\u33c6\\u33df\\ufe" | |
436 "14" | |
437 "\\ufe15\\ufe3f\\ufe5d\\ufe5e\\ufeff\\uff0e\\uff06\\uff61\\uffa0\\uff" | |
438 "f9]" | |
439 "[\\ufffa-\\ufffd]\\U0001f50f\\U0001f510\\U0001f512\\U0001f513]", | |
440 -1, US_INV), | |
441 status); | |
442 DCHECK(U_SUCCESS(status)); | |
443 icu::RegexMatcher dangerous_patterns( | |
444 icu::UnicodeString( | |
445 // Lone katakana no, so, or n | |
446 "[^\\p{Katakana}][\\u30ce\\u30f3\\u30bd][^\\p{Katakana}]" | |
447 // Repeating Japanese accent characters | |
448 "|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"), | |
449 0, status); | |
450 #endif | |
451 DCHECK(U_SUCCESS(status)); | |
452 icu::UnicodeSet component_characters; | |
453 icu::UnicodeString component_string(str, str_len); | |
454 component_characters.addAll(component_string); | |
455 if (dangerous_characters.containsSome(component_characters)) | |
456 return false; | |
457 | |
458 DCHECK(U_SUCCESS(status)); | |
459 dangerous_patterns.reset(component_string); | |
460 if (dangerous_patterns.find()) | |
461 return false; | |
462 | |
463 // If the language list is empty, the result is completely determined | |
464 // by whether a component is a single script or not. This will block | |
465 // even "safe" script mixing cases like <Chinese, Latin-ASCII> that are | |
466 // allowed with |languages| (while it blocks Chinese + Latin letters with | |
467 // an accent as should be the case), but we want to err on the safe side | |
468 // when |languages| is empty. | |
469 if (languages.empty()) | |
470 return IsIDNComponentInSingleScript(str, str_len); | |
471 | |
472 // |common_characters| is made up of ASCII numbers, hyphen, plus and | |
473 // underscore that are used across scripts and allowed in domain names. | |
474 // (sync'd with characters allowed in url_canon_host with square | |
475 // brackets excluded.) See kHostCharLookup[] array in url_canon_host.cc. | |
476 icu::UnicodeSet common_characters(UNICODE_STRING_SIMPLE("[[0-9]\\-_+\\ ]"), | |
477 status); | |
478 DCHECK(U_SUCCESS(status)); | |
479 // Subtract common characters because they're always allowed so that | |
480 // we just have to check if a language-specific set contains | |
481 // the remainder. | |
482 component_characters.removeAll(common_characters); | |
483 | |
484 base::StringTokenizer t(languages, ","); | |
485 while (t.GetNext()) { | |
486 if (IsComponentCoveredByLang(component_characters, t.token())) | |
487 return true; | |
488 } | |
489 return false; | |
490 } | 479 } |
491 | 480 |
492 // A wrapper to use LazyInstance<>::Leaky with ICU's UIDNA, a C pointer to | 481 // A wrapper to use LazyInstance<>::Leaky with ICU's UIDNA, a C pointer to |
493 // a UTS46/IDNA 2008 handling object opened with uidna_openUTS46(). | 482 // a UTS46/IDNA 2008 handling object opened with uidna_openUTS46(). |
494 // | 483 // |
495 // We use UTS46 with BiDiCheck to migrate from IDNA 2003 to IDNA 2008 with | 484 // We use UTS46 with BiDiCheck to migrate from IDNA 2003 to IDNA 2008 with the |
496 // the backward compatibility in mind. What it does: | 485 // backward compatibility in mind. What it does: |
497 // | 486 // |
498 // 1. Use the up-to-date Unicode data. | 487 // 1. Use the up-to-date Unicode data. |
499 // 2. Define a case folding/mapping with the up-to-date Unicode data as | 488 // 2. Define a case folding/mapping with the up-to-date Unicode data as in |
500 // in IDNA 2003. | 489 // IDNA 2003. |
501 // 3. Use transitional mechanism for 4 deviation characters (sharp-s, | 490 // 3. Use transitional mechanism for 4 deviation characters (sharp-s, |
502 // final sigma, ZWJ and ZWNJ) for now. | 491 // final sigma, ZWJ and ZWNJ) for now. |
503 // 4. Continue to allow symbols and punctuations. | 492 // 4. Continue to allow symbols and punctuations. |
504 // 5. Apply new BiDi check rules more permissive than the IDNA 2003 BiDI rules. | 493 // 5. Apply new BiDi check rules more permissive than the IDNA 2003 BiDI rules. |
505 // 6. Do not apply STD3 rules | 494 // 6. Do not apply STD3 rules |
506 // 7. Do not allow unassigned code points. | 495 // 7. Do not allow unassigned code points. |
507 // | 496 // |
508 // It also closely matches what IE 10 does except for the BiDi check ( | 497 // It also closely matches what IE 10 does except for the BiDi check ( |
509 // http://goo.gl/3XBhqw ). | 498 // http://goo.gl/3XBhqw ). |
510 // See http://http://unicode.org/reports/tr46/ and references therein | 499 // See http://http://unicode.org/reports/tr46/ and references therein/ for more |
511 // for more details. | 500 // details. |
512 struct UIDNAWrapper { | 501 struct UIDNAWrapper { |
513 UIDNAWrapper() { | 502 UIDNAWrapper() { |
514 UErrorCode err = U_ZERO_ERROR; | 503 UErrorCode err = U_ZERO_ERROR; |
515 // TODO(jungshik): Change options as different parties (browsers, | 504 // TODO(jungshik): Change options as different parties (browsers, |
516 // registrars, search engines) converge toward a consensus. | 505 // registrars, search engines) converge toward a consensus. |
517 value = uidna_openUTS46(UIDNA_CHECK_BIDI, &err); | 506 value = uidna_openUTS46(UIDNA_CHECK_BIDI, &err); |
518 if (U_FAILURE(err)) | 507 if (U_FAILURE(err)) |
519 value = NULL; | 508 value = NULL; |
520 } | 509 } |
521 | 510 |
522 UIDNA* value; | 511 UIDNA* value; |
523 }; | 512 }; |
524 | 513 |
525 static base::LazyInstance<UIDNAWrapper>::Leaky g_uidna = | 514 base::LazyInstance<UIDNAWrapper>::Leaky g_uidna = LAZY_INSTANCE_INITIALIZER; |
526 LAZY_INSTANCE_INITIALIZER; | |
527 | 515 |
528 // Converts one component of a host (between dots) to IDN if safe. The result | 516 // Converts one component (label) of a host (between dots) to Unicode if safe. |
529 // will be APPENDED to the given output string and will be the same as the input | 517 // The result will be APPENDED to the given output string and will be the |
530 // if it is not IDN or the IDN is unsafe to display. Returns whether any | 518 // same as the input if it is not IDN in ACE/punycode or the IDN is unsafe to |
531 // conversion was performed. | 519 // display. |
| 520 // Returns whether any conversion was performed. |
532 bool IDNToUnicodeOneComponent(const base::char16* comp, | 521 bool IDNToUnicodeOneComponent(const base::char16* comp, |
533 size_t comp_len, | 522 size_t comp_len, |
534 const std::string& languages, | |
535 base::string16* out) { | 523 base::string16* out) { |
536 DCHECK(out); | 524 DCHECK(out); |
537 if (comp_len == 0) | 525 if (comp_len == 0) |
538 return false; | 526 return false; |
539 | 527 |
540 // Only transform if the input can be an IDN component. | 528 // Only transform if the input can be an IDN component. |
541 static const base::char16 kIdnPrefix[] = {'x', 'n', '-', '-'}; | 529 static const base::char16 kIdnPrefix[] = {'x', 'n', '-', '-'}; |
542 if ((comp_len > arraysize(kIdnPrefix)) && | 530 if ((comp_len > arraysize(kIdnPrefix)) && |
543 !memcmp(comp, kIdnPrefix, sizeof(kIdnPrefix))) { | 531 !memcmp(comp, kIdnPrefix, sizeof(kIdnPrefix))) { |
544 UIDNA* uidna = g_uidna.Get().value; | 532 UIDNA* uidna = g_uidna.Get().value; |
545 DCHECK(uidna != NULL); | 533 DCHECK(uidna != NULL); |
546 size_t original_length = out->length(); | 534 size_t original_length = out->length(); |
547 int output_length = 64; | 535 int32_t output_length = 64; |
548 UIDNAInfo info = UIDNA_INFO_INITIALIZER; | 536 UIDNAInfo info = UIDNA_INFO_INITIALIZER; |
549 UErrorCode status; | 537 UErrorCode status; |
550 do { | 538 do { |
551 out->resize(original_length + output_length); | 539 out->resize(original_length + output_length); |
552 status = U_ZERO_ERROR; | 540 status = U_ZERO_ERROR; |
553 // This returns the actual length required. If this is more than 64 | 541 // This returns the actual length required. If this is more than 64 |
554 // code units, |status| will be U_BUFFER_OVERFLOW_ERROR and we'll try | 542 // code units, |status| will be U_BUFFER_OVERFLOW_ERROR and we'll try |
555 // the conversion again, but with a sufficiently large buffer. | 543 // the conversion again, but with a sufficiently large buffer. |
556 output_length = uidna_labelToUnicode( | 544 output_length = uidna_labelToUnicode( |
557 uidna, comp, static_cast<int32_t>(comp_len), &(*out)[original_length], | 545 uidna, comp, static_cast<int32_t>(comp_len), &(*out)[original_length], |
558 output_length, &info, &status); | 546 output_length, &info, &status); |
559 } while ((status == U_BUFFER_OVERFLOW_ERROR && info.errors == 0)); | 547 } while ((status == U_BUFFER_OVERFLOW_ERROR && info.errors == 0)); |
560 | 548 |
561 if (U_SUCCESS(status) && info.errors == 0) { | 549 if (U_SUCCESS(status) && info.errors == 0) { |
562 // Converted successfully. Ensure that the converted component | 550 // Converted successfully. Ensure that the converted component |
563 // can be safely displayed to the user. | 551 // can be safely displayed to the user. |
564 out->resize(original_length + output_length); | 552 out->resize(original_length + output_length); |
565 if (IsIDNComponentSafe(out->data() + original_length, output_length, | 553 if (IsIDNComponentSafe( |
566 languages)) | 554 base::StringPiece16(out->data() + original_length, |
| 555 base::checked_cast<size_t>(output_length)))) |
567 return true; | 556 return true; |
568 } | 557 } |
569 | 558 |
570 // Something went wrong. Revert to original string. | 559 // Something went wrong. Revert to original string. |
571 out->resize(original_length); | 560 out->resize(original_length); |
572 } | 561 } |
573 | 562 |
574 // We get here with no IDN or on error, in which case we just append the | 563 // We get here with no IDN or on error, in which case we just append the |
575 // literal input. | 564 // literal input. |
576 out->append(comp, comp_len); | 565 out->append(comp, comp_len); |
(...skipping 14 matching lines...) Expand all Loading... |
591 const std::string& languages, | 580 const std::string& languages, |
592 FormatUrlTypes format_types, | 581 FormatUrlTypes format_types, |
593 net::UnescapeRule::Type unescape_rules, | 582 net::UnescapeRule::Type unescape_rules, |
594 url::Parsed* new_parsed, | 583 url::Parsed* new_parsed, |
595 size_t* prefix_end, | 584 size_t* prefix_end, |
596 size_t* offset_for_adjustment) { | 585 size_t* offset_for_adjustment) { |
597 std::vector<size_t> offsets; | 586 std::vector<size_t> offsets; |
598 if (offset_for_adjustment) | 587 if (offset_for_adjustment) |
599 offsets.push_back(*offset_for_adjustment); | 588 offsets.push_back(*offset_for_adjustment); |
600 base::string16 result = | 589 base::string16 result = |
601 FormatUrlWithOffsets(url, languages, format_types, unescape_rules, | 590 FormatUrlWithOffsets(url, std::string(), format_types, unescape_rules, |
602 new_parsed, prefix_end, &offsets); | 591 new_parsed, prefix_end, &offsets); |
603 if (offset_for_adjustment) | 592 if (offset_for_adjustment) |
604 *offset_for_adjustment = offsets[0]; | 593 *offset_for_adjustment = offsets[0]; |
605 return result; | 594 return result; |
606 } | 595 } |
607 | 596 |
608 base::string16 FormatUrlWithOffsets( | 597 base::string16 FormatUrlWithOffsets( |
609 const GURL& url, | 598 const GURL& url, |
610 const std::string& languages, | 599 const std::string& languages, |
611 FormatUrlTypes format_types, | 600 FormatUrlTypes format_types, |
612 net::UnescapeRule::Type unescape_rules, | 601 net::UnescapeRule::Type unescape_rules, |
613 url::Parsed* new_parsed, | 602 url::Parsed* new_parsed, |
614 size_t* prefix_end, | 603 size_t* prefix_end, |
615 std::vector<size_t>* offsets_for_adjustment) { | 604 std::vector<size_t>* offsets_for_adjustment) { |
616 base::OffsetAdjuster::Adjustments adjustments; | 605 base::OffsetAdjuster::Adjustments adjustments; |
617 const base::string16& format_url_return_value = | 606 const base::string16& format_url_return_value = |
618 FormatUrlWithAdjustments(url, languages, format_types, unescape_rules, | 607 FormatUrlWithAdjustments(url, std::string(), format_types, unescape_rules, |
619 new_parsed, prefix_end, &adjustments); | 608 new_parsed, prefix_end, &adjustments); |
620 base::OffsetAdjuster::AdjustOffsets(adjustments, offsets_for_adjustment); | 609 base::OffsetAdjuster::AdjustOffsets(adjustments, offsets_for_adjustment); |
621 if (offsets_for_adjustment) { | 610 if (offsets_for_adjustment) { |
622 std::for_each( | 611 std::for_each( |
623 offsets_for_adjustment->begin(), offsets_for_adjustment->end(), | 612 offsets_for_adjustment->begin(), offsets_for_adjustment->end(), |
624 base::LimitOffset<std::string>(format_url_return_value.length())); | 613 base::LimitOffset<std::string>(format_url_return_value.length())); |
625 } | 614 } |
626 return format_url_return_value; | 615 return format_url_return_value; |
627 } | 616 } |
628 | 617 |
(...skipping 14 matching lines...) Expand all Loading... |
643 *new_parsed = url::Parsed(); | 632 *new_parsed = url::Parsed(); |
644 | 633 |
645 // Special handling for view-source:. Don't use content::kViewSourceScheme | 634 // Special handling for view-source:. Don't use content::kViewSourceScheme |
646 // because this library shouldn't depend on chrome. | 635 // because this library shouldn't depend on chrome. |
647 const char kViewSource[] = "view-source"; | 636 const char kViewSource[] = "view-source"; |
648 // Reject "view-source:view-source:..." to avoid deep recursion. | 637 // Reject "view-source:view-source:..." to avoid deep recursion. |
649 const char kViewSourceTwice[] = "view-source:view-source:"; | 638 const char kViewSourceTwice[] = "view-source:view-source:"; |
650 if (url.SchemeIs(kViewSource) && | 639 if (url.SchemeIs(kViewSource) && |
651 !base::StartsWith(url.possibly_invalid_spec(), kViewSourceTwice, | 640 !base::StartsWith(url.possibly_invalid_spec(), kViewSourceTwice, |
652 base::CompareCase::INSENSITIVE_ASCII)) { | 641 base::CompareCase::INSENSITIVE_ASCII)) { |
653 return FormatViewSourceUrl(url, languages, format_types, unescape_rules, | 642 return FormatViewSourceUrl(url, format_types, unescape_rules, |
654 new_parsed, prefix_end, adjustments); | 643 new_parsed, prefix_end, adjustments); |
655 } | 644 } |
656 | 645 |
657 // We handle both valid and invalid URLs (this will give us the spec | 646 // We handle both valid and invalid URLs (this will give us the spec |
658 // regardless of validity). | 647 // regardless of validity). |
659 const std::string& spec = url.possibly_invalid_spec(); | 648 const std::string& spec = url.possibly_invalid_spec(); |
660 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec(); | 649 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec(); |
661 | 650 |
662 // Scheme & separators. These are ASCII. | 651 // Scheme & separators. These are ASCII. |
663 base::string16 url_string; | 652 base::string16 url_string; |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
713 AppendFormattedComponent(spec, parsed.password, | 702 AppendFormattedComponent(spec, parsed.password, |
714 NonHostComponentTransform(unescape_rules), | 703 NonHostComponentTransform(unescape_rules), |
715 &url_string, &new_parsed->password, adjustments); | 704 &url_string, &new_parsed->password, adjustments); |
716 if (parsed.username.is_valid() || parsed.password.is_valid()) | 705 if (parsed.username.is_valid() || parsed.password.is_valid()) |
717 url_string.push_back('@'); | 706 url_string.push_back('@'); |
718 } | 707 } |
719 if (prefix_end) | 708 if (prefix_end) |
720 *prefix_end = static_cast<size_t>(url_string.length()); | 709 *prefix_end = static_cast<size_t>(url_string.length()); |
721 | 710 |
722 // Host. | 711 // Host. |
723 AppendFormattedComponent(spec, parsed.host, HostComponentTransform(languages), | 712 AppendFormattedComponent(spec, parsed.host, HostComponentTransform(), |
724 &url_string, &new_parsed->host, adjustments); | 713 &url_string, &new_parsed->host, adjustments); |
725 | 714 |
726 // Port. | 715 // Port. |
727 if (parsed.port.is_nonempty()) { | 716 if (parsed.port.is_nonempty()) { |
728 url_string.push_back(':'); | 717 url_string.push_back(':'); |
729 new_parsed->port.begin = url_string.length(); | 718 new_parsed->port.begin = url_string.length(); |
730 url_string.insert(url_string.end(), spec.begin() + parsed.port.begin, | 719 url_string.insert(url_string.end(), spec.begin() + parsed.port.begin, |
731 spec.begin() + parsed.port.end()); | 720 spec.begin() + parsed.port.end()); |
732 new_parsed->port.len = url_string.length() - new_parsed->port.begin; | 721 new_parsed->port.len = url_string.length() - new_parsed->port.begin; |
733 } else { | 722 } else { |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
789 // the hostname. | 778 // the hostname. |
790 return url.IsStandard() && !url.SchemeIsFile() && !url.SchemeIsFileSystem() && | 779 return url.IsStandard() && !url.SchemeIsFile() && !url.SchemeIsFileSystem() && |
791 !url.has_query() && !url.has_ref() && url.path() == "/"; | 780 !url.has_query() && !url.has_ref() && url.path() == "/"; |
792 } | 781 } |
793 | 782 |
794 void AppendFormattedHost(const GURL& url, | 783 void AppendFormattedHost(const GURL& url, |
795 const std::string& languages, | 784 const std::string& languages, |
796 base::string16* output) { | 785 base::string16* output) { |
797 AppendFormattedComponent( | 786 AppendFormattedComponent( |
798 url.possibly_invalid_spec(), url.parsed_for_possibly_invalid_spec().host, | 787 url.possibly_invalid_spec(), url.parsed_for_possibly_invalid_spec().host, |
799 HostComponentTransform(languages), output, NULL, NULL); | 788 HostComponentTransform(), output, NULL, NULL); |
800 } | 789 } |
801 | 790 |
802 base::string16 IDNToUnicode(const std::string& host, | 791 base::string16 IDNToUnicode(const std::string& host, |
803 const std::string& languages) { | 792 const std::string& languages) { |
804 return IDNToUnicodeWithAdjustments(host, languages, NULL); | 793 return IDNToUnicodeWithAdjustments(host, NULL); |
805 } | 794 } |
806 | 795 |
807 base::string16 StripWWW(const base::string16& text) { | 796 base::string16 StripWWW(const base::string16& text) { |
808 const base::string16 www(base::ASCIIToUTF16("www.")); | 797 const base::string16 www(base::ASCIIToUTF16("www.")); |
809 return base::StartsWith(text, www, base::CompareCase::SENSITIVE) | 798 return base::StartsWith(text, www, base::CompareCase::SENSITIVE) |
810 ? text.substr(www.length()) : text; | 799 ? text.substr(www.length()) : text; |
811 } | 800 } |
812 | 801 |
813 base::string16 StripWWWFromHost(const GURL& url) { | 802 base::string16 StripWWWFromHost(const GURL& url) { |
814 DCHECK(url.is_valid()); | 803 DCHECK(url.is_valid()); |
815 return StripWWW(base::ASCIIToUTF16(url.host_piece())); | 804 return StripWWW(base::ASCIIToUTF16(url.host_piece())); |
816 } | 805 } |
817 | 806 |
818 } // namespace url_formatter | 807 } // namespace url_formatter |
OLD | NEW |