Generalize validation of developer input for Web Notifications

Source/modules/notifications/Notification.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 25 matching lines @@
 #include "bindings/core/v8/ScriptState.h"
 #include "bindings/core/v8/ScriptValue.h"
 #include "bindings/core/v8/ScriptWrappable.h"
 #include "bindings/core/v8/SerializedScriptValueFactory.h"
 #include "core/dom/Document.h"
 #include "core/dom/ExecutionContext.h"
 #include "core/dom/ExecutionContextTask.h"
 #include "core/dom/ScopedWindowFocusAllowedIndicator.h"
 #include "core/events/Event.h"
 #include "core/frame/UseCounter.h"
+#include "modules/notifications/NotificationAction.h"
+#include "modules/notifications/NotificationData.h"
 #include "modules/notifications/NotificationOptions.h"
 #include "modules/notifications/NotificationPermissionClient.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/UserGestureIndicator.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebSecurityOrigin.h"
 #include "public/platform/WebString.h"
-#include "public/platform/modules/notifications/WebNotificationData.h"
+#include "public/platform/modules/notifications/WebNotificationAction.h"
 #include "public/platform/modules/notifications/WebNotificationManager.h"
 
 namespace blink {
 namespace {
 
 const int64_t kInvalidPersistentId = -1;
 
 WebNotificationManager* notificationManager()
 {
     return Platform::current()->notificationManager();
 }
 
 } // namespace
 
 Notification* Notification::create(ExecutionContext* context, const String& title, const NotificationOptions& options, ExceptionState& exceptionState)
 {
     // The Web Notification constructor may be disabled through a runtime feature. The
     // behavior of the constructor is changing, but not completely agreed upon yet.
     if (!RuntimeEnabledFeatures::notificationConstructorEnabled()) {
         exceptionState.throwTypeError("Illegal constructor. Use ServiceWorkerRegistration.showNotification() instead.");
         return nullptr;
     }
 
     // The Web Notification constructor may not be used in Service Worker contexts.
     if (context->isServiceWorkerGlobalScope()) {
         exceptionState.throwTypeError("Illegal constructor.");
         return nullptr;
     }
 
-    // If options's silent is true, and options's vibrate is present, throw a TypeError exception.
-    if (options.hasVibrate() && options.silent()) {
-        exceptionState.throwTypeError("Silent notifications must not specify vibration patterns.");
-        return nullptr;
-    }
-
-    RefPtr<SerializedScriptValue> data;
-    if (options.hasData()) {
-        data = SerializedScriptValueFactory::instance().create(options.data().isolate(), options.data(), nullptr, exceptionState);
-        if (exceptionState.hadException())
-            return nullptr;
-    }
-
-    for (const NotificationAction& action : options.actions()) {
-        if (action.title().isEmpty()) {
-            exceptionState.throwTypeError("Notification action titles must not be empty.");
-            return nullptr;
-        }
-    }
-
-    Notification* notification = new Notification(title, context);
-
-    notification->setBody(options.body());
-    notification->setTag(options.tag());
-    notification->setLang(options.lang());
-    notification->setDir(options.dir());
-    notification->setVibrate(NavigatorVibration::sanitizeVibrationPattern(options.vibrate()));
-    notification->setSilent(options.silent());
-    notification->setSerializedData(data.release());
-    if (options.hasIcon()) {
-        KURL iconUrl = options.icon().isEmpty() ? KURL() : context->completeURL(options.icon());
-        if (!iconUrl.isEmpty() && iconUrl.isValid())
-            notification->setIconUrl(iconUrl);
-    }
-    HeapVector<NotificationAction> actions;
-    actions.appendRange(options.actions().begin(), options.actions().begin() + std::min(maxActions(), options.actions().size()));
-    notification->setActions(actions);
-
     String insecureOriginMessage;
     UseCounter::Feature feature = context->isPrivilegedContext(insecureOriginMessage)
         ? UseCounter::NotificationSecureOrigin
         : UseCounter::NotificationInsecureOrigin;
+
     UseCounter::count(context, feature);
 
+    WebNotificationData data = createWebNotificationData(context, title, options, exceptionState);
+    if (exceptionState.hadException())
+        return nullptr;
+
+    Notification* notification = new Notification(context, data);
     notification->scheduleShow();
     notification->suspendIfNeeded();
+
     return notification;
 }
 
 Notification* Notification::create(ExecutionContext* context, int64_t persistentId, const WebNotificationData& data)
 {
-    Notification* notification = new Notification(data.title, context);
-
+    Notification* notification = new Notification(context, data);
     notification->setPersistentId(persistentId);
-    notification->setDir(data.direction == WebNotificationData::DirectionLeftToRight ? "ltr" : "rtl");
-    notification->setLang(data.lang);
-    notification->setBody(data.body);
-    notification->setTag(data.tag);
-    notification->setSilent(data.silent);
-
-    if (!data.icon.isEmpty())
-        notification->setIconUrl(data.icon);
-
-    if (!data.vibrate.isEmpty()) {
-        NavigatorVibration::VibrationPattern pattern;
-        pattern.appendRange(data.vibrate.begin(), data.vibrate.end());
-        notification->setVibrate(pattern);
-    }
-
-    const WebVector<char>& dataBytes = data.data;
-    if (!dataBytes.isEmpty()) {
-        notification->setSerializedData(SerializedScriptValueFactory::instance().createFromWireBytes(dataBytes.data(), dataBytes.size()));
-        notification->serializedData()->registerMemoryAllocatedWithCurrentScriptContext();
-    }
-
-    HeapVector<NotificationAction> actions;
-    webActionsToActions(data.actions, &actions);
-    notification->setActions(actions);
-
     notification->setState(NotificationStateShowing);
     notification->suspendIfNeeded();
+
     return notification;
 }
 
-Notification::Notification(const String& title, ExecutionContext* context)
+Notification::Notification(ExecutionContext* context, const WebNotificationData& data)
     : ActiveDOMObject(context)
-    , m_title(title)
-    , m_dir("auto")
-    , m_silent(false)
+    , m_data(data)
     , m_persistentId(kInvalidPersistentId)
     , m_state(NotificationStateIdle)
     , m_asyncRunner(this, &Notification::show)
 {
     ASSERT(notificationManager());
 }
 
 Notification::~Notification()
 {
 }
@@ skipping 10 matching lines @@
 {
     ASSERT(m_state == NotificationStateIdle);
     if (Notification::checkPermission(executionContext()) != WebNotificationPermissionAllowed) {
         dispatchErrorEvent();
         return;
     }
 
     SecurityOrigin* origin = executionContext()->securityOrigin();
     ASSERT(origin);
 
-    // FIXME: Do CSP checks on the associated notification icon.
-    WebNotificationData::Direction dir = m_dir == "rtl" ? WebNotificationData::DirectionRightToLeft : WebNotificationData::DirectionLeftToRight;
-
-    // The lifetime and availability of non-persistent notifications is tied to the page
-    // they were created by, and thus the data doesn't have to be known to the embedder.
-    Vector<char> emptyDataWireBytes;
-
-    WebVector<WebNotificationAction> webActions;
-    actionsToWebActions(m_actions, &webActions);
-
-    WebNotificationData notificationData(m_title, dir, m_lang, m_body, m_tag, m_iconUrl, m_vibrate, m_silent, emptyDataWireBytes, webActions);
-    notificationManager()->show(WebSecurityOrigin(origin), notificationData, this);
+    notificationManager()->show(WebSecurityOrigin(origin), m_data, this);
 
     m_state = NotificationStateShowing;
 }
 
 void Notification::close()
 {
     if (m_state != NotificationStateShowing)
         return;
 
     if (m_persistentId == kInvalidPersistentId) {
@@ skipping 33 matching lines @@
 {
     // The notification will be showing when the user initiated the close, or it will be
     // closing if the developer initiated the close.
     if (m_state != NotificationStateShowing && m_state != NotificationStateClosing)
         return;
 
     m_state = NotificationStateClosed;
     dispatchEvent(Event::create(EventTypeNames::close));
 }
 
-const NavigatorVibration::VibrationPattern& Notification::vibrate(bool& isNull) const
+String Notification::title() const
 {
-    isNull = m_vibrate.isEmpty();
-    return m_vibrate;
+    return m_data.title;
 }
 
-TextDirection Notification::direction() const
+String Notification::dir() const
 {
-    // FIXME: Resolve dir()=="auto" against the document.
-    return dir() == "rtl" ? RTL : LTR;
+    switch (m_data.direction) {
+    case WebNotificationData::DirectionLeftToRight:
+        return "ltr";
+    case WebNotificationData::DirectionRightToLeft:
+        return "rtl";
+    }
+
+    ASSERT_NOT_REACHED();
+    return String();
+}
+
+String Notification::lang() const
+{
+    return m_data.lang;
+}
+
+String Notification::body() const
+{
+    return m_data.body;
+}
+
+String Notification::tag() const
+{
+    return m_data.tag;
+}
+
+String Notification::icon() const
+{
+    return m_data.icon.string();
+}
+
+NavigatorVibration::VibrationPattern Notification::vibrate(bool& isNull) const
+{
+    NavigatorVibration::VibrationPattern pattern;
+    pattern.appendRange(m_data.vibrate.begin(), m_data.vibrate.end());
+
+    if (!pattern.size())
+        isNull = true;
+
+    return pattern;
+}
+
+bool Notification::silent() const
+{
+    return m_data.silent;
+}
+
+ScriptValue Notification::data(ScriptState* scriptState)
+{
+    // TODO(peter): The specification requires this to be [SameObject] - match this.

[johnme, 2015/08/03 15:41:36]

Is this a change from before, or an old TODO that still applies?

[Peter Beverloo, 2015/08/03 17:29:30]

TODO that still applies. I don't think we're doing the right thing now. (We need
to cache the ScriptValue, not the serialized data.)

+
+    if (!m_serializedData) {
+        const WebVector<char> serializedData = m_data.data;
+        if (serializedData.size())
+            m_serializedData = SerializedScriptValueFactory::instance().createFromWireBytes(serializedData.data(), serializedData.size());
+        else
+            m_serializedData = SerializedScriptValueFactory::instance().create();
+    }
+
+    return ScriptValue(scriptState, m_serializedData->deserialize(scriptState->isolate()));
+}
+
+HeapVector<NotificationAction> Notification::actions() const
+{
+    HeapVector<NotificationAction> actions;
+    actions.grow(m_data.actions.size());
+
+    for (size_t i = 0; i < m_data.actions.size(); ++i)
+        actions[i].setTitle(m_data.actions[i].title);
+
+    return actions;
 }
 
 String Notification::permissionString(WebNotificationPermission permission)
 {
     switch (permission) {
     case WebNotificationPermissionAllowed:
         return "granted";
     case WebNotificationPermissionDenied:
         return "denied";
     case WebNotificationPermissionDefault:
@@ skipping 25 matching lines @@
         // TODO(peter): Assert that this code-path will only be reached for Document environments when Blink
         // supports [Exposed] annotations on class members in IDL definitions. See https://crbug.com/442139.
         return ScriptPromise::cast(scriptState, v8String(scriptState->isolate(), permission(context)));
     }
 
     return permissionClient->requestPermission(scriptState, deprecatedCallback);
 }
 
 size_t Notification::maxActions()
 {
+    // Returns a fixed number for unit tests, which run without the availability of the Platform object.
+    if (!notificationManager())
+        return 2;
+
     return notificationManager()->maxActions();
 }
 
-void Notification::actionsToWebActions(const HeapVector<NotificationAction>& actions, WebVector<WebNotificationAction>* webActions)
-{
-    size_t count = std::min(maxActions(), actions.size());
-    WebVector<WebNotificationAction> clearedAndResized(count);
-    webActions->swap(clearedAndResized);
-    for (size_t i = 0; i < count; ++i)
-        (*webActions)[i].title = actions[i].title();
-}
-
-void Notification::webActionsToActions(const WebVector<WebNotificationAction>& webActions, HeapVector<NotificationAction>* actions)
-{
-    actions->clear();
-    actions->grow(webActions.size());
-    for (size_t i = 0; i < webActions.size(); ++i)
-        (*actions)[i].setTitle(webActions[i].title);
-}
-
 bool Notification::dispatchEventInternal(PassRefPtrWillBeRawPtr<Event> event)
 {
     ASSERT(executionContext()->isContextThread());
     return EventTarget::dispatchEventInternal(event);
 }
 
 const AtomicString& Notification::interfaceName() const
 {
     return EventTargetNames::Notification;
 }
 
 void Notification::stop()
 {
     notificationManager()->notifyDelegateDestroyed(this);
 
     m_state = NotificationStateClosed;
 
     m_asyncRunner.stop();
 }
 
 bool Notification::hasPendingActivity() const
 {
     return m_state == NotificationStateShowing || m_asyncRunner.isActive();
 }
 
-ScriptValue Notification::data(ScriptState* scriptState) const
-{
-    if (!m_serializedData)
-        return ScriptValue::createNull(scriptState);
-
-    return ScriptValue(scriptState, m_serializedData->deserialize(scriptState->isolate()));
-}
-
 DEFINE_TRACE(Notification)
 {
-    visitor->trace(m_actions);
     RefCountedGarbageCollectedEventTargetWithInlineData<Notification>::trace(visitor);
     ActiveDOMObject::trace(visitor);
 }
 
 } // namespace blink