OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "webkit/child/site_isolation_policy.h" | |
6 | |
7 #include "base/basictypes.h" | |
8 #include "base/logging.h" | |
9 #include "base/metrics/histogram.h" | |
10 #include "base/strings/string_util.h" | |
11 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | |
12 #include "third_party/WebKit/public/platform/WebHTTPHeaderVisitor.h" | |
13 #include "third_party/WebKit/public/platform/WebString.h" | |
14 #include "third_party/WebKit/public/platform/WebURL.h" | |
15 #include "third_party/WebKit/public/platform/WebURLRequest.h" | |
16 #include "third_party/WebKit/public/platform/WebURLResponse.h" | |
17 #include "third_party/WebKit/public/web/WebDocument.h" | |
18 #include "third_party/WebKit/public/web/WebFrame.h" | |
19 #include "third_party/WebKit/public/web/WebFrameClient.h" | |
20 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" | |
21 | |
22 using WebKit::WebDocument; | |
23 using WebKit::WebString; | |
24 using WebKit::WebURL; | |
25 using WebKit::WebURLResponse; | |
26 using WebKit::WebURLRequest; | |
27 | |
28 | |
29 namespace webkit_glue { | |
30 | |
31 // If this was inlined, it would make Clang will complain with | |
32 // Chromium flags on. | |
Charlie Reis
2013/08/13 00:53:19
No need for this comment.
dsjang
2013/08/13 20:54:48
Done.
| |
33 ResponseMetaData::ResponseMetaData() {} | |
34 | |
35 void SiteIsolationPolicy::WillSendRequest( | |
36 unsigned identifier, | |
37 WebURLRequest::TargetType target_type) { | |
38 TargetTypeMap* id_target_map = GetIdTargetMap(); | |
39 // When |identifier| already exists in the map, it means that this | |
40 // request has been redirected to issue another request. We don't | |
41 // overwrite the existing target_type since it becomes | |
42 // TargetIsSubresource no matter what the original target_type was. | |
43 if (!id_target_map->count(identifier)) | |
44 (*id_target_map)[identifier] = target_type; | |
45 } | |
46 | |
47 void SiteIsolationPolicy::DidReceiveResponse(WebKit::WebFrame* frame, | |
48 unsigned identifier, | |
49 const WebURLResponse& response) { | |
50 TargetTypeMap* id_target_map = GetIdTargetMap(); | |
51 DCHECK_EQ(id_target_map->count(identifier),1U); | |
52 | |
53 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); | |
54 | |
55 GURL response_url = response.url(); | |
56 WebURLRequest::TargetType target_type = (*id_target_map)[identifier]; | |
57 id_target_map->erase(identifier); | |
58 | |
59 // See if this is for navigation. If it is, don't block it, under | |
60 // the assumption that we will put it in an appropriate process. | |
61 if (IsFrameNavigating(frame)) { | |
62 LOG(INFO) << "SiteIsolationPolicy.FrameInNavigation"; | |
63 return; | |
64 } | |
65 | |
66 GURL frame_origin(frame->document().securityOrigin().toString()); | |
67 | |
68 if (!IsBlockableScheme(frame_origin)) { | |
69 LOG(INFO) << "SiteIsolationPolicy.NotNetworkScheme:" << frame_origin; | |
70 return; | |
71 } | |
72 | |
73 if (IsSameSite(frame_origin, response_url)) { | |
74 LOG(INFO) << "SiteIsolationPolicy.SameSite:" << frame_origin << "," | |
75 << response_url; | |
76 return; | |
77 } | |
78 | |
79 ResponseMetaData::CanonicalMimeType canonical_mime_type = | |
80 GetCanonicalMimeType(response); | |
81 | |
82 if (canonical_mime_type == ResponseMetaData::Others) { | |
83 LOG(INFO) << "SiteIsolationPolicy.mimetype:" << frame_origin << "," | |
84 << response_url << ",[" << response.mimeType().utf8() << "]"; | |
85 return; | |
86 } | |
87 | |
88 // Every CORS request should have the Access-Control-Allow-Origin | |
89 // header even if it is preceded by a pre-flight request. Therefore, | |
90 // if this is a CORS request, it has this header. | |
91 std::string access_control_origin = response.httpHeaderField( | |
92 WebKit::WebString::fromUTF8("Access-Control-Allow-Origin")).utf8(); | |
93 | |
94 if (IsValidCorsHeaderSet(frame_origin, response_url, access_control_origin)) { | |
95 LOG(INFO) << "SiteIsolationPolicy.CorsIsSafe:"; | |
96 return; | |
97 } | |
98 | |
99 // Real XSD data collection starts from here. | |
100 LOG(INFO) << "SiteIsolationPolicy.XSD:from header:" << canonical_mime_type << | |
101 ":" << response_url; | |
102 | |
103 // TODO(dsjang): Apply X-Content-Type option here. | |
Charlie Reis
2013/08/13 00:53:19
Are we hoping to resolve this before committing?
dsjang
2013/08/13 20:54:48
Done.
| |
104 ResponseMetaData resp_data; | |
105 resp_data.frame_origin = frame_origin.spec(); | |
106 resp_data.response_url = response_url.spec(); | |
107 resp_data.request_identifier = identifier; | |
108 resp_data.target_type = target_type; | |
109 resp_data.canonical_mime_type = canonical_mime_type; | |
110 resp_data.http_status_code = response.httpStatusCode(); | |
111 | |
112 UrlResponseMetaDataMap* url_responsedata_map = GetUrlResponseMetaDataMap(); | |
113 IdUrlMap* id_url_map = GetIdUrlMap(); | |
114 | |
115 (*url_responsedata_map)[resp_data.response_url] = resp_data; | |
116 (*id_url_map)[identifier] = resp_data.response_url; | |
117 | |
118 return; | |
Charlie Reis
2013/08/13 00:53:19
No need for an empty return statement here.
dsjang
2013/08/13 20:54:48
Done.
| |
119 } | |
120 | |
121 #define SITE_ISOLATION_POLICY_COUNT_BLOCK(BUCKET_PREFIX) \ | |
Charlie Reis
2013/08/13 00:53:19
Let's add a comment about why these macros are nee
dsjang
2013/08/13 20:54:48
Done.
| |
122 UMA_HISTOGRAM_COUNTS( BUCKET_PREFIX ".Blocked", 1); \ | |
123 if (renderable_status_code) { \ | |
124 UMA_HISTOGRAM_ENUMERATION( \ | |
125 BUCKET_PREFIX ".Blocked.RenderableStatusCode", \ | |
126 resp_data.target_type, \ | |
127 WebURLRequest::TargetIsUnspecified + 1); \ | |
128 } else { \ | |
129 UMA_HISTOGRAM_COUNTS(BUCKET_PREFIX ".Blocked.NotRenderableStatusCode",1);\ | |
130 } | |
131 | |
132 #define SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ | |
133 UMA_HISTOGRAM_COUNTS(BUCKET_PREFIX ".NotBlocked", 1); \ | |
134 if (is_sniffed_for_js) \ | |
135 UMA_HISTOGRAM_COUNTS(BUCKET_PREFIX ".NotBlocked.MaybeJS", 1); \ | |
136 | |
137 #define SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SNIFF_EXPR,BUCKET_PREFIX) \ | |
138 if (SNIFF_EXPR) { \ | |
139 SITE_ISOLATION_POLICY_COUNT_BLOCK(BUCKET_PREFIX) \ | |
140 } else { \ | |
141 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ | |
142 } | |
143 | |
144 void SiteIsolationPolicy::DidReceiveData(const char* data, | |
145 int length, | |
146 WebURL& web_response_url) { | |
147 GURL response_url(web_response_url); | |
148 | |
149 std::string response_url_str = response_url.spec(); | |
150 UrlResponseMetaDataMap* url_responsedata_map = GetUrlResponseMetaDataMap(); | |
151 | |
152 if (url_responsedata_map->count(response_url_str) == 0) | |
153 return; | |
154 | |
155 DCHECK_EQ(url_responsedata_map->count(response_url_str), 1U); | |
156 ResponseMetaData resp_data = (*url_responsedata_map)[response_url_str]; | |
157 url_responsedata_map->erase(response_url_str); | |
158 | |
159 // Record the length of the first received network packet to see if | |
160 // it's enough for sniffing. | |
161 UMA_HISTOGRAM_COUNTS("SiteIsolation.XSD.DataLength", length); | |
162 | |
163 // Record the number of responses with a specific mime | |
Charlie Reis
2013/08/13 00:53:19
Please be specific about "number of cross-site doc
dsjang
2013/08/13 20:54:48
Done.
| |
164 // type (text/html, text/xml, etc). | |
165 UMA_HISTOGRAM_ENUMERATION("SiteIsolation.XSD.MimeType", | |
166 resp_data.canonical_mime_type, | |
167 ResponseMetaData::MaxCanonicalMimeType); | |
168 | |
169 // Blocking only happens when the content is sniffed for | |
170 // HTML/JSON/XML. So if the status code is an error status code, | |
171 // blocking it is not disruptive by the following reasons : 1) the | |
172 // blocked content is not a binary object (such as an image) since | |
173 // it is sniffed as a text document; 2) then, this blocking only | |
174 // breaks the renderer behavior only if it is either JavaScript or | |
175 // CSS. However, the renderer doesn't use the contents of JS/CSS | |
176 // with unaffected status code(e.g, 404). *) the renderer is | |
Charlie Reis
2013/08/13 00:53:19
Looks like you missed my earlier comment about thi
dsjang
2013/08/13 20:54:48
Done.
| |
177 // expected not to use the cross-site document content for purposes | |
178 // other than JS/CSS (e.g, XHR). | |
179 bool renderable_status_code = IsRenderableStatusCodeForDocument( | |
180 resp_data.http_status_code); | |
181 | |
182 // This is only used for false-negative analysis for | |
183 // non-blocked resources. | |
Charlie Reis
2013/08/13 00:53:19
nit: You can move some of this to the previous lin
dsjang
2013/08/13 20:54:48
Done.
| |
184 bool is_sniffed_for_js = SniffForJS(data, length); | |
185 | |
186 // Record the number of responses whose content is sniffed for what | |
187 // its mime type claims it to be. For example, we apply a HTML | |
188 // sniffer for a document tagged with text/html here. Whenever this | |
189 // check becomes true, we'll block the response. | |
190 switch (resp_data.canonical_mime_type) { | |
191 case ResponseMetaData::HTML: | |
192 SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SniffForHTML(data, length), | |
193 "SiteIsolation.XSD.HTML"); | |
194 break; | |
195 case ResponseMetaData::XML: | |
196 SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SniffForXML(data, length), | |
197 "SiteIsolation.XSD.XML"); | |
198 break; | |
199 case ResponseMetaData::JSON: | |
200 SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SniffForJSON(data, length), | |
201 "SiteIsolation.XSD.JSON"); | |
202 break; | |
203 case ResponseMetaData::Plain: | |
204 if (SniffForHTML(data, length)) { | |
205 SITE_ISOLATION_POLICY_COUNT_BLOCK( | |
206 "SiteIsolation.XSD.Plain.HTML"); | |
207 } else if (SniffForXML(data, length)) { | |
208 SITE_ISOLATION_POLICY_COUNT_BLOCK( | |
209 "SiteIsolation.XSD.Plain.XML"); | |
210 } else if (SniffForJSON(data, length)) { | |
211 SITE_ISOLATION_POLICY_COUNT_BLOCK( | |
212 "SiteIsolation.XSD.Plain.JSON"); | |
213 } else if (is_sniffed_for_js) { | |
214 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK( | |
215 "SiteIsolation.XSD.Plain"); | |
216 } | |
217 break; | |
218 default : | |
219 NOTREACHED() << | |
220 "Not a blockable mime type. This mime type shouldn't reach here."; | |
221 break; | |
222 } | |
223 } | |
224 | |
225 #undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK | |
226 #undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT | |
227 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK | |
228 | |
229 | |
230 void SiteIsolationPolicy::DidFinishResourceLoad(unsigned identifier) { | |
231 TargetTypeMap* id_target_map = GetIdTargetMap(); | |
232 UrlResponseMetaDataMap* url_responsedata_map = GetUrlResponseMetaDataMap(); | |
233 IdUrlMap* id_url_map = GetIdUrlMap(); | |
234 | |
235 id_target_map->erase(identifier); | |
236 if (!id_url_map->count(identifier)) { | |
237 url_responsedata_map->erase((*id_url_map)[identifier]); | |
238 id_url_map->erase(identifier); | |
239 } | |
240 } | |
241 | |
242 void SiteIsolationPolicy::DidFinishResourceLoadForUrl( | |
243 const WebKit::WebURL& web_response_url) { | |
244 GURL response_url(web_response_url); | |
245 | |
246 TargetTypeMap* id_target_map = GetIdTargetMap(); | |
247 UrlResponseMetaDataMap* url_responsedata_map = GetUrlResponseMetaDataMap(); | |
248 IdUrlMap* id_url_map = GetIdUrlMap(); | |
249 | |
250 if (!url_responsedata_map->count(response_url.spec())) { | |
251 ResponseMetaData meta_data = (*url_responsedata_map)[response_url.spec()]; | |
252 url_responsedata_map->erase(response_url.spec()); | |
253 id_target_map->erase(meta_data.request_identifier); | |
254 id_url_map->erase(meta_data.request_identifier); | |
255 } | |
256 } | |
257 | |
258 ResponseMetaData::CanonicalMimeType SiteIsolationPolicy::GetCanonicalMimeType( | |
259 const WebURLResponse& response) { | |
260 | |
261 // These are a thorough list of the mime types crawled over the top | |
262 // 50k sites related to HTML, XML, JSON, Plain. | |
263 static const char kTextHtml[] = "text/html"; | |
264 static const char kTextXml[] = "text/xml"; | |
265 static const char xAppRssXml[] = "application/rss+xml"; | |
266 static const char kAppXml[] = "application/xml"; | |
267 static const char kAppJson[] = "application/json"; | |
268 static const char kTextJson[] = "text/json"; | |
269 static const char kTextXjson[] = "text/x-json"; | |
270 static const char kTextPlain[] = "text/plain"; | |
271 | |
272 const std::string mime_type = response.mimeType().utf8(); | |
273 | |
274 LOG(ERROR) << "mimetype:" << mime_type; | |
Charlie Reis
2013/08/13 00:53:19
Please remove all LOG statements from the CL, sinc
dsjang
2013/08/13 20:54:48
Done.
| |
275 | |
276 if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { | |
277 return ResponseMetaData::HTML; | |
278 } else if (LowerCaseEqualsASCII(mime_type, kTextPlain)) { | |
279 return ResponseMetaData::Plain; | |
280 } else if (LowerCaseEqualsASCII(mime_type, kAppJson) || | |
281 LowerCaseEqualsASCII(mime_type, kTextJson) || | |
282 LowerCaseEqualsASCII(mime_type, kTextXjson)) { | |
283 return ResponseMetaData::JSON; | |
284 } else if (LowerCaseEqualsASCII(mime_type, kTextXml) || | |
285 LowerCaseEqualsASCII(mime_type, xAppRssXml) || | |
286 LowerCaseEqualsASCII(mime_type, kAppXml)) { | |
287 return ResponseMetaData::XML; | |
288 } else { | |
289 return ResponseMetaData::Others; | |
290 } | |
291 } | |
292 | |
293 bool SiteIsolationPolicy::IsBlockableScheme(const GURL& url) { | |
294 // We exclude ftp:// from here. FTP doesn't provide a Content-Type | |
295 // header which our policy depends on, so we cannot protect any | |
296 // document from FTP servers. | |
297 return url.SchemeIs("http") || url.SchemeIs("https"); | |
298 } | |
299 | |
300 bool SiteIsolationPolicy::IsSameSite(const GURL& frame_origin, | |
Charlie Reis
2013/08/13 00:53:19
Looks like you missed my earlier comment about Sit
dsjang
2013/08/13 20:54:48
Done.
| |
301 const GURL& response_url) { | |
302 if (frame_origin.scheme() != response_url.scheme()) | |
303 return false; | |
304 | |
305 // Extract the effective domains (public suffix plus one) of the | |
306 // urls. | |
307 | |
308 // TODO(dsjang): use INCLUDE_PRIVATE_REGISTRIES when | |
309 // http://crbug.com/7988 is fixed. | |
310 std::string frame_domain = | |
311 net::registry_controlled_domains::GetDomainAndRegistry( | |
312 frame_origin, | |
313 net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); | |
314 std::string response_domain = | |
315 net::registry_controlled_domains::GetDomainAndRegistry( | |
316 response_url, | |
317 net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); | |
318 | |
319 return frame_domain == response_domain; | |
320 } | |
321 | |
322 bool SiteIsolationPolicy::IsFrameNavigating(WebKit::WebFrame* frame) { | |
323 // When a navigation starts, frame->provisionalDataSource() is set | |
324 // to a not-null value which stands for the request made for the | |
325 // navigation. As soon as the network request is committed to the | |
326 // frame, frame->provisionalDataSource() is converted to null, and | |
327 // the committed data source is moved to frame->dataSource(). This | |
328 // is the most reliable way to detect whether the frame is in | |
329 // navigation or not. | |
330 return frame->provisionalDataSource() != NULL; | |
331 } | |
332 | |
333 // We don't use Webkit's existing CORS policy implementation since | |
334 // their policy works in terms of origins, not sites. For example, | |
335 // when frame is sub.a.com and it is not allowed to access a document | |
336 // with sub1.a.com. But under Site Isolation, it's allowed. | |
337 bool SiteIsolationPolicy::IsValidCorsHeaderSet( | |
338 GURL& frame_origin, | |
339 GURL& website_origin, | |
340 std::string access_control_origin) { | |
341 // Many websites are sending back "\"*\"" instead of "*". This is | |
342 // non-standard practice, and not supported by Chrome. Refer to | |
343 // CrossOriginAccessControl::passesAccessControlCheck(). | |
344 | |
345 // TODO(dsjang): * is not allowed for the response from a request | |
346 // with cookies. This allows for more than what the renderer will | |
347 // eventually be able to receive, so we won't see illegal cross-site | |
348 // documents allowed by this. We have to find a way to see if this | |
349 // response is from a cookie-tagged request or not in the future. | |
350 if (access_control_origin == "*") | |
351 return true; | |
352 | |
353 // TODO(dsjang): The CORS spec only treats a fully specified URL, | |
354 // except for "*", but many websites are using just a domain for | |
355 // access_control_origin, and this is blocked by Webkit's CORS logic | |
356 // here : CrossOriginAccessControl::passesAccessControlCheck() | |
357 | |
358 // TODO(dsjang): examine createFromString()'s behavior for a URL | |
Charlie Reis
2013/08/13 00:53:19
Have you checked this?
dsjang
2013/08/13 20:54:48
this comment should have been gone since we don't
| |
359 // containing * in it. | |
360 GURL cors_origin(access_control_origin); | |
361 | |
362 LOG(ERROR) << cors_origin; | |
363 return IsSameSite(frame_origin, cors_origin); | |
364 } | |
365 | |
366 // This function is a slight modification of |net::SniffForHTML|. | |
367 bool SiteIsolationPolicy::SniffForHTML(const char* data, size_t length) { | |
368 // The content sniffer used by Chrome and Firefox are using "<!--" | |
369 // as one of the HTML signatures, but it also appears in valid | |
370 // JavaScript, considered as well-formed JS by the browser. Since | |
371 // we do not want to block any JS, we exclude it from our HTML | |
372 // signatures. This can weaken our document block policy, but we can | |
373 // break less websites. | |
374 // TODO(dsjang): parameterize |net::SniffForHTML| with an option | |
375 // that decides whether to include <!-- or not, so that we can | |
376 // remove this function. | |
377 const char* html_signatures[] = {"<!DOCTYPE html", // HTML5 spec | |
378 "<script", // HTML5 spec, Mozilla | |
379 "<html", // HTML5 spec, Mozilla | |
380 "<head", // HTML5 spec, Mozilla | |
381 "<iframe", // Mozilla | |
382 "<h1", // Mozilla | |
383 "<div", // Mozilla | |
384 "<font", // Mozilla | |
385 "<table", // Mozilla | |
386 "<a", // Mozilla | |
387 "<style", // Mozilla | |
388 "<title", // Mozilla | |
389 "<b", // Mozilla | |
390 "<body", // Mozilla | |
391 "<br", "<p" // Mozilla | |
392 }; | |
393 return MatchesSignature( | |
394 data, length, html_signatures, arraysize(html_signatures)); | |
395 } | |
396 | |
397 bool SiteIsolationPolicy::SniffForXML(const char* data, size_t length) { | |
398 const char* xml_signatures[] = {"<?xml" // Mozilla | |
399 }; | |
400 return MatchesSignature( | |
401 data, length, xml_signatures, arraysize(xml_signatures)); | |
402 } | |
403 | |
404 bool SiteIsolationPolicy::SniffForJSON(const char* data, size_t length) { | |
405 // TODO(dsjang): We have to come up with a better way to sniff | |
406 // JSON. However, even RE cannot help us that much due to the fact | |
407 // that we don't do full parsing. This DFA starts with state 0, and | |
408 // finds {, "/' and : in that order. We're avoiding adding a | |
409 // dependency on a regular expression library. The trusted | |
Charlie Reis
2013/08/13 00:53:19
Heh, I didn't mean for you to include the second s
dsjang
2013/08/13 20:54:48
Done.
| |
410 // computing base argument could go either way: a library would be | |
411 // more vetted than this hand-coded parser but also larger and more | |
412 // complex. | |
413 const int kInitState = 0; | |
414 const int kLeftBraceState = 1; | |
415 const int kLeftQuoteState = 2; | |
416 const int kColonState = 3; | |
417 const int kDeadState = 4; | |
418 | |
419 int state = kInitState; | |
420 for (size_t i = 0; i < length && state < kColonState; ++i) { | |
421 const char c = data[i]; | |
422 if (c == ' ' || c == '\t' || c == '\r' || c == '\n') | |
423 continue; | |
424 | |
425 switch (state) { | |
426 case kInitState: | |
427 if (c == '{') | |
428 state = kLeftBraceState; | |
429 else | |
430 state = kDeadState; | |
431 break; | |
432 case kLeftBraceState: | |
433 if (c == '\"' || c == '\'') | |
434 state = kLeftQuoteState; | |
435 else | |
436 state = kDeadState; | |
437 break; | |
438 case kLeftQuoteState: | |
439 if (c == ':') | |
440 state = kColonState; | |
441 break; | |
442 default: | |
443 NOTREACHED(); | |
444 break; | |
445 } | |
446 } | |
447 return state == kColonState; | |
448 } | |
449 | |
450 bool SiteIsolationPolicy::MatchesSignature(const char* data, | |
451 size_t length, | |
452 const char* signatures[], | |
453 size_t arr_size) { | |
454 size_t start = 0; | |
455 // Skip white characters at the beginning of the document. | |
456 for (start = 0; start < length; ++start) { | |
457 char c = data[start]; | |
458 if (!(c == ' ' || c == '\r' || c == '\n' || c == '\t')) | |
459 break; | |
460 } | |
461 | |
462 // There is no not-whitespace character in this document. | |
463 if (!(start < length)) | |
464 return false; | |
465 | |
466 data = data + start; | |
Charlie Reis
2013/08/13 00:53:19
I'm with Nasko that we should not modify the input
dsjang
2013/08/13 20:54:48
Done.
| |
467 length = length - start; | |
468 | |
469 for (size_t sig_index = 0; sig_index < arr_size; ++sig_index) { | |
470 const char* signature = signatures[sig_index]; | |
471 size_t signature_length = strlen(signature); | |
472 | |
473 if (length < signature_length) | |
474 continue; | |
475 | |
476 if (!base::strncasecmp(signature, data, signature_length)) | |
477 return true; | |
478 } | |
479 return false; | |
480 } | |
481 | |
482 bool SiteIsolationPolicy::IsRenderableStatusCodeForDocument(int status_code) { | |
483 // Chrome only uses the content of a response with one of these | |
484 // status codes for CSS/JavaScript. For images, Chrome just ignores | |
485 // status code. | |
486 const int renderable_status_code[] = {200, 201, 202, 203, 206, 300, 301, 302, | |
487 303, 305, 306, 307}; | |
488 for (size_t i = 0; i < arraysize(renderable_status_code); ++i) { | |
489 if (renderable_status_code[i] == status_code) | |
490 return true; | |
491 } | |
492 return false; | |
493 } | |
494 | |
495 bool SiteIsolationPolicy::SniffForJS(const char* data, size_t length) { | |
496 // TODO(dsjang): This is a real hack. The only purpose of this | |
497 // function is to try to see if there's any possibility that this | |
498 // data can be JavaScript (superset of JS). This function will be | |
499 // removed once UMA stats are gathers. | |
Charlie Reis
2013/08/13 00:53:19
nit: gathers -> gathered.
dsjang
2013/08/13 20:54:48
Done.
| |
500 | |
501 // Search for "var " for JS detection. :-) | |
502 for (size_t i = 0; i < length - 3; ++i) { | |
503 if (strncmp(data, "var ", 4) == 0) | |
504 return true; | |
505 ++data; | |
Charlie Reis
2013/08/13 00:53:19
Should probably avoid modifying the input paramete
dsjang
2013/08/13 20:54:48
Done.
| |
506 } | |
507 return false; | |
508 } | |
509 | |
510 TargetTypeMap* SiteIsolationPolicy::GetIdTargetMap() { | |
511 CR_DEFINE_STATIC_LOCAL(TargetTypeMap, id_target_map_, ()); | |
512 return &id_target_map_; | |
513 } | |
514 | |
515 UrlResponseMetaDataMap* SiteIsolationPolicy::GetUrlResponseMetaDataMap() { | |
516 CR_DEFINE_STATIC_LOCAL(UrlResponseMetaDataMap, url_responsedata_map_, ()); | |
517 return &url_responsedata_map_; | |
518 } | |
519 | |
520 IdUrlMap* SiteIsolationPolicy::GetIdUrlMap() { | |
521 CR_DEFINE_STATIC_LOCAL(IdUrlMap, id_url_map_, ()); | |
522 return &id_url_map_; | |
523 } | |
524 | |
525 } // namespace webkit_glue | |
OLD | NEW |