Index: content/child/site_isolation_policy.cc |
diff --git a/content/child/site_isolation_policy.cc b/content/child/site_isolation_policy.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..13be0d3a74c7939190fba9da88d772f7988194f9 |
--- /dev/null |
+++ b/content/child/site_isolation_policy.cc |
@@ -0,0 +1,546 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "content/child/site_isolation_policy.h" |
+ |
+#include "base/basictypes.h" |
+#include "base/logging.h" |
+#include "base/metrics/histogram.h" |
+#include "base/strings/string_util.h" |
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
+#include "net/http/http_response_headers.h" |
+#include "third_party/WebKit/public/platform/WebHTTPHeaderVisitor.h" |
+#include "third_party/WebKit/public/platform/WebString.h" |
+#include "third_party/WebKit/public/platform/WebURL.h" |
+#include "third_party/WebKit/public/platform/WebURLRequest.h" |
+#include "third_party/WebKit/public/platform/WebURLResponse.h" |
+#include "third_party/WebKit/public/web/WebDocument.h" |
+#include "third_party/WebKit/public/web/WebFrame.h" |
+#include "third_party/WebKit/public/web/WebFrameClient.h" |
+#include "third_party/WebKit/public/web/WebSecurityOrigin.h" |
+#include "third_party/WebKit/public/web/WebView.h" |
+ |
+using WebKit::WebDocument; |
+using WebKit::WebString; |
+using WebKit::WebURL; |
+using WebKit::WebURLResponse; |
+using WebKit::WebURLRequest; |
+ |
+namespace content { |
+ |
+namespace { |
+ |
+// MIME types |
+const char kTextHtml[] = "text/html"; |
+const char kTextXml[] = "text/xml"; |
+const char xAppRssXml[] = "application/rss+xml"; |
+const char kAppXml[] = "application/xml"; |
+const char kAppJson[] = "application/json"; |
+const char kTextJson[] = "text/json"; |
+const char kTextXjson[] = "text/x-json"; |
+const char kTextPlain[] = "text/plain"; |
+ |
+} // anonymous namespace |
+ |
+SiteIsolationPolicy::SiteIsolationPolicy( |
+ webkit_glue::ResourceLoaderBridge::Peer* original_peer, |
+ bool policy_enforced, |
+ GURL& frame_origin, |
+ GURL& request_url, |
+ int request_id, |
+ ResourceType::Type resource_type) |
+ : original_peer_(original_peer), |
+ policy_enforced_(policy_enforced), |
+ frame_origin_(frame_origin), |
+ request_url_(request_url), |
+ request_id_(request_id), |
+ resource_type_(resource_type), |
+ state_(INIT), |
+ cross_site_document_header_(false), |
+ confirmed_safe_(false) { |
+ // TODO(dsjang): when SiteIsoloation is fully deployed in the browser process, |
+ // |frame_origin| will be given from a trusted module. |
+} |
+ |
+void SiteIsolationPolicy::OnUploadProgress(uint64 position, uint64 size) { |
+ original_peer_->OnUploadProgress(position, size); |
+} |
+ |
+void SiteIsolationPolicy::OnDownloadedData(int len) { |
+ return original_peer_->OnDownloadedData(len); |
+} |
+ |
+void SiteIsolationPolicy::OnReceivedCachedMetadata(const char* data, int len) { |
+ return original_peer_->OnReceivedCachedMetadata(data, len); |
+} |
+ |
+void SiteIsolationPolicy::OnCompletedRequest( |
+ int error_code, |
+ bool was_ignored_by_handler, |
+ const std::string& security_info, |
+ const base::TimeTicks& completion_time) { |
+ state_ = COMPLETED; |
+ original_peer_->OnCompletedRequest( |
+ error_code, was_ignored_by_handler, security_info, completion_time); |
+} |
+ |
+bool SiteIsolationPolicy::OnReceivedRedirect( |
+ const GURL& new_url, |
+ const webkit_glue::ResourceResponseInfo& info, |
+ bool* has_new_first_party_for_cookies, |
+ GURL* new_first_party_for_cookies) { |
+ DCHECK_EQ(state_, INIT); |
+ request_url_ = new_url; |
+ return original_peer_->OnReceivedRedirect(new_url, |
+ info, |
+ has_new_first_party_for_cookies, |
+ new_first_party_for_cookies); |
+} |
+ |
+void SiteIsolationPolicy::OnReceivedResponse( |
+ const webkit_glue::ResourceResponseInfo& info) { |
+ DCHECK_EQ(state_, INIT); |
+ state_ = RESPONSE_RECEIVED; |
+ |
+ UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); |
+ original_peer_->OnReceivedResponse(info); |
+ |
+ if (!policy_enforced_) |
+ return; |
+ |
+ // See if this is for navigation. If it is, don't block it, under the |
+ // assumption that we will put it in an appropriate process. |
+ if (ResourceType::IsFrame(resource_type_)) |
+ return; |
+ |
+ if (!IsBlockableScheme(request_url_)) |
+ return; |
+ |
+ if (IsSameSite(frame_origin_, request_url_)) |
+ return; |
+ |
+ SiteIsolationPolicy::CanonicalMimeType canonical_mime_type = |
+ GetCanonicalMimeType(info.mime_type); |
+ |
+ if (canonical_mime_type == SiteIsolationPolicy::Others) |
+ return; |
+ |
+ // Every CORS request should have the Access-Control-Allow-Origin header even |
+ // if it is preceded by a pre-flight request. Therefore, if this is a CORS |
+ // request, it has this header. response.httpHeaderField() internally uses |
+ // case-insensitive matching for the header name. |
+ std::string access_control_origin; |
+ |
+ // We can use a case-insensitive header name for EnumerateHeader(). |
+ info.headers->EnumerateHeader( |
+ NULL, "access-control-allow-origin", &access_control_origin); |
+ if (IsValidCorsHeaderSet(frame_origin_, request_url_, access_control_origin)) |
+ return; |
+ |
+ // Real XSD data collection starts from here. |
+ std::string no_sniff; |
+ info.headers->EnumerateHeader(NULL, "x-content-type-options", &no_sniff); |
+ |
+ canonical_mime_type_ = canonical_mime_type; |
+ http_status_code_ = info.headers->response_code(); |
+ no_sniff_ = LowerCaseEqualsASCII(no_sniff, "nosniff"); |
+ |
+ cross_site_document_header_ = true; |
+} |
+ |
+// These macros are defined here so that we prevent code size bloat-up due to |
+// the UMA_HISTOGRAM_* macros. Similar logic is used for recording UMA stats for |
+// different MIME types, but we cannot create a helper function for this since |
+// UMA_HISTOGRAM_* macros do not accept variables as their bucket names. As a |
+// solution, macros are used instead to capture the repeated pattern for |
+// recording UMA stats. TODO(dsjang): this is only needed for collecting UMA |
+// stat. Will be deleted when this class is used for actual blocking. |
+ |
+#define SITE_ISOLATION_POLICY_COUNT_BLOCK(BUCKET_PREFIX) \ |
+ UMA_HISTOGRAM_COUNTS( BUCKET_PREFIX ".Blocked", 1); \ |
+ if (renderable_status_code) { \ |
+ UMA_HISTOGRAM_ENUMERATION( \ |
+ BUCKET_PREFIX ".Blocked.RenderableStatusCode", \ |
+ resource_type_, \ |
+ ResourceType::LAST_TYPE + 1); \ |
+ } else { \ |
+ UMA_HISTOGRAM_COUNTS(BUCKET_PREFIX ".Blocked.NonRenderableStatusCode",1);\ |
+ } |
+ |
+#define SITE_ISOLATION_POLICY_COUNT_NO_SNIFF_BLOCK(BUCKET_PREFIX) \ |
+ UMA_HISTOGRAM_COUNTS( BUCKET_PREFIX ".NoSniffBlocked", 1); \ |
+ if (renderable_status_code) { \ |
+ UMA_HISTOGRAM_ENUMERATION( \ |
+ BUCKET_PREFIX ".NoSniffBlocked.RenderableStatusCode", \ |
+ resource_type_, \ |
+ ResourceType::LAST_TYPE + 1); \ |
+ } else { \ |
+ UMA_HISTOGRAM_ENUMERATION( \ |
+ BUCKET_PREFIX ".NoSniffBlocked.NonRenderableStatusCode", \ |
+ resource_type_, \ |
+ ResourceType::LAST_TYPE + 1); \ |
+ } |
+ |
+#define SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ |
+ UMA_HISTOGRAM_COUNTS(BUCKET_PREFIX ".NotBlocked", 1); \ |
+ if (is_sniffed_for_js) \ |
+ UMA_HISTOGRAM_COUNTS(BUCKET_PREFIX ".NotBlocked.MaybeJS", 1); \ |
+ |
+#define SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SNIFF_EXPR,BUCKET_PREFIX) \ |
+ if (SNIFF_EXPR) { \ |
+ SITE_ISOLATION_POLICY_COUNT_BLOCK(BUCKET_PREFIX) \ |
+ } else { \ |
+ if (no_sniff_) { \ |
+ SITE_ISOLATION_POLICY_COUNT_NO_SNIFF_BLOCK(BUCKET_PREFIX) \ |
+ } else { \ |
+ SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ |
+ } \ |
+ } |
+ |
+void SiteIsolationPolicy::OnReceivedData(const char* data, |
+ int length, |
+ int encoded_data_length) { |
+ DCHECK(state_ == RESPONSE_RECEIVED || state_ == DATA_RECEIVED); |
+ if (!policy_enforced_) { |
+ original_peer_->OnReceivedData(data, length, encoded_data_length); |
+ return; |
+ } |
+ |
+ // The first packet has already been examined. |
+ if (state_ == DATA_RECEIVED) { |
+ if (!cross_site_document_header_ || confirmed_safe_) |
+ original_peer_->OnReceivedData(data, length, encoded_data_length); |
+ return; |
+ } |
+ |
+ state_ = DATA_RECEIVED; |
+ |
+ // TODO(dsjang): we do not block any response data now. If this is set to |
+ // false by any sniffing logic below, it will block all the following response |
+ // data to this request. |
+ confirmed_safe_ = true; |
+ |
+ if (cross_site_document_header_) { |
+ // Record the length of the first received network packet to see if it's |
+ // enough for sniffing. |
+ UMA_HISTOGRAM_COUNTS("SiteIsolation.XSD.DataLength", length); |
+ |
+ // Record the number of cross-site document responses with a specific mime |
+ // type (text/html, text/xml, etc). |
+ UMA_HISTOGRAM_ENUMERATION( |
+ "SiteIsolation.XSD.MimeType", |
+ canonical_mime_type_, |
+ MaxCanonicalMimeType); |
+ |
+ // The content is blocked if it is sniffed for HTML/JSON/XML. When the |
+ // blocked response is with an error status code, it is not disruptive by |
+ // the following reasons : 1) the blocked content is not a binary object |
+ // (such as an image) since it is sniffed for text; 2) then, this blocking |
+ // only breaks the renderer behavior only if it is either JavaScript or |
+ // CSS. However, the renderer doesn't use the contents of JS/CSS with |
+ // unaffected status code (e.g, 404). 3) the renderer is expected not to use |
+ // the cross-site document content for purposes other than JS/CSS (e.g, |
+ // XHR). |
+ bool renderable_status_code = |
+ IsRenderableStatusCodeForDocument(http_status_code_); |
+ |
+ // This is only used for false-negative analysis for non-blocked resources. |
+ bool is_sniffed_for_js = SniffForJS(data, length); |
+ |
+ // Record the number of responses whose content is sniffed for what its mime |
+ // type claims it to be. For example, we apply a HTML sniffer for a document |
+ // tagged with text/html here. Whenever this check becomes true, we'll block |
+ // the response. |
+ switch (canonical_mime_type_) { |
+ case SiteIsolationPolicy::HTML: |
+ SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SniffForHTML(data, length), |
+ "SiteIsolation.XSD.HTML"); |
+ break; |
+ case SiteIsolationPolicy::XML: |
+ SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SniffForXML(data, length), |
+ "SiteIsolation.XSD.XML"); |
+ break; |
+ case SiteIsolationPolicy::JSON: |
+ SITE_ISOLATION_POLICY_SNIFF_AND_COUNT(SniffForJSON(data, length), |
+ "SiteIsolation.XSD.JSON"); |
+ break; |
+ case SiteIsolationPolicy::Plain: |
+ if (SniffForHTML(data, length)) { |
+ SITE_ISOLATION_POLICY_COUNT_BLOCK("SiteIsolation.XSD.Plain.HTML"); |
+ } else if (SniffForXML(data, length)) { |
+ SITE_ISOLATION_POLICY_COUNT_BLOCK("SiteIsolation.XSD.Plain.XML"); |
+ } else if (SniffForJSON(data, length)) { |
+ SITE_ISOLATION_POLICY_COUNT_BLOCK("SiteIsolation.XSD.Plain.JSON"); |
+ } else if (is_sniffed_for_js) { |
+ if (no_sniff_) { |
+ SITE_ISOLATION_POLICY_COUNT_NO_SNIFF_BLOCK( |
+ "SiteIsolation.XSD.Plain"); |
+ } else { |
+ SITE_ISOLATION_POLICY_COUNT_NOTBLOCK("SiteIsolation.XSD.Plain"); |
+ } |
+ } |
+ break; |
+ default: |
+ NOTREACHED() << "Not a blockable mime type. This mime type shouldn't " |
+ "reach here."; |
+ break; |
+ } |
+ original_peer_->OnReceivedData(data, length, encoded_data_length); |
darin (slow to review)
2013/08/20 23:47:05
nit: having the same code in both branches indicat
dsjang
2013/08/21 18:49:57
I'm switching back to the older version of SiteIso
|
+ } else |
+ original_peer_->OnReceivedData(data, length, encoded_data_length); |
+} |
+ |
+#undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK |
+#undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT |
+#undef SITE_ISOLATION_POLICY_COUNT_BLOCK |
+ |
+SiteIsolationPolicy::CanonicalMimeType |
+SiteIsolationPolicy::GetCanonicalMimeType(const std::string& mime_type) { |
+ if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { |
+ return SiteIsolationPolicy::HTML; |
+ } |
+ |
+ if (LowerCaseEqualsASCII(mime_type, kTextPlain)) { |
+ return SiteIsolationPolicy::Plain; |
+ } |
+ |
+ if (LowerCaseEqualsASCII(mime_type, kAppJson) || |
+ LowerCaseEqualsASCII(mime_type, kTextJson) || |
+ LowerCaseEqualsASCII(mime_type, kTextXjson)) { |
+ return SiteIsolationPolicy::JSON; |
+ } |
+ |
+ if (LowerCaseEqualsASCII(mime_type, kTextXml) || |
+ LowerCaseEqualsASCII(mime_type, xAppRssXml) || |
+ LowerCaseEqualsASCII(mime_type, kAppXml)) { |
+ return SiteIsolationPolicy::XML; |
+ } |
+ |
+ return SiteIsolationPolicy::Others; |
+ |
+} |
+ |
+bool SiteIsolationPolicy::IsBlockableScheme(const GURL& url) { |
+ // We exclude ftp:// from here. FTP doesn't provide a Content-Type |
+ // header which our policy depends on, so we cannot protect any |
+ // document from FTP servers. |
+ return url.SchemeIs("http") || url.SchemeIs("https"); |
+} |
+ |
+bool SiteIsolationPolicy::IsSameSite(const GURL& frame_origin, |
+ const GURL& response_url) { |
+ if (!frame_origin.is_valid() || !response_url.is_valid()) |
+ return false; |
+ |
+ if (frame_origin.scheme() != response_url.scheme()) |
+ return false; |
+ |
+ // SameDomainOrHost() extracts the effective domains (public suffix plus one) |
+ // from the two URLs and compare them. |
+ // TODO(dsjang): use INCLUDE_PRIVATE_REGISTRIES when http://crbug.com/7988 is |
+ // fixed. |
+ return net::registry_controlled_domains::SameDomainOrHost( |
+ frame_origin, |
+ response_url, |
+ net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
+} |
+ |
+// We don't use Webkit's existing CORS policy implementation since |
+// their policy works in terms of origins, not sites. For example, |
+// when frame is sub.a.com and it is not allowed to access a document |
+// with sub1.a.com. But under Site Isolation, it's allowed. |
+bool SiteIsolationPolicy::IsValidCorsHeaderSet( |
+ GURL& frame_origin, |
+ GURL& website_origin, |
+ std::string access_control_origin) { |
+ // Many websites are sending back "\"*\"" instead of "*". This is |
+ // non-standard practice, and not supported by Chrome. Refer to |
+ // CrossOriginAccessControl::passesAccessControlCheck(). |
+ |
+ // TODO(dsjang): * is not allowed for the response from a request |
+ // with cookies. This allows for more than what the renderer will |
+ // eventually be able to receive, so we won't see illegal cross-site |
+ // documents allowed by this. We have to find a way to see if this |
+ // response is from a cookie-tagged request or not in the future. |
+ if (access_control_origin == "*") |
+ return true; |
+ |
+ // TODO(dsjang): The CORS spec only treats a fully specified URL, except for |
+ // "*", but many websites are using just a domain for access_control_origin, |
+ // and this is blocked by Webkit's CORS logic here : |
+ // CrossOriginAccessControl::passesAccessControlCheck(). GURL is set |
+ // is_valid() to false when it is created from a URL containing * in the |
+ // domain part. |
+ |
+ GURL cors_origin(access_control_origin); |
+ return IsSameSite(frame_origin, cors_origin); |
+} |
+ |
+// This function is a slight modification of |net::SniffForHTML|. |
+bool SiteIsolationPolicy::SniffForHTML(const char* data, size_t length) { |
+ // The content sniffer used by Chrome and Firefox are using "<!--" |
+ // as one of the HTML signatures, but it also appears in valid |
+ // JavaScript, considered as well-formed JS by the browser. Since |
+ // we do not want to block any JS, we exclude it from our HTML |
+ // signatures. This can weaken our document block policy, but we can |
+ // break less websites. |
+ // TODO(dsjang): parameterize |net::SniffForHTML| with an option |
+ // that decides whether to include <!-- or not, so that we can |
+ // remove this function. |
+ const char* html_signatures[] = {"<!DOCTYPE html", // HTML5 spec |
+ "<script", // HTML5 spec, Mozilla |
+ "<html", // HTML5 spec, Mozilla |
+ "<head", // HTML5 spec, Mozilla |
+ "<iframe", // Mozilla |
+ "<h1", // Mozilla |
+ "<div", // Mozilla |
+ "<font", // Mozilla |
+ "<table", // Mozilla |
+ "<a", // Mozilla |
+ "<style", // Mozilla |
+ "<title", // Mozilla |
+ "<b", // Mozilla |
+ "<body", // Mozilla |
+ "<br", "<p" // Mozilla |
+ }; |
+ |
+ if (MatchesSignature( |
+ data, length, html_signatures, arraysize(html_signatures))) |
+ return true; |
+ |
+ // "<!--" is specially treated since web JS can use "<!--" "-->" pair for |
+ // comments. |
+ const char* comment_begins[] = {"<!--" }; |
+ |
+ if (MatchesSignature( |
+ data, length, comment_begins, arraysize(comment_begins))) { |
+ // Search for --> and do SniffForHTML after that. If we can find the |
+ // comment's end, we start HTML sniffing from there again. |
+ const char end_comment[] = "-->"; |
+ const size_t end_comment_size = strlen(end_comment); |
+ |
+ for (size_t i = 0; i <= length - end_comment_size; ++i) { |
+ if (!strncmp(data + i, end_comment, end_comment_size)) { |
+ size_t skipped = i + end_comment_size; |
+ return SniffForHTML(data + skipped, length - skipped); |
+ } |
+ } |
+ } |
+ |
+ return false; |
+} |
+ |
+bool SiteIsolationPolicy::SniffForXML(const char* data, size_t length) { |
+ // TODO(dsjang): Chrome's mime_sniffer is using strncasecmp() for |
+ // this signature. However, XML is case-sensitive. Don't we have to |
+ // be more lenient only to block documents starting with the exact |
+ // string <?xml rather than <?XML ? |
+ const char* xml_signatures[] = {"<?xml" // Mozilla |
+ }; |
+ return MatchesSignature( |
+ data, length, xml_signatures, arraysize(xml_signatures)); |
+} |
+ |
+bool SiteIsolationPolicy::SniffForJSON(const char* data, size_t length) { |
+ // TODO(dsjang): We have to come up with a better way to sniff |
+ // JSON. However, even RE cannot help us that much due to the fact |
+ // that we don't do full parsing. This DFA starts with state 0, and |
+ // finds {, "/' and : in that order. We're avoiding adding a |
+ // dependency on a regular expression library. |
+ const int kInitState = 0; |
+ const int kLeftBraceState = 1; |
+ const int kLeftQuoteState = 2; |
+ const int kColonState = 3; |
+ const int kDeadState = 4; |
+ |
+ int state = kInitState; |
+ for (size_t i = 0; i < length && state < kColonState; ++i) { |
+ const char c = data[i]; |
+ if (c == ' ' || c == '\t' || c == '\r' || c == '\n') |
+ continue; |
+ |
+ switch (state) { |
+ case kInitState: |
+ if (c == '{') |
+ state = kLeftBraceState; |
+ else |
+ state = kDeadState; |
+ break; |
+ case kLeftBraceState: |
+ if (c == '\"' || c == '\'') |
+ state = kLeftQuoteState; |
+ else |
+ state = kDeadState; |
+ break; |
+ case kLeftQuoteState: |
+ if (c == ':') |
+ state = kColonState; |
+ break; |
+ default: |
+ NOTREACHED(); |
+ break; |
+ } |
+ } |
+ return state == kColonState; |
+} |
+ |
+bool SiteIsolationPolicy::MatchesSignature(const char* raw_data, |
+ size_t raw_length, |
+ const char* signatures[], |
+ size_t arr_size) { |
+ size_t start = 0; |
+ // Skip white characters at the beginning of the document. |
+ for (start = 0; start < raw_length; ++start) { |
+ char c = raw_data[start]; |
+ if (!(c == ' ' || c == '\t' || c == '\r' || c == '\n')) |
+ break; |
+ } |
+ |
+ // There is no not-whitespace character in this document. |
+ if (!(start < raw_length)) |
+ return false; |
+ |
+ const char* data = raw_data + start; |
+ size_t length = raw_length - start; |
+ |
+ for (size_t sig_index = 0; sig_index < arr_size; ++sig_index) { |
+ const char* signature = signatures[sig_index]; |
+ size_t signature_length = strlen(signature); |
+ |
+ if (length < signature_length) |
+ continue; |
+ |
+ if (!base::strncasecmp(signature, data, signature_length)) |
+ return true; |
+ } |
+ return false; |
+} |
+ |
+bool SiteIsolationPolicy::IsRenderableStatusCodeForDocument(int status_code) { |
+ // Chrome only uses the content of a response with one of these status codes |
+ // for CSS/JavaScript. For images, Chrome just ignores status code. |
+ const int renderable_status_code[] = {200, 201, 202, 203, 206, 300, 301, 302, |
+ 303, 305, 306, 307}; |
+ for (size_t i = 0; i < arraysize(renderable_status_code); ++i) { |
+ if (renderable_status_code[i] == status_code) |
+ return true; |
+ } |
+ return false; |
+} |
+ |
+bool SiteIsolationPolicy::SniffForJS(const char* data, size_t length) { |
+ // TODO(dsjang): This is a real hack. The only purpose of this function is to |
+ // try to see if there's any possibility that this data can be JavaScript |
+ // (superset of JS). This function will be removed once UMA stats are |
+ // gathered. |
+ |
+ // Search for "var " for JS detection. |
+ for (size_t i = 0; i < length - 3; ++i) { |
+ if (strncmp(data + i, "var ", 4) == 0) |
+ return true; |
+ } |
+ return false; |
+} |
+ |
+} // namespace content |