| OLD | NEW |
|---|
| 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 part of http_server; | 5 part of http_server; |
| 6 | 6 |
| 7 | 7 |
| 8 // Used for signal a directory redirecting, where a tailing slash is missing. | 8 // Used for signal a directory redirecting, where a tailing slash is missing. |
| 9 class _DirectoryRedirect { | 9 class _DirectoryRedirect { |
| 10 const _DirectoryRedirect(); | 10 const _DirectoryRedirect(); |
| (...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 248 var response = request.response; | 248 var response = request.response; |
| 249 dir.stat().then((stats) { | 249 dir.stat().then((stats) { |
| 250 if (request.headers.ifModifiedSince != null && | 250 if (request.headers.ifModifiedSince != null && |
| 251 !stats.modified.isAfter(request.headers.ifModifiedSince)) { | 251 !stats.modified.isAfter(request.headers.ifModifiedSince)) { |
| 252 response.statusCode = HttpStatus.NOT_MODIFIED; | 252 response.statusCode = HttpStatus.NOT_MODIFIED; |
| 253 response.close(); | 253 response.close(); |
| 254 return; | 254 return; |
| 255 } | 255 } |
| 256 | 256 |
| 257 response.headers.set(HttpHeaders.LAST_MODIFIED, stats.modified); | 257 response.headers.set(HttpHeaders.LAST_MODIFIED, stats.modified); |
| 258 var path = request.uri.path; | 258 var path = Uri.decodeComponent(request.uri.path); |
| 259 var encodedPath = new HtmlEscape().convert(path); |
| 259 var header = | 260 var header = |
| 260 '''<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" | 261 '''<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| 261 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | 262 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| 262 <html xmlns="http://www.w3.org/1999/xhtml"> | 263 <html xmlns="http://www.w3.org/1999/xhtml"> |
| 263 <head> | 264 <head> |
| 264 <title>Index of $path</title> | 265 <title>Index of $encodedPath</title> |
| 265 </head> | 266 </head> |
| 266 <body> | 267 <body> |
| 267 <h1>Index of $path</h1> | 268 <h1>Index of $encodedPath</h1> |
| 268 <table> | 269 <table> |
| 269 <tr> | 270 <tr> |
| 270 <td>Name</td> | 271 <td>Name</td> |
| 271 <td>Last modified</td> | 272 <td>Last modified</td> |
| 272 <td>Size</td> | 273 <td>Size</td> |
| 273 </tr> | 274 </tr> |
| 274 '''; | 275 '''; |
| 275 var server = response.headers.value(HttpHeaders.SERVER); | 276 var server = response.headers.value(HttpHeaders.SERVER); |
| 276 if (server == null) server = ""; | 277 if (server == null) server = ""; |
| 277 var footer = | 278 var footer = |
| 278 '''</table> | 279 '''</table> |
| 279 $server | 280 $server |
| 280 </body> | 281 </body> |
| 281 </html> | 282 </html> |
| 282 '''; | 283 '''; |
| 283 | 284 |
| 284 response.write(header); | 285 response.write(header); |
| 285 | 286 |
| 286 void add(String name, String modified, var size) { | 287 void add(String name, String modified, var size) { |
| 288 try { |
| 287 if (size == null) size = "-"; | 289 if (size == null) size = "-"; |
| 288 if (modified == null) modified = ""; | 290 if (modified == null) modified = ""; |
| 289 var p = normalize(join(path, name)); | 291 var encodedSize = new HtmlEscape().convert(size.toString()); |
| 292 var encodedModified = new HtmlEscape().convert(modified); |
| 293 var encodedLink = new HtmlEscape(HtmlEscapeMode.ATTRIBUTE) |
| 294 .convert(Uri.encodeComponent(normalize(join(path, name)))); |
| 295 var encodedName = new HtmlEscape().convert(name); |
| 296 |
| 290 var entry = | 297 var entry = |
| 291 ''' <tr> | 298 ''' <tr> |
| 292 <td><a href="$p">$name</a></td> | 299 <td><a href="$encodedLink">$encodedName</a></td> |
| 293 <td>$modified</td> | 300 <td>$encodedModified</td> |
| 294 <td style="text-align: right">$size</td> | 301 <td style="text-align: right">$encodedSize</td> |
| 295 </tr>'''; | 302 </tr>'''; |
| 296 response.write(entry); | 303 response.write(entry); |
| 304 } catch (e) { |
| 305 print(e); |
| 306 } |
| 297 } | 307 } |
| 298 | 308 |
| 299 if (path != '/') { | 309 if (path != '/') { |
| 300 add('../', null, null); | 310 add('../', null, null); |
| 301 } | 311 } |
| 302 | 312 |
| 303 dir.list(followLinks: true).listen((entity) { | 313 dir.list(followLinks: true).listen((entity) { |
| 304 if (entity is File) { | 314 if (entity is File) { |
| 305 var stat = entity.statSync(); | 315 var stat = entity.statSync(); |
| 306 add(basename(entity.path), | 316 add(basename(entity.path), |
| (...skipping 17 matching lines...) Expand all Loading... |
| 324 } | 334 } |
| 325 | 335 |
| 326 void _serveErrorPage(int error, HttpRequest request) { | 336 void _serveErrorPage(int error, HttpRequest request) { |
| 327 var response = request.response; | 337 var response = request.response; |
| 328 response.statusCode = error; | 338 response.statusCode = error; |
| 329 if (_errorCallback != null) { | 339 if (_errorCallback != null) { |
| 330 _errorCallback(request); | 340 _errorCallback(request); |
| 331 return; | 341 return; |
| 332 } | 342 } |
| 333 // Default error page. | 343 // Default error page. |
| 334 var path = request.uri.path; | 344 var path = Uri.decodeComponent(request.uri.path); |
| 335 var reason = response.reasonPhrase; | 345 var encodedPath = new HtmlEscape().convert(path); |
| 346 var encodedReason = new HtmlEscape().convert(response.reasonPhrase); |
| 347 var encodedError = new HtmlEscape().convert(error.toString()); |
| 336 | 348 |
| 337 var server = response.headers.value(HttpHeaders.SERVER); | 349 var server = response.headers.value(HttpHeaders.SERVER); |
| 338 if (server == null) server = ""; | 350 if (server == null) server = ""; |
| 339 var page = | 351 var page = |
| 340 '''<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" | 352 '''<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| 341 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | 353 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| 342 <html xmlns="http://www.w3.org/1999/xhtml"> | 354 <html xmlns="http://www.w3.org/1999/xhtml"> |
| 343 <head> | 355 <head> |
| 344 <title>$reason: $path</title> | 356 <title>$encodedReason: $encodedPath</title> |
| 345 </head> | 357 </head> |
| 346 <body> | 358 <body> |
| 347 <h1>Error $error at \'$path\': $reason</h1> | 359 <h1>Error $encodedError at \'$encodedPath\': $encodedReason</h1> |
| 348 $server | 360 $server |
| 349 </body> | 361 </body> |
| 350 </html>'''; | 362 </html>'''; |
| 351 response.write(page); | 363 response.write(page); |
| 352 response.close(); | 364 response.close(); |
| 353 } | 365 } |
| 354 } | 366 } |
| 355 | 367 |
| 356 class _VirtualDirectoryFileStream extends StreamConsumer<List<int>> { | 368 class _VirtualDirectoryFileStream extends StreamConsumer<List<int>> { |
| 357 final HttpResponse response; | 369 final HttpResponse response; |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 401 | 413 |
| 402 Future close() => new Future.value(); | 414 Future close() => new Future.value(); |
| 403 | 415 |
| 404 void setMimeType(List<int> bytes) { | 416 void setMimeType(List<int> bytes) { |
| 405 var mimeType = lookupMimeType(path, headerBytes: bytes); | 417 var mimeType = lookupMimeType(path, headerBytes: bytes); |
| 406 if (mimeType != null) { | 418 if (mimeType != null) { |
| 407 response.headers.contentType = ContentType.parse(mimeType); | 419 response.headers.contentType = ContentType.parse(mimeType); |
| 408 } | 420 } |
| 409 } | 421 } |
| 410 } | 422 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 225813002:
Fix XSS issues in http_server's dir-listing and error-page. (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart