OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/webui/devtools_ui.h" | 5 #include "chrome/browser/ui/webui/devtools_ui.h" |
6 | 6 |
7 #include "base/macros.h" | 7 #include "base/macros.h" |
8 #include "base/memory/ref_counted_memory.h" | 8 #include "base/memory/ref_counted_memory.h" |
9 #include "base/strings/string_split.h" | |
9 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
10 #include "base/strings/stringprintf.h" | 11 #include "base/strings/stringprintf.h" |
11 #include "chrome/browser/profiles/profile.h" | 12 #include "chrome/browser/profiles/profile.h" |
12 #include "chrome/common/url_constants.h" | 13 #include "chrome/common/url_constants.h" |
13 #include "content/public/browser/browser_thread.h" | 14 #include "content/public/browser/browser_thread.h" |
14 #include "content/public/browser/devtools_frontend_host.h" | 15 #include "content/public/browser/devtools_frontend_host.h" |
15 #include "content/public/browser/url_data_source.h" | 16 #include "content/public/browser/url_data_source.h" |
16 #include "content/public/browser/web_contents.h" | 17 #include "content/public/browser/web_contents.h" |
17 #include "content/public/browser/web_ui.h" | 18 #include "content/public/browser/web_ui.h" |
18 #include "content/public/common/user_agent.h" | 19 #include "content/public/common/user_agent.h" |
20 #include "net/base/escape.h" | |
21 #include "net/base/url_util.h" | |
19 #include "net/url_request/url_fetcher.h" | 22 #include "net/url_request/url_fetcher.h" |
20 #include "net/url_request/url_fetcher_delegate.h" | 23 #include "net/url_request/url_fetcher_delegate.h" |
21 #include "net/url_request/url_request_context_getter.h" | 24 #include "net/url_request/url_request_context_getter.h" |
22 | 25 |
23 using content::BrowserThread; | 26 using content::BrowserThread; |
24 using content::WebContents; | 27 using content::WebContents; |
25 | 28 |
26 namespace { | 29 namespace { |
27 | 30 |
28 std::string PathWithoutParams(const std::string& path) { | 31 std::string PathWithoutParams(const std::string& path) { |
(...skipping 10 matching lines...) Expand all Loading... | |
39 #if defined(DEBUG_DEVTOOLS) | 42 #if defined(DEBUG_DEVTOOLS) |
40 // Local frontend url provided by InspectUI. | 43 // Local frontend url provided by InspectUI. |
41 const char kFallbackFrontendURL[] = | 44 const char kFallbackFrontendURL[] = |
42 "chrome-devtools://devtools/bundled/inspector.html"; | 45 "chrome-devtools://devtools/bundled/inspector.html"; |
43 #else | 46 #else |
44 // URL causing the DevTools window to display a plain text warning. | 47 // URL causing the DevTools window to display a plain text warning. |
45 const char kFallbackFrontendURL[] = | 48 const char kFallbackFrontendURL[] = |
46 "data:text/plain,Cannot load DevTools frontend from an untrusted origin"; | 49 "data:text/plain,Cannot load DevTools frontend from an untrusted origin"; |
47 #endif // defined(DEBUG_DEVTOOLS) | 50 #endif // defined(DEBUG_DEVTOOLS) |
48 | 51 |
52 GURL SanitizeFrontendURL( | |
53 const GURL& url, | |
54 const std::string& scheme, | |
55 const std::string& host, | |
56 const std::string& path, | |
57 bool allow_query); | |
58 | |
59 std::string SanitizeRevision(const std::string& revision) { | |
60 for (size_t i = 0; i < revision.length(); i++) { | |
61 if (revision[i] != '@' | |
Tom Sepez
2016/10/11 22:52:18
nit: if you want to be really picky, you might ins
dgozman
2016/10/12 22:10:33
Nice! Done.
| |
62 && (revision[i] < '0' || revision[i] > '9') | |
63 && (revision[i] < 'a' || revision[i] > 'z') | |
64 && (revision[i] < 'A' || revision[i] > 'Z')) { | |
65 return std::string(); | |
66 } | |
67 } | |
68 return revision; | |
69 } | |
70 | |
71 std::string SanitizeFrontendPath(const std::string& path) { | |
72 for (size_t i = 0; i < path.length(); i++) { | |
73 if (path[i] != '/' && path[i] != '-' && path[i] != '_' | |
74 && path[i] != '.' && path[i] != '@' | |
75 && (path[i] < '0' || path[i] > '9') | |
76 && (path[i] < 'a' || path[i] > 'z') | |
77 && (path[i] < 'A' || path[i] > 'Z')) { | |
78 return std::string(); | |
79 } | |
80 } | |
81 return path; | |
82 } | |
83 | |
84 std::string SanitizeRemoteBase(const std::string& value) { | |
85 GURL url(value); | |
86 std::string path = url.path(); | |
87 std::vector<std::string> parts = base::SplitString( | |
88 path, "/", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); | |
89 std::string revision = parts.size() > 2 ? parts[2] : ""; | |
90 revision = SanitizeRevision(revision); | |
91 path = base::StringPrintf("/%s/%s/", kRemoteFrontendPath, revision.c_str()); | |
92 return SanitizeFrontendURL(url, url::kHttpsScheme, | |
93 kRemoteFrontendDomain, path, false).spec(); | |
94 } | |
95 | |
96 std::string SanitizeRemoteFrontendURL(const std::string& value) { | |
97 GURL url(value); | |
98 std::string path = url.path(); | |
99 std::vector<std::string> parts = base::SplitString( | |
100 path, "/", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); | |
101 std::string revision = parts.size() > 2 ? parts[2] : ""; | |
102 revision = SanitizeRevision(revision); | |
103 std::string filename = parts.size() ? parts[parts.size() - 1] : ""; | |
104 if (filename != "devtools.html") | |
105 filename = "inspector.html"; | |
106 path = base::StringPrintf("/serve_rev/%s/%s", | |
107 revision.c_str(), filename.c_str()); | |
108 std::string sanitized = SanitizeFrontendURL(url, url::kHttpsScheme, | |
109 kRemoteFrontendDomain, path, true).spec(); | |
110 return net::EscapeQueryParamValue(sanitized, false); | |
111 } | |
112 | |
113 std::string SanitizeFrontendQueryParam( | |
114 const std::string& key, | |
115 const std::string& value) { | |
116 // Convert boolean flags to true. | |
117 if (key == "can_dock" || key == "debugFrontend" || key == "experiments" || | |
118 key == "isSharedWorker" || key == "v8only" || key == "remoteFrontend") | |
119 return "true"; | |
120 | |
121 // Pass connection endpoints as is. | |
122 if (key == "ws" || key == "service-backend") | |
123 return value; | |
124 | |
125 // Only support undocked for old frontends. | |
126 if (key == "dockSide" && value == "undocked") | |
127 return value; | |
128 | |
129 if (key == "remoteBase") | |
130 return SanitizeRemoteBase(value); | |
131 | |
132 if (key == "remoteFrontendUrl") | |
133 return SanitizeRemoteFrontendURL(value); | |
134 | |
135 return std::string(); | |
136 } | |
137 | |
138 GURL SanitizeFrontendURL( | |
139 const GURL& url, | |
140 const std::string& scheme, | |
141 const std::string& host, | |
142 const std::string& path, | |
143 bool allow_query) { | |
144 std::vector<std::string> query_parts; | |
145 if (allow_query) { | |
146 for (net::QueryIterator it(url); !it.IsAtEnd(); it.Advance()) { | |
147 std::string value = SanitizeFrontendQueryParam(it.GetKey(), | |
148 it.GetUnescapedValue()); | |
Tom Sepez
2016/10/11 22:52:18
suppose we have ws=1%26evil%3dtrue
presumably it.G
dgozman
2016/10/12 22:10:33
Right! We should not unescape ever and just pass i
| |
149 if (!value.empty()) { | |
150 query_parts.push_back( | |
151 base::StringPrintf("%s=%s", it.GetKey().c_str(), value.c_str())); | |
152 } | |
153 } | |
154 } | |
155 std::string query = | |
156 query_parts.empty() ? "" : "?" + base::JoinString(query_parts, "&"); | |
157 std::string constructed = base::StringPrintf("%s://%s%s%s", | |
158 scheme.c_str(), host.c_str(), path.c_str(), query.c_str()); | |
159 GURL result = GURL(constructed); | |
160 if (!result.is_valid()) | |
161 return GURL(); | |
162 return result; | |
163 } | |
164 | |
49 // DevToolsDataSource --------------------------------------------------------- | 165 // DevToolsDataSource --------------------------------------------------------- |
50 | 166 |
51 std::string GetMimeTypeForPath(const std::string& path) { | 167 std::string GetMimeTypeForPath(const std::string& path) { |
52 std::string filename = PathWithoutParams(path); | 168 std::string filename = PathWithoutParams(path); |
53 if (base::EndsWith(filename, ".html", base::CompareCase::INSENSITIVE_ASCII)) { | 169 if (base::EndsWith(filename, ".html", base::CompareCase::INSENSITIVE_ASCII)) { |
54 return "text/html"; | 170 return "text/html"; |
55 } else if (base::EndsWith(filename, ".css", | 171 } else if (base::EndsWith(filename, ".css", |
56 base::CompareCase::INSENSITIVE_ASCII)) { | 172 base::CompareCase::INSENSITIVE_ASCII)) { |
57 return "text/css"; | 173 return "text/css"; |
58 } else if (base::EndsWith(filename, ".js", | 174 } else if (base::EndsWith(filename, ".js", |
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
243 | 359 |
244 // static | 360 // static |
245 GURL DevToolsUI::GetRemoteBaseURL() { | 361 GURL DevToolsUI::GetRemoteBaseURL() { |
246 return GURL(base::StringPrintf( | 362 return GURL(base::StringPrintf( |
247 "%s%s/%s/", | 363 "%s%s/%s/", |
248 kRemoteFrontendBase, | 364 kRemoteFrontendBase, |
249 kRemoteFrontendPath, | 365 kRemoteFrontendPath, |
250 content::GetWebKitRevision().c_str())); | 366 content::GetWebKitRevision().c_str())); |
251 } | 367 } |
252 | 368 |
369 // static | |
370 GURL DevToolsUI::SanitizeFrontendURL(const GURL& url) { | |
371 return ::SanitizeFrontendURL(url, content::kChromeDevToolsScheme, | |
372 chrome::kChromeUIDevToolsHost, SanitizeFrontendPath(url.path()), true); | |
373 } | |
374 | |
253 DevToolsUI::DevToolsUI(content::WebUI* web_ui) | 375 DevToolsUI::DevToolsUI(content::WebUI* web_ui) |
254 : WebUIController(web_ui), | 376 : WebUIController(web_ui) { |
255 bindings_(web_ui->GetWebContents()) { | |
256 web_ui->SetBindings(0); | 377 web_ui->SetBindings(0); |
257 Profile* profile = Profile::FromWebUI(web_ui); | 378 Profile* profile = Profile::FromWebUI(web_ui); |
258 content::URLDataSource::Add( | 379 content::URLDataSource::Add( |
259 profile, | 380 profile, |
260 new DevToolsDataSource(profile->GetRequestContext())); | 381 new DevToolsDataSource(profile->GetRequestContext())); |
382 | |
383 GURL url = web_ui->GetWebContents()->GetVisibleURL(); | |
384 if (url.spec() == SanitizeFrontendURL(url).spec()) | |
385 bindings_.reset(new DevToolsUIBindings(web_ui->GetWebContents())); | |
261 } | 386 } |
262 | 387 |
263 DevToolsUI::~DevToolsUI() { | 388 DevToolsUI::~DevToolsUI() { |
264 } | 389 } |
OLD | NEW |