OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/webui/devtools_ui.h" | 5 #include "chrome/browser/ui/webui/devtools_ui.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/macros.h" | 8 #include "base/macros.h" |
9 #include "base/memory/ref_counted_memory.h" | 9 #include "base/memory/ref_counted_memory.h" |
| 10 #include "base/strings/string_split.h" |
10 #include "base/strings/string_util.h" | 11 #include "base/strings/string_util.h" |
11 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
12 #include "chrome/browser/devtools/url_constants.h" | |
13 #include "chrome/browser/profiles/profile.h" | 13 #include "chrome/browser/profiles/profile.h" |
14 #include "chrome/common/chrome_switches.h" | 14 #include "chrome/common/chrome_switches.h" |
15 #include "chrome/common/url_constants.h" | 15 #include "chrome/common/url_constants.h" |
16 #include "content/public/browser/browser_thread.h" | 16 #include "content/public/browser/browser_thread.h" |
17 #include "content/public/browser/devtools_frontend_host.h" | 17 #include "content/public/browser/devtools_frontend_host.h" |
18 #include "content/public/browser/site_instance.h" | 18 #include "content/public/browser/site_instance.h" |
19 #include "content/public/browser/storage_partition.h" | 19 #include "content/public/browser/storage_partition.h" |
20 #include "content/public/browser/url_data_source.h" | 20 #include "content/public/browser/url_data_source.h" |
21 #include "content/public/browser/web_contents.h" | 21 #include "content/public/browser/web_contents.h" |
22 #include "content/public/browser/web_ui.h" | 22 #include "content/public/browser/web_ui.h" |
23 #include "content/public/common/user_agent.h" | 23 #include "content/public/common/user_agent.h" |
| 24 #include "net/base/escape.h" |
24 #include "net/base/filename_util.h" | 25 #include "net/base/filename_util.h" |
25 #include "net/base/load_flags.h" | 26 #include "net/base/load_flags.h" |
| 27 #include "net/base/url_util.h" |
26 #include "net/url_request/url_fetcher.h" | 28 #include "net/url_request/url_fetcher.h" |
27 #include "net/url_request/url_fetcher_delegate.h" | 29 #include "net/url_request/url_fetcher_delegate.h" |
28 #include "net/url_request/url_request_context_getter.h" | 30 #include "net/url_request/url_request_context_getter.h" |
29 #include "storage/browser/fileapi/file_system_context.h" | 31 #include "storage/browser/fileapi/file_system_context.h" |
30 #include "third_party/WebKit/public/public_features.h" | 32 #include "third_party/WebKit/public/public_features.h" |
31 | 33 |
32 using content::BrowserThread; | 34 using content::BrowserThread; |
33 using content::WebContents; | 35 using content::WebContents; |
34 | 36 |
35 namespace { | 37 namespace { |
36 | 38 |
37 std::string PathWithoutParams(const std::string& path) { | 39 std::string PathWithoutParams(const std::string& path) { |
38 return GURL(std::string("chrome-devtools://devtools/") + path) | 40 return GURL(std::string("chrome-devtools://devtools/") + path) |
39 .path().substr(1); | 41 .path().substr(1); |
40 } | 42 } |
41 | 43 |
| 44 const char kRemoteFrontendDomain[] = "chrome-devtools-frontend.appspot.com"; |
| 45 const char kRemoteFrontendBase[] = |
| 46 "https://chrome-devtools-frontend.appspot.com/"; |
| 47 const char kRemoteFrontendPath[] = "serve_file"; |
42 const char kHttpNotFound[] = "HTTP/1.1 404 Not Found\n\n"; | 48 const char kHttpNotFound[] = "HTTP/1.1 404 Not Found\n\n"; |
43 | 49 |
44 #if BUILDFLAG(DEBUG_DEVTOOLS) | 50 #if BUILDFLAG(DEBUG_DEVTOOLS) |
45 // Local frontend url provided by InspectUI. | 51 // Local frontend url provided by InspectUI. |
46 const char kFallbackFrontendURL[] = | 52 const char kFallbackFrontendURL[] = |
47 "chrome-devtools://devtools/bundled/inspector.html"; | 53 "chrome-devtools://devtools/bundled/inspector.html"; |
48 #else | 54 #else |
49 // URL causing the DevTools window to display a plain text warning. | 55 // URL causing the DevTools window to display a plain text warning. |
50 const char kFallbackFrontendURL[] = | 56 const char kFallbackFrontendURL[] = |
51 "data:text/plain,Cannot load DevTools frontend from an untrusted origin"; | 57 "data:text/plain,Cannot load DevTools frontend from an untrusted origin"; |
52 #endif // BUILDFLAG(DEBUG_DEVTOOLS) | 58 #endif // BUILDFLAG(DEBUG_DEVTOOLS) |
53 | 59 |
| 60 GURL SanitizeFrontendURL( |
| 61 const GURL& url, |
| 62 const std::string& scheme, |
| 63 const std::string& host, |
| 64 const std::string& path, |
| 65 bool allow_query); |
| 66 |
| 67 std::string SanitizeRevision(const std::string& revision) { |
| 68 for (size_t i = 0; i < revision.length(); i++) { |
| 69 if (!(revision[i] == '@' && i == 0) |
| 70 && !(revision[i] >= '0' && revision[i] <= '9') |
| 71 && !(revision[i] >= 'a' && revision[i] <= 'z') |
| 72 && !(revision[i] >= 'A' && revision[i] <= 'Z')) { |
| 73 return std::string(); |
| 74 } |
| 75 } |
| 76 return revision; |
| 77 } |
| 78 |
| 79 std::string SanitizeFrontendPath(const std::string& path) { |
| 80 for (size_t i = 0; i < path.length(); i++) { |
| 81 if (path[i] != '/' && path[i] != '-' && path[i] != '_' |
| 82 && path[i] != '.' && path[i] != '@' |
| 83 && !(path[i] >= '0' && path[i] <= '9') |
| 84 && !(path[i] >= 'a' && path[i] <= 'z') |
| 85 && !(path[i] >= 'A' && path[i] <= 'Z')) { |
| 86 return std::string(); |
| 87 } |
| 88 } |
| 89 return path; |
| 90 } |
| 91 |
| 92 std::string SanitizeEndpoint(const std::string& value) { |
| 93 if (value.find('&') != std::string::npos |
| 94 || value.find('?') != std::string::npos) |
| 95 return std::string(); |
| 96 return value; |
| 97 } |
| 98 |
| 99 std::string SanitizeRemoteBase(const std::string& value) { |
| 100 GURL url(value); |
| 101 std::string path = url.path(); |
| 102 std::vector<std::string> parts = base::SplitString( |
| 103 path, "/", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); |
| 104 std::string revision = parts.size() > 2 ? parts[2] : ""; |
| 105 revision = SanitizeRevision(revision); |
| 106 path = base::StringPrintf("/%s/%s/", kRemoteFrontendPath, revision.c_str()); |
| 107 return SanitizeFrontendURL(url, url::kHttpsScheme, |
| 108 kRemoteFrontendDomain, path, false).spec(); |
| 109 } |
| 110 |
| 111 std::string SanitizeRemoteFrontendURL(const std::string& value) { |
| 112 GURL url(net::UnescapeURLComponent(value, |
| 113 net::UnescapeRule::SPACES | net::UnescapeRule::PATH_SEPARATORS | |
| 114 net::UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS | |
| 115 net::UnescapeRule::REPLACE_PLUS_WITH_SPACE)); |
| 116 std::string path = url.path(); |
| 117 std::vector<std::string> parts = base::SplitString( |
| 118 path, "/", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); |
| 119 std::string revision = parts.size() > 2 ? parts[2] : ""; |
| 120 revision = SanitizeRevision(revision); |
| 121 std::string filename = parts.size() ? parts[parts.size() - 1] : ""; |
| 122 if (filename != "devtools.html") |
| 123 filename = "inspector.html"; |
| 124 path = base::StringPrintf("/serve_rev/%s/%s", |
| 125 revision.c_str(), filename.c_str()); |
| 126 std::string sanitized = SanitizeFrontendURL(url, url::kHttpsScheme, |
| 127 kRemoteFrontendDomain, path, true).spec(); |
| 128 return net::EscapeQueryParamValue(sanitized, false); |
| 129 } |
| 130 |
| 131 std::string SanitizeFrontendQueryParam( |
| 132 const std::string& key, |
| 133 const std::string& value) { |
| 134 // Convert boolean flags to true. |
| 135 if (key == "can_dock" || key == "debugFrontend" || key == "experiments" || |
| 136 key == "isSharedWorker" || key == "v8only" || key == "remoteFrontend") |
| 137 return "true"; |
| 138 |
| 139 // Pass connection endpoints as is. |
| 140 if (key == "ws" || key == "service-backend") |
| 141 return SanitizeEndpoint(value); |
| 142 |
| 143 // Only support undocked for old frontends. |
| 144 if (key == "dockSide" && value == "undocked") |
| 145 return value; |
| 146 |
| 147 if (key == "panel" && (value == "elements" || value == "console")) |
| 148 return value; |
| 149 |
| 150 if (key == "remoteBase") |
| 151 return SanitizeRemoteBase(value); |
| 152 |
| 153 if (key == "remoteFrontendUrl") |
| 154 return SanitizeRemoteFrontendURL(value); |
| 155 |
| 156 return std::string(); |
| 157 } |
| 158 |
| 159 GURL SanitizeFrontendURL( |
| 160 const GURL& url, |
| 161 const std::string& scheme, |
| 162 const std::string& host, |
| 163 const std::string& path, |
| 164 bool allow_query) { |
| 165 std::vector<std::string> query_parts; |
| 166 if (allow_query) { |
| 167 for (net::QueryIterator it(url); !it.IsAtEnd(); it.Advance()) { |
| 168 std::string value = SanitizeFrontendQueryParam(it.GetKey(), |
| 169 it.GetValue()); |
| 170 if (!value.empty()) { |
| 171 query_parts.push_back( |
| 172 base::StringPrintf("%s=%s", it.GetKey().c_str(), value.c_str())); |
| 173 } |
| 174 } |
| 175 } |
| 176 std::string query = |
| 177 query_parts.empty() ? "" : "?" + base::JoinString(query_parts, "&"); |
| 178 std::string constructed = base::StringPrintf("%s://%s%s%s", |
| 179 scheme.c_str(), host.c_str(), path.c_str(), query.c_str()); |
| 180 GURL result = GURL(constructed); |
| 181 if (!result.is_valid()) |
| 182 return GURL(); |
| 183 return result; |
| 184 } |
54 | 185 |
55 // DevToolsDataSource --------------------------------------------------------- | 186 // DevToolsDataSource --------------------------------------------------------- |
56 | 187 |
57 std::string GetMimeTypeForPath(const std::string& path) { | 188 std::string GetMimeTypeForPath(const std::string& path) { |
58 std::string filename = PathWithoutParams(path); | 189 std::string filename = PathWithoutParams(path); |
59 if (base::EndsWith(filename, ".html", base::CompareCase::INSENSITIVE_ASCII)) { | 190 if (base::EndsWith(filename, ".html", base::CompareCase::INSENSITIVE_ASCII)) { |
60 return "text/html"; | 191 return "text/html"; |
61 } else if (base::EndsWith(filename, ".css", | 192 } else if (base::EndsWith(filename, ".css", |
62 base::CompareCase::INSENSITIVE_ASCII)) { | 193 base::CompareCase::INSENSITIVE_ASCII)) { |
63 return "text/css"; | 194 return "text/css"; |
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
291 | 422 |
292 // static | 423 // static |
293 GURL DevToolsUI::GetRemoteBaseURL() { | 424 GURL DevToolsUI::GetRemoteBaseURL() { |
294 return GURL(base::StringPrintf( | 425 return GURL(base::StringPrintf( |
295 "%s%s/%s/", | 426 "%s%s/%s/", |
296 kRemoteFrontendBase, | 427 kRemoteFrontendBase, |
297 kRemoteFrontendPath, | 428 kRemoteFrontendPath, |
298 content::GetWebKitRevision().c_str())); | 429 content::GetWebKitRevision().c_str())); |
299 } | 430 } |
300 | 431 |
| 432 // static |
| 433 GURL DevToolsUI::SanitizeFrontendURL(const GURL& url) { |
| 434 return ::SanitizeFrontendURL(url, content::kChromeDevToolsScheme, |
| 435 chrome::kChromeUIDevToolsHost, SanitizeFrontendPath(url.path()), true); |
| 436 } |
| 437 |
301 DevToolsUI::DevToolsUI(content::WebUI* web_ui) | 438 DevToolsUI::DevToolsUI(content::WebUI* web_ui) |
302 : WebUIController(web_ui), bindings_(web_ui->GetWebContents()) { | 439 : WebUIController(web_ui) { |
303 web_ui->SetBindings(0); | 440 web_ui->SetBindings(0); |
304 Profile* profile = Profile::FromWebUI(web_ui); | 441 Profile* profile = Profile::FromWebUI(web_ui); |
305 content::URLDataSource::Add( | 442 content::URLDataSource::Add( |
306 profile, | 443 profile, |
307 new DevToolsDataSource(profile->GetRequestContext())); | 444 new DevToolsDataSource(profile->GetRequestContext())); |
308 | 445 |
309 if (!profile->IsOffTheRecord()) | 446 GURL url = web_ui->GetWebContents()->GetVisibleURL(); |
| 447 if (url.spec() != SanitizeFrontendURL(url).spec()) |
310 return; | 448 return; |
311 GURL url = web_ui->GetWebContents()->GetVisibleURL(); | 449 |
312 GURL site = content::SiteInstance::GetSiteForURL(profile, url); | 450 if (profile->IsOffTheRecord()) { |
313 content::BrowserContext::GetStoragePartitionForSite(profile, site)-> | 451 GURL site = content::SiteInstance::GetSiteForURL(profile, url); |
314 GetFileSystemContext()->EnableTemporaryFileSystemInIncognito(); | 452 content::BrowserContext::GetStoragePartitionForSite(profile, site)-> |
| 453 GetFileSystemContext()->EnableTemporaryFileSystemInIncognito(); |
| 454 } |
| 455 bindings_.reset(new DevToolsUIBindings(web_ui->GetWebContents())); |
315 } | 456 } |
316 | 457 |
317 DevToolsUI::~DevToolsUI() { | 458 DevToolsUI::~DevToolsUI() { |
318 } | 459 } |
OLD | NEW |