OLD | NEW |
1 // Copyright 2014 The Crashpad Authors. All rights reserved. | 1 // Copyright 2014 The Crashpad Authors. All rights reserved. |
2 // | 2 // |
3 // Licensed under the Apache License, Version 2.0 (the "License"); | 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
4 // you may not use this file except in compliance with the License. | 4 // you may not use this file except in compliance with the License. |
5 // You may obtain a copy of the License at | 5 // You may obtain a copy of the License at |
6 // | 6 // |
7 // http://www.apache.org/licenses/LICENSE-2.0 | 7 // http://www.apache.org/licenses/LICENSE-2.0 |
8 // | 8 // |
9 // Unless required by applicable law or agreed to in writing, software | 9 // Unless required by applicable law or agreed to in writing, software |
10 // distributed under the License is distributed on an "AS IS" BASIS, | 10 // distributed under the License is distributed on an "AS IS" BASIS, |
(...skipping 22 matching lines...) Expand all Loading... |
33 | 33 |
34 const char kBoundaryCRLF[] = "\r\n\r\n"; | 34 const char kBoundaryCRLF[] = "\r\n\r\n"; |
35 | 35 |
36 // Generates a random string suitable for use as a multipart boundary. | 36 // Generates a random string suitable for use as a multipart boundary. |
37 std::string GenerateBoundaryString() { | 37 std::string GenerateBoundaryString() { |
38 // RFC 2046 §5.1.1 says that the boundary string may be 1 to 70 characters | 38 // RFC 2046 §5.1.1 says that the boundary string may be 1 to 70 characters |
39 // long, choosing from the set of alphanumeric characters along with | 39 // long, choosing from the set of alphanumeric characters along with |
40 // characters from the set “'()+_,-./:=? ”, and not ending in a space. | 40 // characters from the set “'()+_,-./:=? ”, and not ending in a space. |
41 // However, some servers have been observed as dealing poorly with certain | 41 // However, some servers have been observed as dealing poorly with certain |
42 // nonalphanumeric characters. See | 42 // nonalphanumeric characters. See |
43 // blink/Source/platform/network/FormDataBuilder.cpp | 43 // blink/Source/platform/network/FormDataEncoder.cpp |
44 // blink::FormDataBuilder::generateUniqueBoundaryString(). | 44 // blink::FormDataEncoder::GenerateUniqueBoundaryString(). |
45 // | 45 // |
46 // This implementation produces a 56-character string with over 190 bits of | 46 // This implementation produces a 56-character string with over 190 bits of |
47 // randomness (62^32 > 2^190). | 47 // randomness (62^32 > 2^190). |
48 std::string boundary_string = "---MultipartBoundary-"; | 48 std::string boundary_string = "---MultipartBoundary-"; |
49 for (int index = 0; index < 32; ++index) { | 49 for (int index = 0; index < 32; ++index) { |
50 const char kCharacters[] = | 50 const char kCharacters[] = |
51 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | 51 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
52 int random_value = | 52 int random_value = |
53 base::RandInt(0, static_cast<int>(strlen(kCharacters)) - 1); | 53 base::RandInt(0, static_cast<int>(strlen(kCharacters)) - 1); |
54 boundary_string += kCharacters[random_value]; | 54 boundary_string += kCharacters[random_value]; |
55 } | 55 } |
56 boundary_string += "---"; | 56 boundary_string += "---"; |
57 return boundary_string; | 57 return boundary_string; |
58 } | 58 } |
59 | 59 |
60 // Escapes the specified name to be suitable for the name field of a | 60 // Escapes the specified name to be suitable for the name field of a |
61 // form-data part. | 61 // form-data part. |
62 std::string EncodeMIMEField(const std::string& name) { | 62 std::string EncodeMIMEField(const std::string& name) { |
63 // RFC 2388 §3 says to encode non-ASCII field names according to RFC 2047, but | |
64 // no browsers implement that behavior. Instead, they send field names in the | |
65 // page hosting the form’s encoding. However, some form of escaping is needed. | |
66 // This URL-escapes the quote character and newline characters, per Blink. See | 63 // This URL-escapes the quote character and newline characters, per Blink. See |
67 // blink/Source/platform/network/FormDataBuilder.cpp | 64 // blink/Source/platform/network/FormDataEncoder.cpp |
68 // blink::appendQuotedString(). | 65 // blink::AppendQuotedString(). %-encoding is endorsed by RFC 7578 §2, with |
69 // | 66 // approval for otherwise unencoded UTF-8 given by RFC 7578 §5.1. Blink does |
70 // TODO(mark): This encoding is not necessarily correct, and the same code in | 67 // not escape the '%' character, but it seems appropriate to do so in order to |
71 // Blink is marked with a FIXME. Blink does not escape the '%' character, | 68 // be able to decode the string properly. |
72 // that’s a local addition, but it seems appropriate to be able to decode the | |
73 // string properly. | |
74 std::string encoded; | 69 std::string encoded; |
75 for (char character : name) { | 70 for (char character : name) { |
76 switch (character) { | 71 switch (character) { |
77 case '\r': | 72 case '\r': |
78 case '\n': | 73 case '\n': |
79 case '"': | 74 case '"': |
80 case '%': | 75 case '%': |
81 encoded += base::StringPrintf("%%%02x", character); | 76 encoded += base::StringPrintf("%%%02x", character); |
82 break; | 77 break; |
83 default: | 78 default: |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
210 auto data_it = form_data_.find(key); | 205 auto data_it = form_data_.find(key); |
211 if (data_it != form_data_.end()) | 206 if (data_it != form_data_.end()) |
212 form_data_.erase(data_it); | 207 form_data_.erase(data_it); |
213 | 208 |
214 auto file_it = file_attachments_.find(key); | 209 auto file_it = file_attachments_.find(key); |
215 if (file_it != file_attachments_.end()) | 210 if (file_it != file_attachments_.end()) |
216 file_attachments_.erase(file_it); | 211 file_attachments_.erase(file_it); |
217 } | 212 } |
218 | 213 |
219 } // namespace crashpad | 214 } // namespace crashpad |
OLD | NEW |