OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/url_formatter/url_formatter.h" | 5 #include "components/url_formatter/url_formatter.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
(...skipping 505 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
516 // U+0338 and U+2027 are dropped; the former can look like a slash when | 516 // U+0338 and U+2027 are dropped; the former can look like a slash when |
517 // rendered with a broken font, and the latter can be confused with U+30FB | 517 // rendered with a broken font, and the latter can be confused with U+30FB |
518 // (Katakana Middle Dot). U+05F4 (Hebrew Punctuation Gershayim) is kept, | 518 // (Katakana Middle Dot). U+05F4 (Hebrew Punctuation Gershayim) is kept, |
519 // even though it can look like a double quotation mark. Using it in Hebrew | 519 // even though it can look like a double quotation mark. Using it in Hebrew |
520 // should be safe. When used with a non-Hebrew script, it'd be filtered by | 520 // should be safe. When used with a non-Hebrew script, it'd be filtered by |
521 // other checks in place. | 521 // other checks in place. |
522 allowed_set.remove(0x338u); // Combining Long Solidus Overlay | 522 allowed_set.remove(0x338u); // Combining Long Solidus Overlay |
523 allowed_set.remove(0x2010u); // Hyphen | 523 allowed_set.remove(0x2010u); // Hyphen |
524 allowed_set.remove(0x2027u); // Hyphenation Point | 524 allowed_set.remove(0x2027u); // Hyphenation Point |
525 | 525 |
| 526 #if defined(OS_MACOSX) |
| 527 // The following characters are reported as present in the default macOS |
| 528 // system UI font, but they render as blank. Remove them from the allowed |
| 529 // set to prevent spoofing. |
| 530 // Tibetan characters used for transliteration of ancient texts: |
| 531 allowed_set.remove(0x0F8Cu); |
| 532 allowed_set.remove(0x0F8Du); |
| 533 allowed_set.remove(0x0F8Eu); |
| 534 allowed_set.remove(0x0F8Fu); |
| 535 #endif |
| 536 |
526 uspoof_setAllowedUnicodeSet(checker_, &allowed_set, status); | 537 uspoof_setAllowedUnicodeSet(checker_, &allowed_set, status); |
527 } | 538 } |
528 | 539 |
529 // Returns true if the given Unicode host component is safe to display to the | 540 // Returns true if the given Unicode host component is safe to display to the |
530 // user. Note that this function does not deal with pure ASCII domain labels at | 541 // user. Note that this function does not deal with pure ASCII domain labels at |
531 // all even though it's possible to make up look-alike labels with ASCII | 542 // all even though it's possible to make up look-alike labels with ASCII |
532 // characters alone. | 543 // characters alone. |
533 bool IsIDNComponentSafe(base::StringPiece16 label, bool is_tld_ascii) { | 544 bool IsIDNComponentSafe(base::StringPiece16 label, bool is_tld_ascii) { |
534 return g_idn_spoof_checker.Get().Check(label, is_tld_ascii); | 545 return g_idn_spoof_checker.Get().Check(label, is_tld_ascii); |
535 } | 546 } |
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
850 return base::StartsWith(text, www, base::CompareCase::SENSITIVE) | 861 return base::StartsWith(text, www, base::CompareCase::SENSITIVE) |
851 ? text.substr(www.length()) : text; | 862 ? text.substr(www.length()) : text; |
852 } | 863 } |
853 | 864 |
854 base::string16 StripWWWFromHost(const GURL& url) { | 865 base::string16 StripWWWFromHost(const GURL& url) { |
855 DCHECK(url.is_valid()); | 866 DCHECK(url.is_valid()); |
856 return StripWWW(base::ASCIIToUTF16(url.host_piece())); | 867 return StripWWW(base::ASCIIToUTF16(url.host_piece())); |
857 } | 868 } |
858 | 869 |
859 } // namespace url_formatter | 870 } // namespace url_formatter |
OLD | NEW |