Make net::DataURL's MIME string check stricter

net/base/data_url.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // NOTE: based loosely on mozilla's nsDataChannel.cpp
 
 #include <algorithm>
 
 #include "net/base/data_url.h"
 
 #include "base/base64.h"
 #include "base/basictypes.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "net/base/escape.h"
+#include "net/http/http_util.h"
 #include "url/gurl.h"
 
 namespace net {
 
 // static
 bool DataURL::Parse(const GURL& url, std::string* mime_type,
                     std::string* charset, std::string* data) {
   DCHECK(mime_type->empty());
   DCHECK(charset->empty());
   std::string::const_iterator begin = url.spec().begin();
@@ skipping 26 matching lines @@
   bool base64_encoded = false;
   for (; iter != meta_data.end(); ++iter) {
     if (!base64_encoded && *iter == kBase64Tag) {
       base64_encoded = true;
     } else if (charset->empty() &&
                iter->compare(0, kCharsetTagLength, kCharsetTag) == 0) {
       charset->assign(iter->substr(kCharsetTagLength));
     }
   }
 
-  // fallback to defaults if nothing specified in the URL:
-  if (mime_type->empty())
+  if (mime_type->empty()) {
+    // fallback to defaults if nothing specified in the URL:
     mime_type->assign("text/plain");
+  } else {
+    // Check grammar.

[asanka, 2014/03/26 19:42:09]

Consider using IsMimeType() instead?

[tyoshino (SeeGerritForStatus), 2014/03/26 22:07:00]

I considered that. But IsMimeType() doesn't check token grammar, accepts "*" and
is too strict (allow only IANA registered top level types and x- prefixed ones).
So, I refrained from using that.

I checked again why IsMimeType() is designed like this. It was originally part
of web_intents_registry.cc. Where the code which is now in IsMimeType() worked
as a validation for MIME type pattern to be passed to MatchesMimeType().

https://chromiumcodereview.appspot.com/10448109/diff/23003/chrome/browser/int...

As web_intents_registry.cc has gone and the only user of IsMimeType() is
pepper_file_system_browser_host.cc where it's not expected to check pattern
grammar but just MIME grammar, we could just make IsMimeType():
- stop accepting "*"
- separate registered top-level type validation into a separate method
- validate token grammar on type and subtype

Are you fine with this?

[asanka, 2014/03/26 22:29:42]

SGTM

+    std::vector<std::string> mime_type_components;
+    base::SplitString(*mime_type, '/', &mime_type_components);
+    if (mime_type_components.size() != 2 ||
+        !HttpUtil::IsToken(mime_type_components[0]) ||
+        !HttpUtil::IsToken(mime_type_components[1]))
+      return false;
+  }
   if (charset->empty())
     charset->assign("US-ASCII");
 
   // The caller may not be interested in receiving the data.
   if (!data)
     return true;
 
   // Preserve spaces if dealing with text or xml input, same as mozilla:
   //   https://bugzilla.mozilla.org/show_bug.cgi?id=138052
   // but strip them otherwise:
@@ skipping 39 matching lines @@
       temp_data.resize(length + padding_needed, '=');
     }
     return base::Base64Decode(temp_data, data);
   }
 
   temp_data.swap(*data);
   return true;
 }
 
 }  // namespace net