| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_DATA_URL_H_ | 5 #ifndef NET_BASE_DATA_URL_H_ |
| 6 #define NET_BASE_DATA_URL_H_ | 6 #define NET_BASE_DATA_URL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "net/base/net_export.h" | 10 #include "net/base/net_export.h" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 // shorthand, "text/plain" can be omitted but the charset parameter supplied. | 28 // shorthand, "text/plain" can be omitted but the charset parameter supplied. |
| 29 // | 29 // |
| 30 class NET_EXPORT DataURL { | 30 class NET_EXPORT DataURL { |
| 31 public: | 31 public: |
| 32 // This method can be used to parse a 'data' URL into its component pieces. | 32 // This method can be used to parse a 'data' URL into its component pieces. |
| 33 // | 33 // |
| 34 // The resulting mime_type is normalized to lowercase. The data is the | 34 // The resulting mime_type is normalized to lowercase. The data is the |
| 35 // decoded data (e.g.., if the data URL specifies base64 encoding, then the | 35 // decoded data (e.g.., if the data URL specifies base64 encoding, then the |
| 36 // returned data is base64 decoded, and any %-escaped bytes are unescaped). | 36 // returned data is base64 decoded, and any %-escaped bytes are unescaped). |
| 37 // | 37 // |
| 38 // If the URL is malformed, then this method will return false, and its | 38 // If the media type value doesn't match the media-type production defined in |
| 39 // output variables will remain unchanged. On success, true is returned. | 39 // RFC 7231, mime_type will be set to the default value "text/plain". We |
| 40 // don't simply fail for this grammar violation since Chromium had been |
| 41 // accepting such invalid values. For example, <img> element with the src |
| 42 // attribute set to a data URL with an invalid media type "image" (without a |
| 43 // slash and subtype) had been displayed. However, the value this method will |
| 44 // store in mime_type argument can be used for generating other headers, etc. |
| 45 // This could lead to security vulnerability. We don't want to accept |
| 46 // arbitrary value and ask each caller to validate the return value. |
| 47 // |
| 48 // If the charset parameter is specified but its value doesn't match the |
| 49 // token production defined in RFC 7230, this method simply fails and returns |
| 50 // false. |
| 51 // |
| 52 // If there's any other grammar violation in the URL, then this method will |
| 53 // return false. Output variables may be changed and contain invalid data. On |
| 54 // success, true is returned. |
| 40 // | 55 // |
| 41 // OPTIONAL: If |data| is NULL, then the <data> section will not be parsed | 56 // OPTIONAL: If |data| is NULL, then the <data> section will not be parsed |
| 42 // or validated. | 57 // or validated. |
| 43 // | 58 // |
| 44 static bool Parse(const GURL& url, | 59 static bool Parse(const GURL& url, |
| 45 std::string* mime_type, | 60 std::string* mime_type, |
| 46 std::string* charset, | 61 std::string* charset, |
| 47 std::string* data); | 62 std::string* data); |
| 48 }; | 63 }; |
| 49 | 64 |
| 50 } // namespace net | 65 } // namespace net |
| 51 | 66 |
| 52 #endif // NET_BASE_DATA_URL_H_ | 67 #endif // NET_BASE_DATA_URL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 674823002:
[Regression fix] [Data URI parser] Accept data URI with invalid mediatype data (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2171