1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/base/net_util.h"
11 #include "build/build_config.h"
17 #pragma comment(lib, "iphlpapi.lib")
18 #elif defined(OS_POSIX)
20 #if !defined(OS_ANDROID)
25 #include <netinet/in.h>
28 #include "base/basictypes.h"
29 #include "base/file_util.h"
30 #include "base/files/file_path.h"
31 #include "base/i18n/file_util_icu.h"
32 #include "base/i18n/icu_string_conversions.h"
33 #include "base/i18n/time_formatting.h"
34 #include "base/json/string_escape.h"
35 #include "base/lazy_instance.h"
36 #include "base/logging.h"
37 #include "base/memory/singleton.h"
38 #include "base/message_loop/message_loop.h"
39 #include "base/metrics/histogram.h"
40 #include "base/path_service.h"
41 #include "base/stl_util.h"
42 #include "base/strings/string_number_conversions.h"
43 #include "base/strings/string_piece.h"
44 #include "base/strings/string_split.h"
45 #include "base/strings/string_tokenizer.h"
46 #include "base/strings/string_util.h"
47 #include "base/strings/stringprintf.h"
48 #include "base/strings/sys_string_conversions.h"
49 #include "base/strings/utf_offset_string_conversions.h"
50 #include "base/strings/utf_string_conversions.h"
51 #include "base/synchronization/lock.h"
52 #include "base/sys_byteorder.h"
53 #include "base/time/time.h"
54 #include "base/values.h"
55 #include "grit/net_resources.h"
57 #include "url/url_canon.h"
58 #include "url/url_canon_ip.h"
59 #include "url/url_parse.h"
60 #if defined(OS_ANDROID)
61 #include "net/android/network_library.h"
63 #include "net/base/dns_util.h"
64 #include "net/base/escape.h"
65 #include "net/base/mime_util.h"
66 #include "net/base/net_module.h"
67 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
69 #include "net/base/winsock_init.h"
71 #include "net/http/http_content_disposition.h"
72 #include "third_party/icu/source/common/unicode/uidna.h"
73 #include "third_party/icu/source/common/unicode/uniset.h"
74 #include "third_party/icu/source/common/unicode/uscript.h"
75 #include "third_party/icu/source/common/unicode/uset.h"
76 #include "third_party/icu/source/i18n/unicode/datefmt.h"
77 #include "third_party/icu/source/i18n/unicode/regex.h"
78 #include "third_party/icu/source/i18n/unicode/ulocdata.h"
86 typedef std::vector
<size_t> Offsets
;
88 // what we prepend to get a file URL
89 static const base::FilePath::CharType kFileURLPrefix
[] =
90 FILE_PATH_LITERAL("file:///");
92 // The general list of blocked ports. Will be blocked unless a specific
93 // protocol overrides it. (Ex: ftp can use ports 20 and 21)
94 static const int kRestrictedPorts
[] = {
128 135, // loc-srv /epmap
151 3659, // apple-sasl / PasswordServer
154 6665, // Alternate IRC [Apple addition]
155 6666, // Alternate IRC [Apple addition]
156 6667, // Standard IRC [Apple addition]
157 6668, // Alternate IRC [Apple addition]
158 6669, // Alternate IRC [Apple addition]
159 0xFFFF, // Used to block all invalid port numbers (see
160 // third_party/WebKit/Source/platform/weborigin/KURL.cpp,
164 // FTP overrides the following restricted ports.
165 static const int kAllowedFtpPorts
[] = {
170 // Does some simple normalization of scripts so we can allow certain scripts
171 // to exist together.
172 // TODO(brettw) bug 880223: we should allow some other languages to be
173 // oombined such as Chinese and Latin. We will probably need a more
174 // complicated system of language pairs to have more fine-grained control.
175 UScriptCode
NormalizeScript(UScriptCode code
) {
177 case USCRIPT_KATAKANA
:
178 case USCRIPT_HIRAGANA
:
179 case USCRIPT_KATAKANA_OR_HIRAGANA
:
180 case USCRIPT_HANGUL
: // This one is arguable.
187 bool IsIDNComponentInSingleScript(const base::char16
* str
, int str_len
) {
188 UScriptCode first_script
= USCRIPT_INVALID_CODE
;
189 bool is_first
= true;
192 while (i
< str_len
) {
194 U16_NEXT(str
, i
, str_len
, code_point
);
196 UErrorCode err
= U_ZERO_ERROR
;
197 UScriptCode cur_script
= uscript_getScript(code_point
, &err
);
198 if (err
!= U_ZERO_ERROR
)
199 return false; // Report mixed on error.
200 cur_script
= NormalizeScript(cur_script
);
202 // TODO(brettw) We may have to check for USCRIPT_INHERENT as well.
203 if (is_first
&& cur_script
!= USCRIPT_COMMON
) {
204 first_script
= cur_script
;
207 if (cur_script
!= USCRIPT_COMMON
&& cur_script
!= first_script
)
214 // Check if the script of a language can be 'safely' mixed with
215 // Latin letters in the ASCII range.
216 bool IsCompatibleWithASCIILetters(const std::string
& lang
) {
217 // For now, just list Chinese, Japanese and Korean (positive list).
218 // An alternative is negative-listing (languages using Greek and
219 // Cyrillic letters), but it can be more dangerous.
220 return !lang
.substr(0, 2).compare("zh") ||
221 !lang
.substr(0, 2).compare("ja") ||
222 !lang
.substr(0, 2).compare("ko");
225 typedef std::map
<std::string
, icu::UnicodeSet
*> LangToExemplarSetMap
;
227 class LangToExemplarSet
{
229 static LangToExemplarSet
* GetInstance() {
230 return Singleton
<LangToExemplarSet
>::get();
234 LangToExemplarSetMap map
;
235 LangToExemplarSet() { }
236 ~LangToExemplarSet() {
237 STLDeleteContainerPairSecondPointers(map
.begin(), map
.end());
240 friend class Singleton
<LangToExemplarSet
>;
241 friend struct DefaultSingletonTraits
<LangToExemplarSet
>;
242 friend bool GetExemplarSetForLang(const std::string
&, icu::UnicodeSet
**);
243 friend void SetExemplarSetForLang(const std::string
&, icu::UnicodeSet
*);
245 DISALLOW_COPY_AND_ASSIGN(LangToExemplarSet
);
248 bool GetExemplarSetForLang(const std::string
& lang
,
249 icu::UnicodeSet
** lang_set
) {
250 const LangToExemplarSetMap
& map
= LangToExemplarSet::GetInstance()->map
;
251 LangToExemplarSetMap::const_iterator pos
= map
.find(lang
);
252 if (pos
!= map
.end()) {
253 *lang_set
= pos
->second
;
259 void SetExemplarSetForLang(const std::string
& lang
,
260 icu::UnicodeSet
* lang_set
) {
261 LangToExemplarSetMap
& map
= LangToExemplarSet::GetInstance()->map
;
262 map
.insert(std::make_pair(lang
, lang_set
));
265 static base::LazyInstance
<base::Lock
>::Leaky
266 g_lang_set_lock
= LAZY_INSTANCE_INITIALIZER
;
268 // Returns true if all the characters in component_characters are used by
269 // the language |lang|.
270 bool IsComponentCoveredByLang(const icu::UnicodeSet
& component_characters
,
271 const std::string
& lang
) {
272 CR_DEFINE_STATIC_LOCAL(
273 const icu::UnicodeSet
, kASCIILetters
, ('a', 'z'));
274 icu::UnicodeSet
* lang_set
= NULL
;
275 // We're called from both the UI thread and the history thread.
277 base::AutoLock
lock(g_lang_set_lock
.Get());
278 if (!GetExemplarSetForLang(lang
, &lang_set
)) {
279 UErrorCode status
= U_ZERO_ERROR
;
280 ULocaleData
* uld
= ulocdata_open(lang
.c_str(), &status
);
281 // TODO(jungshik) Turn this check on when the ICU data file is
282 // rebuilt with the minimal subset of locale data for languages
283 // to which Chrome is not localized but which we offer in the list
284 // of languages selectable for Accept-Languages. With the rebuilt ICU
285 // data, ulocdata_open never should fall back to the default locale.
287 // DCHECK(U_SUCCESS(status) && status != U_USING_DEFAULT_WARNING);
288 if (U_SUCCESS(status
) && status
!= U_USING_DEFAULT_WARNING
) {
289 lang_set
= reinterpret_cast<icu::UnicodeSet
*>(
290 ulocdata_getExemplarSet(uld
, NULL
, 0,
291 ULOCDATA_ES_STANDARD
, &status
));
292 // If |lang| is compatible with ASCII Latin letters, add them.
293 if (IsCompatibleWithASCIILetters(lang
))
294 lang_set
->addAll(kASCIILetters
);
296 lang_set
= new icu::UnicodeSet(1, 0);
299 SetExemplarSetForLang(lang
, lang_set
);
303 return !lang_set
->isEmpty() && lang_set
->containsAll(component_characters
);
306 // Returns true if the given Unicode host component is safe to display to the
308 bool IsIDNComponentSafe(const base::char16
* str
,
310 const std::string
& languages
) {
311 // Most common cases (non-IDN) do not reach here so that we don't
312 // need a fast return path.
313 // TODO(jungshik) : Check if there's any character inappropriate
314 // (although allowed) for domain names.
315 // See http://www.unicode.org/reports/tr39/#IDN_Security_Profiles and
316 // http://www.unicode.org/reports/tr39/data/xidmodifications.txt
317 // For now, we borrow the list from Mozilla and tweaked it slightly.
318 // (e.g. Characters like U+00A0, U+3000, U+3002 are omitted because
319 // they're gonna be canonicalized to U+0020 and full stop before
321 // The original list is available at
322 // http://kb.mozillazine.org/Network.IDN.blacklist_chars and
323 // at http://mxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#703
325 UErrorCode status
= U_ZERO_ERROR
;
326 #ifdef U_WCHAR_IS_UTF16
327 icu::UnicodeSet
dangerous_characters(icu::UnicodeString(
328 L
"[[\\ \u00ad\u00bc\u00bd\u01c3\u0337\u0338"
329 L
"\u05c3\u05f4\u06d4\u0702\u115f\u1160][\u2000-\u200b]"
330 L
"[\u2024\u2027\u2028\u2029\u2039\u203a\u2044\u205f]"
331 L
"[\u2154-\u2156][\u2159-\u215b][\u215f\u2215\u23ae"
332 L
"\u29f6\u29f8\u2afb\u2afd][\u2ff0-\u2ffb][\u3014"
333 L
"\u3015\u3033\u3164\u321d\u321e\u33ae\u33af\u33c6\u33df\ufe14"
334 L
"\ufe15\ufe3f\ufe5d\ufe5e\ufeff\uff0e\uff06\uff61\uffa0\ufff9]"
335 L
"[\ufffa-\ufffd]]"), status
);
336 DCHECK(U_SUCCESS(status
));
337 icu::RegexMatcher
dangerous_patterns(icu::UnicodeString(
338 // Lone katakana no, so, or n
339 L
"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]"
340 // Repeating Japanese accent characters
341 L
"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"),
344 icu::UnicodeSet
dangerous_characters(icu::UnicodeString(
345 "[[\\u0020\\u00ad\\u00bc\\u00bd\\u01c3\\u0337\\u0338"
346 "\\u05c3\\u05f4\\u06d4\\u0702\\u115f\\u1160][\\u2000-\\u200b]"
347 "[\\u2024\\u2027\\u2028\\u2029\\u2039\\u203a\\u2044\\u205f]"
348 "[\\u2154-\\u2156][\\u2159-\\u215b][\\u215f\\u2215\\u23ae"
349 "\\u29f6\\u29f8\\u2afb\\u2afd][\\u2ff0-\\u2ffb][\\u3014"
350 "\\u3015\\u3033\\u3164\\u321d\\u321e\\u33ae\\u33af\\u33c6\\u33df\\ufe14"
351 "\\ufe15\\ufe3f\\ufe5d\\ufe5e\\ufeff\\uff0e\\uff06\\uff61\\uffa0\\ufff9]"
352 "[\\ufffa-\\ufffd]]", -1, US_INV
), status
);
353 DCHECK(U_SUCCESS(status
));
354 icu::RegexMatcher
dangerous_patterns(icu::UnicodeString(
355 // Lone katakana no, so, or n
356 "[^\\p{Katakana}][\\u30ce\\u30f3\u30bd][^\\p{Katakana}]"
357 // Repeating Japanese accent characters
358 "|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"),
361 DCHECK(U_SUCCESS(status
));
362 icu::UnicodeSet component_characters
;
363 icu::UnicodeString
component_string(str
, str_len
);
364 component_characters
.addAll(component_string
);
365 if (dangerous_characters
.containsSome(component_characters
))
368 DCHECK(U_SUCCESS(status
));
369 dangerous_patterns
.reset(component_string
);
370 if (dangerous_patterns
.find())
373 // If the language list is empty, the result is completely determined
374 // by whether a component is a single script or not. This will block
375 // even "safe" script mixing cases like <Chinese, Latin-ASCII> that are
376 // allowed with |languages| (while it blocks Chinese + Latin letters with
377 // an accent as should be the case), but we want to err on the safe side
378 // when |languages| is empty.
379 if (languages
.empty())
380 return IsIDNComponentInSingleScript(str
, str_len
);
382 // |common_characters| is made up of ASCII numbers, hyphen, plus and
383 // underscore that are used across scripts and allowed in domain names.
384 // (sync'd with characters allowed in url_canon_host with square
385 // brackets excluded.) See kHostCharLookup[] array in url_canon_host.cc.
386 icu::UnicodeSet
common_characters(UNICODE_STRING_SIMPLE("[[0-9]\\-_+\\ ]"),
388 DCHECK(U_SUCCESS(status
));
389 // Subtract common characters because they're always allowed so that
390 // we just have to check if a language-specific set contains
392 component_characters
.removeAll(common_characters
);
394 base::StringTokenizer
t(languages
, ",");
395 while (t
.GetNext()) {
396 if (IsComponentCoveredByLang(component_characters
, t
.token()))
402 // A wrapper to use LazyInstance<>::Leaky with ICU's UIDNA, a C pointer to
403 // a UTS46/IDNA 2008 handling object opened with uidna_openUTS46().
405 // We use UTS46 with BiDiCheck to migrate from IDNA 2003 to IDNA 2008 with
406 // the backward compatibility in mind. What it does:
408 // 1. Use the up-to-date Unicode data.
409 // 2. Define a case folding/mapping with the up-to-date Unicode data as
411 // 3. Use transitional mechanism for 4 deviation characters (sharp-s,
412 // final sigma, ZWJ and ZWNJ) for now.
413 // 4. Continue to allow symbols and punctuations.
414 // 5. Apply new BiDi check rules more permissive than the IDNA 2003 BiDI rules.
415 // 6. Do not apply STD3 rules
416 // 7. Do not allow unassigned code points.
418 // It also closely matches what IE 10 does except for the BiDi check (
419 // http://goo.gl/3XBhqw ).
420 // See http://http://unicode.org/reports/tr46/ and references therein
422 struct UIDNAWrapper
{
424 UErrorCode err
= U_ZERO_ERROR
;
425 // TODO(jungshik): Change options as different parties (browsers,
426 // registrars, search engines) converge toward a consensus.
427 value
= uidna_openUTS46(UIDNA_CHECK_BIDI
, &err
);
435 static base::LazyInstance
<UIDNAWrapper
>::Leaky
436 g_uidna
= LAZY_INSTANCE_INITIALIZER
;
438 // Converts one component of a host (between dots) to IDN if safe. The result
439 // will be APPENDED to the given output string and will be the same as the input
440 // if it is not IDN or the IDN is unsafe to display. Returns whether any
441 // conversion was performed.
442 bool IDNToUnicodeOneComponent(const base::char16
* comp
,
444 const std::string
& languages
,
445 base::string16
* out
) {
450 // Only transform if the input can be an IDN component.
451 static const base::char16 kIdnPrefix
[] = {'x', 'n', '-', '-'};
452 if ((comp_len
> arraysize(kIdnPrefix
)) &&
453 !memcmp(comp
, kIdnPrefix
, arraysize(kIdnPrefix
) * sizeof(base::char16
))) {
454 UIDNA
* uidna
= g_uidna
.Get().value
;
455 DCHECK(uidna
!= NULL
);
456 size_t original_length
= out
->length();
457 int output_length
= 64;
458 UIDNAInfo info
= UIDNA_INFO_INITIALIZER
;
461 out
->resize(original_length
+ output_length
);
462 status
= U_ZERO_ERROR
;
463 // This returns the actual length required. If this is more than 64
464 // code units, |status| will be U_BUFFER_OVERFLOW_ERROR and we'll try
465 // the conversion again, but with a sufficiently large buffer.
466 output_length
= uidna_labelToUnicode(
467 uidna
, comp
, static_cast<int32_t>(comp_len
), &(*out
)[original_length
],
468 output_length
, &info
, &status
);
469 } while ((status
== U_BUFFER_OVERFLOW_ERROR
&& info
.errors
== 0));
471 if (U_SUCCESS(status
) && info
.errors
== 0) {
472 // Converted successfully. Ensure that the converted component
473 // can be safely displayed to the user.
474 out
->resize(original_length
+ output_length
);
475 if (IsIDNComponentSafe(out
->data() + original_length
, output_length
,
480 // Something went wrong. Revert to original string.
481 out
->resize(original_length
);
484 // We get here with no IDN or on error, in which case we just append the
486 out
->append(comp
, comp_len
);
490 // Clamps the offsets in |offsets_for_adjustment| to the length of |str|.
491 void LimitOffsets(const base::string16
& str
, Offsets
* offsets_for_adjustment
) {
492 if (offsets_for_adjustment
) {
493 std::for_each(offsets_for_adjustment
->begin(),
494 offsets_for_adjustment
->end(),
495 base::LimitOffset
<base::string16
>(str
.length()));
499 // TODO(brettw) bug 734373: check the scripts for each host component and
500 // don't un-IDN-ize if there is more than one. Alternatively, only IDN for
501 // scripts that the user has installed. For now, just put the entire
502 // path through IDN. Maybe this feature can be implemented in ICU itself?
504 // We may want to skip this step in the case of file URLs to allow unicode
505 // UNC hostnames regardless of encodings.
506 base::string16
IDNToUnicodeWithOffsets(const std::string
& host
,
507 const std::string
& languages
,
508 Offsets
* offsets_for_adjustment
) {
509 // Convert the ASCII input to a base::string16 for ICU.
510 base::string16 input16
;
511 input16
.reserve(host
.length());
512 input16
.insert(input16
.end(), host
.begin(), host
.end());
514 // Do each component of the host separately, since we enforce script matching
515 // on a per-component basis.
516 base::string16 out16
;
518 base::OffsetAdjuster
offset_adjuster(offsets_for_adjustment
);
519 for (size_t component_start
= 0, component_end
;
520 component_start
< input16
.length();
521 component_start
= component_end
+ 1) {
522 // Find the end of the component.
523 component_end
= input16
.find('.', component_start
);
524 if (component_end
== base::string16::npos
)
525 component_end
= input16
.length(); // For getting the last component.
526 size_t component_length
= component_end
- component_start
;
527 size_t new_component_start
= out16
.length();
528 bool converted_idn
= false;
529 if (component_end
> component_start
) {
530 // Add the substring that we just found.
531 converted_idn
= IDNToUnicodeOneComponent(
532 input16
.data() + component_start
, component_length
, languages
,
535 size_t new_component_length
= out16
.length() - new_component_start
;
537 if (converted_idn
&& offsets_for_adjustment
) {
538 offset_adjuster
.Add(base::OffsetAdjuster::Adjustment(component_start
,
539 component_length
, new_component_length
));
542 // Need to add the dot we just found (if we found one).
543 if (component_end
< input16
.length())
544 out16
.push_back('.');
548 LimitOffsets(out16
, offsets_for_adjustment
);
552 // Called after transforming a component to set all affected elements in
553 // |offsets_for_adjustment| to the correct new values. |original_offsets|
554 // represents the offsets before the transform; |original_component_begin| and
555 // |original_component_end| represent the pre-transform boundaries of the
556 // affected component. |transformed_offsets| should be a vector created by
557 // adjusting |original_offsets| to be relative to the beginning of the component
558 // in question (via an OffsetAdjuster) and then transformed along with the
559 // component. Note that any elements in this vector which didn't originally
560 // point into the component may contain arbitrary values and should be ignored.
561 // |transformed_component_begin| and |transformed_component_end| are the
562 // endpoints of the transformed component and are used in combination with the
563 // two offset vectors to calculate the resulting absolute offsets, which are
564 // stored in |offsets_for_adjustment|.
565 void AdjustForComponentTransform(const Offsets
& original_offsets
,
566 size_t original_component_begin
,
567 size_t original_component_end
,
568 const Offsets
& transformed_offsets
,
569 size_t transformed_component_begin
,
570 size_t transformed_component_end
,
571 Offsets
* offsets_for_adjustment
) {
572 if (!offsets_for_adjustment
)
573 return; // Nothing to do.
575 for (size_t i
= 0; i
< original_offsets
.size(); ++i
) {
576 size_t original_offset
= original_offsets
[i
];
577 if ((original_offset
>= original_component_begin
) &&
578 (original_offset
< original_component_end
)) {
579 // This offset originally pointed into the transformed component.
580 // Adjust the transformed relative offset by the new beginning point of
581 // the transformed component.
582 size_t transformed_offset
= transformed_offsets
[i
];
583 (*offsets_for_adjustment
)[i
] =
584 (transformed_offset
== base::string16::npos
) ?
585 base::string16::npos
:
586 (transformed_offset
+ transformed_component_begin
);
587 } else if ((original_offset
>= original_component_end
) &&
588 (original_offset
!= std::string::npos
)) {
589 // This offset pointed after the transformed component. Adjust the
590 // original absolute offset by the difference between the new and old
591 // component lengths.
592 (*offsets_for_adjustment
)[i
] =
593 original_offset
- original_component_end
+ transformed_component_end
;
598 // If |component| is valid, its begin is incremented by |delta|.
599 void AdjustComponent(int delta
, url_parse::Component
* component
) {
600 if (!component
->is_valid())
603 DCHECK(delta
>= 0 || component
->begin
>= -delta
);
604 component
->begin
+= delta
;
607 // Adjusts all the components of |parsed| by |delta|, except for the scheme.
608 void AdjustAllComponentsButScheme(int delta
, url_parse::Parsed
* parsed
) {
609 AdjustComponent(delta
, &(parsed
->username
));
610 AdjustComponent(delta
, &(parsed
->password
));
611 AdjustComponent(delta
, &(parsed
->host
));
612 AdjustComponent(delta
, &(parsed
->port
));
613 AdjustComponent(delta
, &(parsed
->path
));
614 AdjustComponent(delta
, &(parsed
->query
));
615 AdjustComponent(delta
, &(parsed
->ref
));
618 // Helper for FormatUrlWithOffsets().
619 base::string16
FormatViewSourceUrl(const GURL
& url
,
620 const Offsets
& original_offsets
,
621 const std::string
& languages
,
622 FormatUrlTypes format_types
,
623 UnescapeRule::Type unescape_rules
,
624 url_parse::Parsed
* new_parsed
,
626 Offsets
* offsets_for_adjustment
) {
628 const char kViewSource
[] = "view-source:";
629 const size_t kViewSourceLength
= arraysize(kViewSource
) - 1;
631 // Format the underlying URL and adjust offsets.
632 const std::string
& url_str(url
.possibly_invalid_spec());
633 Offsets
offsets_into_underlying_url(original_offsets
);
635 base::OffsetAdjuster
adjuster(&offsets_into_underlying_url
);
636 adjuster
.Add(base::OffsetAdjuster::Adjustment(0, kViewSourceLength
, 0));
638 base::string16
result(base::ASCIIToUTF16(kViewSource
) +
639 FormatUrlWithOffsets(GURL(url_str
.substr(kViewSourceLength
)), languages
,
640 format_types
, unescape_rules
, new_parsed
, prefix_end
,
641 &offsets_into_underlying_url
));
642 AdjustForComponentTransform(original_offsets
, kViewSourceLength
,
643 url_str
.length(), offsets_into_underlying_url
,
644 kViewSourceLength
, result
.length(),
645 offsets_for_adjustment
);
646 LimitOffsets(result
, offsets_for_adjustment
);
648 // Adjust positions of the parsed components.
649 if (new_parsed
->scheme
.is_nonempty()) {
650 // Assume "view-source:real-scheme" as a scheme.
651 new_parsed
->scheme
.len
+= kViewSourceLength
;
653 new_parsed
->scheme
.begin
= 0;
654 new_parsed
->scheme
.len
= kViewSourceLength
- 1;
656 AdjustAllComponentsButScheme(kViewSourceLength
, new_parsed
);
659 *prefix_end
+= kViewSourceLength
;
664 class AppendComponentTransform
{
666 AppendComponentTransform() {}
667 virtual ~AppendComponentTransform() {}
669 virtual base::string16
Execute(const std::string
& component_text
,
670 Offsets
* offsets_into_component
) const = 0;
672 // NOTE: No DISALLOW_COPY_AND_ASSIGN here, since gcc < 4.3.0 requires an
673 // accessible copy constructor in order to call AppendFormattedComponent()
674 // with an inline temporary (see http://gcc.gnu.org/bugs/#cxx%5Frvalbind ).
677 class HostComponentTransform
: public AppendComponentTransform
{
679 explicit HostComponentTransform(const std::string
& languages
)
680 : languages_(languages
) {
684 virtual base::string16
Execute(
685 const std::string
& component_text
,
686 Offsets
* offsets_into_component
) const OVERRIDE
{
687 return IDNToUnicodeWithOffsets(component_text
, languages_
,
688 offsets_into_component
);
691 const std::string
& languages_
;
694 class NonHostComponentTransform
: public AppendComponentTransform
{
696 explicit NonHostComponentTransform(UnescapeRule::Type unescape_rules
)
697 : unescape_rules_(unescape_rules
) {
701 virtual base::string16
Execute(
702 const std::string
& component_text
,
703 Offsets
* offsets_into_component
) const OVERRIDE
{
704 return (unescape_rules_
== UnescapeRule::NONE
) ?
705 base::UTF8ToUTF16AndAdjustOffsets(component_text
,
706 offsets_into_component
) :
707 UnescapeAndDecodeUTF8URLComponentWithOffsets(component_text
,
708 unescape_rules_
, offsets_into_component
);
711 const UnescapeRule::Type unescape_rules_
;
714 // Transforms the portion of |spec| covered by |original_component| according to
715 // |transform|. Appends the result to |output|. If |output_component| is
716 // non-NULL, its start and length are set to the transformed component's new
717 // start and length. For each element in |original_offsets| which is at least
718 // as large as original_component.begin, the corresponding element of
719 // |offsets_for_adjustment| is transformed appropriately.
720 void AppendFormattedComponent(const std::string
& spec
,
721 const url_parse::Component
& original_component
,
722 const Offsets
& original_offsets
,
723 const AppendComponentTransform
& transform
,
724 base::string16
* output
,
725 url_parse::Component
* output_component
,
726 Offsets
* offsets_for_adjustment
) {
728 if (original_component
.is_nonempty()) {
729 size_t original_component_begin
=
730 static_cast<size_t>(original_component
.begin
);
731 size_t output_component_begin
= output
->length();
732 std::string
component_str(spec
, original_component_begin
,
733 static_cast<size_t>(original_component
.len
));
735 // Transform |component_str| and adjust the offsets accordingly.
736 Offsets
offsets_into_component(original_offsets
);
738 base::OffsetAdjuster
adjuster(&offsets_into_component
);
739 adjuster
.Add(base::OffsetAdjuster::Adjustment(0, original_component_begin
,
742 output
->append(transform
.Execute(component_str
, &offsets_into_component
));
743 AdjustForComponentTransform(original_offsets
, original_component_begin
,
744 static_cast<size_t>(original_component
.end()),
745 offsets_into_component
, output_component_begin
,
746 output
->length(), offsets_for_adjustment
);
748 // Set positions of the parsed component.
749 if (output_component
) {
750 output_component
->begin
= static_cast<int>(output_component_begin
);
751 output_component
->len
=
752 static_cast<int>(output
->length() - output_component_begin
);
754 } else if (output_component
) {
755 output_component
->reset();
759 void SanitizeGeneratedFileName(base::FilePath::StringType
* filename
,
760 bool replace_trailing
) {
761 const base::FilePath::CharType kReplace
[] = FILE_PATH_LITERAL("-");
762 if (filename
->empty())
764 if (replace_trailing
) {
765 // Handle CreateFile() stripping trailing dots and spaces on filenames
766 // http://support.microsoft.com/kb/115827
767 size_t length
= filename
->size();
768 size_t pos
= filename
->find_last_not_of(FILE_PATH_LITERAL(" ."));
769 filename
->resize((pos
== std::string::npos
) ? 0 : (pos
+ 1));
770 base::TrimWhitespace(*filename
, base::TRIM_TRAILING
, filename
);
771 if (filename
->empty())
773 size_t trimmed
= length
- filename
->size();
775 filename
->insert(filename
->end(), trimmed
, kReplace
[0]);
777 base::TrimString(*filename
, FILE_PATH_LITERAL("."), filename
);
778 if (filename
->empty())
780 // Replace any path information by changing path separators.
781 ReplaceSubstringsAfterOffset(filename
, 0, FILE_PATH_LITERAL("/"), kReplace
);
782 ReplaceSubstringsAfterOffset(filename
, 0, FILE_PATH_LITERAL("\\"), kReplace
);
785 // Returns the filename determined from the last component of the path portion
786 // of the URL. Returns an empty string if the URL doesn't have a path or is
787 // invalid. If the generated filename is not reliable,
788 // |should_overwrite_extension| will be set to true, in which case a better
789 // extension should be determined based on the content type.
790 std::string
GetFileNameFromURL(const GURL
& url
,
791 const std::string
& referrer_charset
,
792 bool* should_overwrite_extension
) {
793 // about: and data: URLs don't have file names, but esp. data: URLs may
794 // contain parts that look like ones (i.e., contain a slash). Therefore we
795 // don't attempt to divine a file name out of them.
796 if (!url
.is_valid() || url
.SchemeIs("about") || url
.SchemeIs("data"))
797 return std::string();
799 const std::string unescaped_url_filename
= UnescapeURLComponent(
800 url
.ExtractFileName(),
801 UnescapeRule::SPACES
| UnescapeRule::URL_SPECIAL_CHARS
);
803 // The URL's path should be escaped UTF-8, but may not be.
804 std::string decoded_filename
= unescaped_url_filename
;
805 if (!IsStringUTF8(decoded_filename
)) {
806 // TODO(jshin): this is probably not robust enough. To be sure, we need
807 // encoding detection.
808 base::string16 utf16_output
;
809 if (!referrer_charset
.empty() &&
810 base::CodepageToUTF16(unescaped_url_filename
,
811 referrer_charset
.c_str(),
812 base::OnStringConversionError::FAIL
,
814 decoded_filename
= base::UTF16ToUTF8(utf16_output
);
816 decoded_filename
= base::WideToUTF8(
817 base::SysNativeMBToWide(unescaped_url_filename
));
820 // If the URL contains a (possibly empty) query, assume it is a generator, and
821 // allow the determined extension to be overwritten.
822 *should_overwrite_extension
= !decoded_filename
.empty() && url
.has_query();
824 return decoded_filename
;
827 // Returns whether the specified extension is automatically integrated into the
829 bool IsShellIntegratedExtension(const base::FilePath::StringType
& extension
) {
830 base::FilePath::StringType extension_lower
= StringToLowerASCII(extension
);
832 // http://msdn.microsoft.com/en-us/library/ms811694.aspx
833 // Right-clicking on shortcuts can be magical.
834 if ((extension_lower
== FILE_PATH_LITERAL("local")) ||
835 (extension_lower
== FILE_PATH_LITERAL("lnk")))
838 // http://www.juniper.net/security/auto/vulnerabilities/vuln2612.html
839 // Files become magical if they end in a CLSID, so block such extensions.
840 if (!extension_lower
.empty() &&
841 (extension_lower
[0] == FILE_PATH_LITERAL('{')) &&
842 (extension_lower
[extension_lower
.length() - 1] == FILE_PATH_LITERAL('}')))
847 // Returns whether the specified file name is a reserved name on windows.
848 // This includes names like "com2.zip" (which correspond to devices) and
849 // desktop.ini and thumbs.db which have special meaning to the windows shell.
850 bool IsReservedName(const base::FilePath::StringType
& filename
) {
851 // This list is taken from the MSDN article "Naming a file"
852 // http://msdn2.microsoft.com/en-us/library/aa365247(VS.85).aspx
853 // I also added clock$ because GetSaveFileName seems to consider it as a
854 // reserved name too.
855 static const char* const known_devices
[] = {
856 "con", "prn", "aux", "nul", "com1", "com2", "com3", "com4", "com5",
857 "com6", "com7", "com8", "com9", "lpt1", "lpt2", "lpt3", "lpt4",
858 "lpt5", "lpt6", "lpt7", "lpt8", "lpt9", "clock$"
861 std::string filename_lower
= StringToLowerASCII(base::WideToUTF8(filename
));
862 #elif defined(OS_POSIX)
863 std::string filename_lower
= StringToLowerASCII(filename
);
866 for (size_t i
= 0; i
< arraysize(known_devices
); ++i
) {
868 if (filename_lower
== known_devices
[i
])
870 // Starts with "DEVICE.".
871 if (filename_lower
.find(std::string(known_devices
[i
]) + ".") == 0)
875 static const char* const magic_names
[] = {
876 // These file names are used by the "Customize folder" feature of the shell.
881 for (size_t i
= 0; i
< arraysize(magic_names
); ++i
) {
882 if (filename_lower
== magic_names
[i
])
889 // Examines the current extension in |file_name| and modifies it if necessary in
890 // order to ensure the filename is safe. If |file_name| doesn't contain an
891 // extension or if |ignore_extension| is true, then a new extension will be
892 // constructed based on the |mime_type|.
894 // We're addressing two things here:
896 // 1) Usability. If there is no reliable file extension, we want to guess a
897 // reasonable file extension based on the content type.
899 // 2) Shell integration. Some file extensions automatically integrate with the
900 // shell. We block these extensions to prevent a malicious web site from
901 // integrating with the user's shell.
902 void EnsureSafeExtension(const std::string
& mime_type
,
903 bool ignore_extension
,
904 base::FilePath
* file_name
) {
905 // See if our file name already contains an extension.
906 base::FilePath::StringType extension
= file_name
->Extension();
907 if (!extension
.empty())
908 extension
.erase(extension
.begin()); // Erase preceding '.'.
910 if ((ignore_extension
|| extension
.empty()) && !mime_type
.empty()) {
911 base::FilePath::StringType preferred_mime_extension
;
912 std::vector
<base::FilePath::StringType
> all_mime_extensions
;
913 // The GetPreferredExtensionForMimeType call will end up going to disk. Do
914 // this on another thread to avoid slowing the IO thread.
915 // http://crbug.com/61827
916 // TODO(asanka): Remove this ScopedAllowIO once all callers have switched
917 // over to IO safe threads.
918 base::ThreadRestrictions::ScopedAllowIO allow_io
;
919 net::GetPreferredExtensionForMimeType(mime_type
, &preferred_mime_extension
);
920 net::GetExtensionsForMimeType(mime_type
, &all_mime_extensions
);
921 // If the existing extension is in the list of valid extensions for the
922 // given type, use it. This avoids doing things like pointlessly renaming
923 // "foo.jpg" to "foo.jpeg".
924 if (std::find(all_mime_extensions
.begin(),
925 all_mime_extensions
.end(),
926 extension
) != all_mime_extensions
.end()) {
927 // leave |extension| alone
928 } else if (!preferred_mime_extension
.empty()) {
929 extension
= preferred_mime_extension
;
934 static const base::FilePath::CharType default_extension
[] =
935 FILE_PATH_LITERAL("download");
937 // Rename shell-integrated extensions.
938 // TODO(asanka): Consider stripping out the bad extension and replacing it
939 // with the preferred extension for the MIME type if one is available.
940 if (IsShellIntegratedExtension(extension
))
941 extension
.assign(default_extension
);
944 *file_name
= file_name
->ReplaceExtension(extension
);
947 bool FilePathToString16(const base::FilePath
& path
, base::string16
* converted
) {
949 return base::WideToUTF16(
950 path
.value().c_str(), path
.value().size(), converted
);
951 #elif defined(OS_POSIX)
952 std::string component8
= path
.AsUTF8Unsafe();
953 return !component8
.empty() &&
954 base::UTF8ToUTF16(component8
.c_str(), component8
.size(), converted
);
958 bool IPNumberPrefixCheck(const IPAddressNumber
& ip_number
,
959 const unsigned char* ip_prefix
,
960 size_t prefix_length_in_bits
) {
961 // Compare all the bytes that fall entirely within the prefix.
962 int num_entire_bytes_in_prefix
= prefix_length_in_bits
/ 8;
963 for (int i
= 0; i
< num_entire_bytes_in_prefix
; ++i
) {
964 if (ip_number
[i
] != ip_prefix
[i
])
968 // In case the prefix was not a multiple of 8, there will be 1 byte
969 // which is only partially masked.
970 int remaining_bits
= prefix_length_in_bits
% 8;
971 if (remaining_bits
!= 0) {
972 unsigned char mask
= 0xFF << (8 - remaining_bits
);
973 int i
= num_entire_bytes_in_prefix
;
974 if ((ip_number
[i
] & mask
) != (ip_prefix
[i
] & mask
))
982 const FormatUrlType kFormatUrlOmitNothing
= 0;
983 const FormatUrlType kFormatUrlOmitUsernamePassword
= 1 << 0;
984 const FormatUrlType kFormatUrlOmitHTTP
= 1 << 1;
985 const FormatUrlType kFormatUrlOmitTrailingSlashOnBareHostname
= 1 << 2;
986 const FormatUrlType kFormatUrlOmitAll
= kFormatUrlOmitUsernamePassword
|
987 kFormatUrlOmitHTTP
| kFormatUrlOmitTrailingSlashOnBareHostname
;
989 static base::LazyInstance
<std::multiset
<int> >::Leaky
990 g_explicitly_allowed_ports
= LAZY_INSTANCE_INITIALIZER
;
992 size_t GetCountOfExplicitlyAllowedPorts() {
993 return g_explicitly_allowed_ports
.Get().size();
996 GURL
FilePathToFileURL(const base::FilePath
& path
) {
997 // Produce a URL like "file:///C:/foo" for a regular file, or
998 // "file://///server/path" for UNC. The URL canonicalizer will fix up the
999 // latter case to be the canonical UNC form: "file://server/path"
1000 base::FilePath::StringType
url_string(kFileURLPrefix
);
1001 if (!path
.IsAbsolute()) {
1002 base::FilePath current_dir
;
1003 PathService::Get(base::DIR_CURRENT
, ¤t_dir
);
1004 url_string
.append(current_dir
.value());
1005 url_string
.push_back(base::FilePath::kSeparators
[0]);
1007 url_string
.append(path
.value());
1009 // Now do replacement of some characters. Since we assume the input is a
1010 // literal filename, anything the URL parser might consider special should
1013 // must be the first substitution since others will introduce percents as the
1015 ReplaceSubstringsAfterOffset(&url_string
, 0,
1016 FILE_PATH_LITERAL("%"), FILE_PATH_LITERAL("%25"));
1018 // semicolon is supposed to be some kind of separator according to RFC 2396
1019 ReplaceSubstringsAfterOffset(&url_string
, 0,
1020 FILE_PATH_LITERAL(";"), FILE_PATH_LITERAL("%3B"));
1022 ReplaceSubstringsAfterOffset(&url_string
, 0,
1023 FILE_PATH_LITERAL("#"), FILE_PATH_LITERAL("%23"));
1025 ReplaceSubstringsAfterOffset(&url_string
, 0,
1026 FILE_PATH_LITERAL("?"), FILE_PATH_LITERAL("%3F"));
1028 #if defined(OS_POSIX)
1029 ReplaceSubstringsAfterOffset(&url_string
, 0,
1030 FILE_PATH_LITERAL("\\"), FILE_PATH_LITERAL("%5C"));
1033 return GURL(url_string
);
1036 std::string
GetSpecificHeader(const std::string
& headers
,
1037 const std::string
& name
) {
1038 // We want to grab the Value from the "Key: Value" pairs in the headers,
1039 // which should look like this (no leading spaces, \n-separated) (we format
1040 // them this way in url_request_inet.cc):
1041 // HTTP/1.1 200 OK\n
1042 // ETag: "6d0b8-947-24f35ec0"\n
1043 // Content-Length: 2375\n
1044 // Content-Type: text/html; charset=UTF-8\n
1045 // Last-Modified: Sun, 03 Sep 2006 04:34:43 GMT\n
1046 if (headers
.empty())
1047 return std::string();
1049 std::string
match('\n' + name
+ ':');
1051 std::string::const_iterator begin
=
1052 std::search(headers
.begin(), headers
.end(), match
.begin(), match
.end(),
1053 base::CaseInsensitiveCompareASCII
<char>());
1055 if (begin
== headers
.end())
1056 return std::string();
1058 begin
+= match
.length();
1061 base::TrimWhitespace(std::string(begin
,
1062 std::find(begin
, headers
.end(), '\n')),
1063 base::TRIM_ALL
, &ret
);
1067 base::string16
IDNToUnicode(const std::string
& host
,
1068 const std::string
& languages
) {
1069 return IDNToUnicodeWithOffsets(host
, languages
, NULL
);
1072 std::string
CanonicalizeHost(const std::string
& host
,
1073 url_canon::CanonHostInfo
* host_info
) {
1074 // Try to canonicalize the host.
1075 const url_parse::Component
raw_host_component(
1076 0, static_cast<int>(host
.length()));
1077 std::string canon_host
;
1078 url_canon::StdStringCanonOutput
canon_host_output(&canon_host
);
1079 url_canon::CanonicalizeHostVerbose(host
.c_str(), raw_host_component
,
1080 &canon_host_output
, host_info
);
1082 if (host_info
->out_host
.is_nonempty() &&
1083 host_info
->family
!= url_canon::CanonHostInfo::BROKEN
) {
1084 // Success! Assert that there's no extra garbage.
1085 canon_host_output
.Complete();
1086 DCHECK_EQ(host_info
->out_host
.len
, static_cast<int>(canon_host
.length()));
1088 // Empty host, or canonicalization failed. We'll return empty.
1095 std::string
GetDirectoryListingHeader(const base::string16
& title
) {
1096 static const base::StringPiece
header(
1097 NetModule::GetResource(IDR_DIR_HEADER_HTML
));
1098 // This can be null in unit tests.
1099 DLOG_IF(WARNING
, header
.empty()) <<
1100 "Missing resource: directory listing header";
1103 if (!header
.empty())
1104 result
.assign(header
.data(), header
.size());
1106 result
.append("<script>start(");
1107 base::EscapeJSONString(title
, true, &result
);
1108 result
.append(");</script>\n");
1113 inline bool IsHostCharAlphanumeric(char c
) {
1114 // We can just check lowercase because uppercase characters have already been
1116 return ((c
>= 'a') && (c
<= 'z')) || ((c
>= '0') && (c
<= '9'));
1119 bool IsCanonicalizedHostCompliant(const std::string
& host
,
1120 const std::string
& desired_tld
) {
1124 bool in_component
= false;
1125 bool most_recent_component_started_alphanumeric
= false;
1126 bool last_char_was_underscore
= false;
1128 for (std::string::const_iterator
i(host
.begin()); i
!= host
.end(); ++i
) {
1130 if (!in_component
) {
1131 most_recent_component_started_alphanumeric
= IsHostCharAlphanumeric(c
);
1132 if (!most_recent_component_started_alphanumeric
&& (c
!= '-'))
1134 in_component
= true;
1137 if (last_char_was_underscore
)
1139 in_component
= false;
1140 } else if (IsHostCharAlphanumeric(c
) || (c
== '-')) {
1141 last_char_was_underscore
= false;
1142 } else if (c
== '_') {
1143 last_char_was_underscore
= true;
1150 return most_recent_component_started_alphanumeric
||
1151 (!desired_tld
.empty() && IsHostCharAlphanumeric(desired_tld
[0]));
1154 std::string
GetDirectoryListingEntry(const base::string16
& name
,
1155 const std::string
& raw_bytes
,
1160 result
.append("<script>addRow(");
1161 base::EscapeJSONString(name
, true, &result
);
1163 if (raw_bytes
.empty()) {
1164 base::EscapeJSONString(EscapePath(base::UTF16ToUTF8(name
)), true, &result
);
1166 base::EscapeJSONString(EscapePath(raw_bytes
), true, &result
);
1169 result
.append(",1,");
1171 result
.append(",0,");
1174 // Negative size means unknown or not applicable (e.g. directory).
1175 base::string16 size_string
;
1177 size_string
= FormatBytesUnlocalized(size
);
1178 base::EscapeJSONString(size_string
, true, &result
);
1182 base::string16 modified_str
;
1183 // |modified| can be NULL in FTP listings.
1184 if (!modified
.is_null()) {
1185 modified_str
= base::TimeFormatShortDateAndTime(modified
);
1187 base::EscapeJSONString(modified_str
, true, &result
);
1189 result
.append(");</script>\n");
1194 base::string16
StripWWW(const base::string16
& text
) {
1195 const base::string16
www(base::ASCIIToUTF16("www."));
1196 return StartsWith(text
, www
, true) ? text
.substr(www
.length()) : text
;
1199 base::string16
StripWWWFromHost(const GURL
& url
) {
1200 DCHECK(url
.is_valid());
1201 return StripWWW(base::ASCIIToUTF16(url
.host()));
1204 bool IsSafePortablePathComponent(const base::FilePath
& component
) {
1205 base::string16 component16
;
1206 base::FilePath::StringType sanitized
= component
.value();
1207 SanitizeGeneratedFileName(&sanitized
, true);
1208 base::FilePath::StringType extension
= component
.Extension();
1209 if (!extension
.empty())
1210 extension
.erase(extension
.begin()); // Erase preceding '.'.
1211 return !component
.empty() &&
1212 (component
== component
.BaseName()) &&
1213 (component
== component
.StripTrailingSeparators()) &&
1214 FilePathToString16(component
, &component16
) &&
1215 file_util::IsFilenameLegal(component16
) &&
1216 !IsShellIntegratedExtension(extension
) &&
1217 (sanitized
== component
.value()) &&
1218 !IsReservedName(component
.value());
1221 bool IsSafePortableRelativePath(const base::FilePath
& path
) {
1222 if (path
.empty() || path
.IsAbsolute() || path
.EndsWithSeparator())
1224 std::vector
<base::FilePath::StringType
> components
;
1225 path
.GetComponents(&components
);
1226 if (components
.empty())
1228 for (size_t i
= 0; i
< components
.size() - 1; ++i
) {
1229 if (!IsSafePortablePathComponent(base::FilePath(components
[i
])))
1232 return IsSafePortablePathComponent(path
.BaseName());
1235 void GenerateSafeFileName(const std::string
& mime_type
,
1236 bool ignore_extension
,
1237 base::FilePath
* file_path
) {
1238 // Make sure we get the right file extension
1239 EnsureSafeExtension(mime_type
, ignore_extension
, file_path
);
1242 // Prepend "_" to the file name if it's a reserved name
1243 base::FilePath::StringType leaf_name
= file_path
->BaseName().value();
1244 DCHECK(!leaf_name
.empty());
1245 if (IsReservedName(leaf_name
)) {
1246 leaf_name
= base::FilePath::StringType(FILE_PATH_LITERAL("_")) + leaf_name
;
1247 *file_path
= file_path
->DirName();
1248 if (file_path
->value() == base::FilePath::kCurrentDirectory
) {
1249 *file_path
= base::FilePath(leaf_name
);
1251 *file_path
= file_path
->Append(leaf_name
);
1257 base::string16
GetSuggestedFilename(const GURL
& url
,
1258 const std::string
& content_disposition
,
1259 const std::string
& referrer_charset
,
1260 const std::string
& suggested_name
,
1261 const std::string
& mime_type
,
1262 const std::string
& default_name
) {
1263 // TODO: this function to be updated to match the httpbis recommendations.
1264 // Talk to abarth for the latest news.
1266 // We don't translate this fallback string, "download". If localization is
1267 // needed, the caller should provide localized fallback in |default_name|.
1268 static const base::FilePath::CharType kFinalFallbackName
[] =
1269 FILE_PATH_LITERAL("download");
1270 std::string filename
; // In UTF-8
1271 bool overwrite_extension
= false;
1273 // Try to extract a filename from content-disposition first.
1274 if (!content_disposition
.empty()) {
1275 HttpContentDisposition
header(content_disposition
, referrer_charset
);
1276 filename
= header
.filename();
1279 // Then try to use the suggested name.
1280 if (filename
.empty() && !suggested_name
.empty())
1281 filename
= suggested_name
;
1283 // Now try extracting the filename from the URL. GetFileNameFromURL() only
1284 // looks at the last component of the URL and doesn't return the hostname as a
1286 if (filename
.empty())
1287 filename
= GetFileNameFromURL(url
, referrer_charset
, &overwrite_extension
);
1289 // Finally try the URL hostname, but only if there's no default specified in
1290 // |default_name|. Some schemes (e.g.: file:, about:, data:) do not have a
1292 if (filename
.empty() &&
1293 default_name
.empty() &&
1295 !url
.host().empty()) {
1296 // TODO(jungshik) : Decode a 'punycoded' IDN hostname. (bug 1264451)
1297 filename
= url
.host();
1300 bool replace_trailing
= false;
1301 base::FilePath::StringType result_str
, default_name_str
;
1303 replace_trailing
= true;
1304 result_str
= base::UTF8ToUTF16(filename
);
1305 default_name_str
= base::UTF8ToUTF16(default_name
);
1307 result_str
= filename
;
1308 default_name_str
= default_name
;
1310 SanitizeGeneratedFileName(&result_str
, replace_trailing
);
1311 if (result_str
.find_last_not_of(FILE_PATH_LITERAL("-_")) ==
1312 base::FilePath::StringType::npos
) {
1313 result_str
= !default_name_str
.empty() ? default_name_str
:
1314 base::FilePath::StringType(kFinalFallbackName
);
1315 overwrite_extension
= false;
1317 file_util::ReplaceIllegalCharactersInPath(&result_str
, '-');
1318 base::FilePath
result(result_str
);
1319 GenerateSafeFileName(mime_type
, overwrite_extension
, &result
);
1321 base::string16 result16
;
1322 if (!FilePathToString16(result
, &result16
)) {
1323 result
= base::FilePath(default_name_str
);
1324 if (!FilePathToString16(result
, &result16
)) {
1325 result
= base::FilePath(kFinalFallbackName
);
1326 FilePathToString16(result
, &result16
);
1332 base::FilePath
GenerateFileName(const GURL
& url
,
1333 const std::string
& content_disposition
,
1334 const std::string
& referrer_charset
,
1335 const std::string
& suggested_name
,
1336 const std::string
& mime_type
,
1337 const std::string
& default_file_name
) {
1338 base::string16 file_name
= GetSuggestedFilename(url
,
1339 content_disposition
,
1346 base::FilePath
generated_name(file_name
);
1348 base::FilePath
generated_name(
1349 base::SysWideToNativeMB(base::UTF16ToWide(file_name
)));
1352 #if defined(OS_CHROMEOS)
1353 // When doing file manager operations on ChromeOS, the file paths get
1354 // normalized in WebKit layer, so let's ensure downloaded files have
1355 // normalized names. Otherwise, we won't be able to handle files with NFD
1356 // utf8 encoded characters in name.
1357 file_util::NormalizeFileNameEncoding(&generated_name
);
1360 DCHECK(!generated_name
.empty());
1362 return generated_name
;
1365 bool IsPortAllowedByDefault(int port
) {
1366 int array_size
= arraysize(kRestrictedPorts
);
1367 for (int i
= 0; i
< array_size
; i
++) {
1368 if (kRestrictedPorts
[i
] == port
) {
1375 bool IsPortAllowedByFtp(int port
) {
1376 int array_size
= arraysize(kAllowedFtpPorts
);
1377 for (int i
= 0; i
< array_size
; i
++) {
1378 if (kAllowedFtpPorts
[i
] == port
) {
1382 // Port not explicitly allowed by FTP, so return the default restrictions.
1383 return IsPortAllowedByDefault(port
);
1386 bool IsPortAllowedByOverride(int port
) {
1387 if (g_explicitly_allowed_ports
.Get().empty())
1390 return g_explicitly_allowed_ports
.Get().count(port
) > 0;
1393 int SetNonBlocking(int fd
) {
1395 unsigned long no_block
= 1;
1396 return ioctlsocket(fd
, FIONBIO
, &no_block
);
1397 #elif defined(OS_POSIX)
1398 int flags
= fcntl(fd
, F_GETFL
, 0);
1401 return fcntl(fd
, F_SETFL
, flags
| O_NONBLOCK
);
1405 bool ParseHostAndPort(std::string::const_iterator host_and_port_begin
,
1406 std::string::const_iterator host_and_port_end
,
1409 if (host_and_port_begin
>= host_and_port_end
)
1412 // When using url_parse, we use char*.
1413 const char* auth_begin
= &(*host_and_port_begin
);
1414 int auth_len
= host_and_port_end
- host_and_port_begin
;
1416 url_parse::Component
auth_component(0, auth_len
);
1417 url_parse::Component username_component
;
1418 url_parse::Component password_component
;
1419 url_parse::Component hostname_component
;
1420 url_parse::Component port_component
;
1422 url_parse::ParseAuthority(auth_begin
, auth_component
, &username_component
,
1423 &password_component
, &hostname_component
, &port_component
);
1425 // There shouldn't be a username/password.
1426 if (username_component
.is_valid() || password_component
.is_valid())
1429 if (!hostname_component
.is_nonempty())
1430 return false; // Failed parsing.
1432 int parsed_port_number
= -1;
1433 if (port_component
.is_nonempty()) {
1434 parsed_port_number
= url_parse::ParsePort(auth_begin
, port_component
);
1436 // If parsing failed, port_number will be either PORT_INVALID or
1437 // PORT_UNSPECIFIED, both of which are negative.
1438 if (parsed_port_number
< 0)
1439 return false; // Failed parsing the port number.
1442 if (port_component
.len
== 0)
1443 return false; // Reject inputs like "foo:"
1445 // Pass results back to caller.
1446 host
->assign(auth_begin
+ hostname_component
.begin
, hostname_component
.len
);
1447 *port
= parsed_port_number
;
1449 return true; // Success.
1452 bool ParseHostAndPort(const std::string
& host_and_port
,
1455 return ParseHostAndPort(
1456 host_and_port
.begin(), host_and_port
.end(), host
, port
);
1459 std::string
GetHostAndPort(const GURL
& url
) {
1460 // For IPv6 literals, GURL::host() already includes the brackets so it is
1461 // safe to just append a colon.
1462 return base::StringPrintf("%s:%d", url
.host().c_str(),
1463 url
.EffectiveIntPort());
1466 std::string
GetHostAndOptionalPort(const GURL
& url
) {
1467 // For IPv6 literals, GURL::host() already includes the brackets
1468 // so it is safe to just append a colon.
1470 return base::StringPrintf("%s:%s", url
.host().c_str(), url
.port().c_str());
1474 bool IsHostnameNonUnique(const std::string
& hostname
) {
1475 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
1476 const std::string host_or_ip
= hostname
.find(':') != std::string::npos
?
1477 "[" + hostname
+ "]" : hostname
;
1478 url_canon::CanonHostInfo host_info
;
1479 std::string canonical_name
= CanonicalizeHost(host_or_ip
, &host_info
);
1481 // If canonicalization fails, then the input is truly malformed. However,
1482 // to avoid mis-reporting bad inputs as "non-unique", treat them as unique.
1483 if (canonical_name
.empty())
1486 // If |hostname| is an IP address, check to see if it's in an IANA-reserved
1488 if (host_info
.IsIPAddress()) {
1489 IPAddressNumber host_addr
;
1490 if (!ParseIPLiteralToNumber(hostname
.substr(host_info
.out_host
.begin
,
1491 host_info
.out_host
.len
),
1495 switch (host_info
.family
) {
1496 case url_canon::CanonHostInfo::IPV4
:
1497 case url_canon::CanonHostInfo::IPV6
:
1498 return IsIPAddressReserved(host_addr
);
1499 case url_canon::CanonHostInfo::NEUTRAL
:
1500 case url_canon::CanonHostInfo::BROKEN
:
1505 // Check for a registry controlled portion of |hostname|, ignoring private
1506 // registries, as they already chain to ICANN-administered registries,
1507 // and explicitly ignoring unknown registries.
1509 // Note: This means that as new gTLDs are introduced on the Internet, they
1510 // will be treated as non-unique until the registry controlled domain list
1511 // is updated. However, because gTLDs are expected to provide significant
1512 // advance notice to deprecate older versions of this code, this an
1513 // acceptable tradeoff.
1514 return 0 == registry_controlled_domains::GetRegistryLength(
1516 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES
,
1517 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES
);
1520 // Don't compare IPv4 and IPv6 addresses (they have different range
1521 // reservations). Keep separate reservation arrays for each IP type, and
1522 // consolidate adjacent reserved ranges within a reservation array when
1524 // Sources for info:
1525 // www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
1526 // www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
1527 // They're formatted here with the prefix as the last element. For example:
1528 // 10.0.0.0/8 becomes 10,0,0,0,8 and fec0::/10 becomes 0xfe,0xc0,0,0,0...,10.
1529 bool IsIPAddressReserved(const IPAddressNumber
& host_addr
) {
1530 static const unsigned char kReservedIPv4
[][5] = {
1531 { 0,0,0,0,8 }, { 10,0,0,0,8 }, { 100,64,0,0,10 }, { 127,0,0,0,8 },
1532 { 169,254,0,0,16 }, { 172,16,0,0,12 }, { 192,0,2,0,24 },
1533 { 192,88,99,0,24 }, { 192,168,0,0,16 }, { 198,18,0,0,15 },
1534 { 198,51,100,0,24 }, { 203,0,113,0,24 }, { 224,0,0,0,3 }
1536 static const unsigned char kReservedIPv6
[][17] = {
1537 { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8 },
1538 { 0x40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
1539 { 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2 },
1540 { 0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3 },
1541 { 0xe0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4 },
1542 { 0xf0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5 },
1543 { 0xf8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6 },
1544 { 0xfc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7 },
1545 { 0xfe,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9 },
1546 { 0xfe,0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
1547 { 0xfe,0xc0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10 },
1549 size_t array_size
= 0;
1550 const unsigned char* array
= NULL
;
1551 switch (host_addr
.size()) {
1552 case kIPv4AddressSize
:
1553 array_size
= arraysize(kReservedIPv4
);
1554 array
= kReservedIPv4
[0];
1556 case kIPv6AddressSize
:
1557 array_size
= arraysize(kReservedIPv6
);
1558 array
= kReservedIPv6
[0];
1563 size_t width
= host_addr
.size() + 1;
1564 for (size_t i
= 0; i
< array_size
; ++i
, array
+= width
) {
1565 if (IPNumberPrefixCheck(host_addr
, array
, array
[width
-1]))
1571 // Extracts the address and port portions of a sockaddr.
1572 bool GetIPAddressFromSockAddr(const struct sockaddr
* sock_addr
,
1573 socklen_t sock_addr_len
,
1574 const uint8
** address
,
1575 size_t* address_len
,
1577 if (sock_addr
->sa_family
== AF_INET
) {
1578 if (sock_addr_len
< static_cast<socklen_t
>(sizeof(struct sockaddr_in
)))
1580 const struct sockaddr_in
* addr
=
1581 reinterpret_cast<const struct sockaddr_in
*>(sock_addr
);
1582 *address
= reinterpret_cast<const uint8
*>(&addr
->sin_addr
);
1583 *address_len
= kIPv4AddressSize
;
1585 *port
= base::NetToHost16(addr
->sin_port
);
1589 if (sock_addr
->sa_family
== AF_INET6
) {
1590 if (sock_addr_len
< static_cast<socklen_t
>(sizeof(struct sockaddr_in6
)))
1592 const struct sockaddr_in6
* addr
=
1593 reinterpret_cast<const struct sockaddr_in6
*>(sock_addr
);
1594 *address
= reinterpret_cast<const unsigned char*>(&addr
->sin6_addr
);
1595 *address_len
= kIPv6AddressSize
;
1597 *port
= base::NetToHost16(addr
->sin6_port
);
1601 return false; // Unrecognized |sa_family|.
1604 std::string
IPAddressToString(const uint8
* address
,
1605 size_t address_len
) {
1607 url_canon::StdStringCanonOutput
output(&str
);
1609 if (address_len
== kIPv4AddressSize
) {
1610 url_canon::AppendIPv4Address(address
, &output
);
1611 } else if (address_len
== kIPv6AddressSize
) {
1612 url_canon::AppendIPv6Address(address
, &output
);
1614 CHECK(false) << "Invalid IP address with length: " << address_len
;
1621 std::string
IPAddressToStringWithPort(const uint8
* address
,
1624 std::string address_str
= IPAddressToString(address
, address_len
);
1626 if (address_len
== kIPv6AddressSize
) {
1627 // Need to bracket IPv6 addresses since they contain colons.
1628 return base::StringPrintf("[%s]:%d", address_str
.c_str(), port
);
1630 return base::StringPrintf("%s:%d", address_str
.c_str(), port
);
1633 std::string
NetAddressToString(const struct sockaddr
* sa
,
1634 socklen_t sock_addr_len
) {
1635 const uint8
* address
;
1637 if (!GetIPAddressFromSockAddr(sa
, sock_addr_len
, &address
,
1638 &address_len
, NULL
)) {
1640 return std::string();
1642 return IPAddressToString(address
, address_len
);
1645 std::string
NetAddressToStringWithPort(const struct sockaddr
* sa
,
1646 socklen_t sock_addr_len
) {
1647 const uint8
* address
;
1650 if (!GetIPAddressFromSockAddr(sa
, sock_addr_len
, &address
,
1651 &address_len
, &port
)) {
1653 return std::string();
1655 return IPAddressToStringWithPort(address
, address_len
, port
);
1658 std::string
IPAddressToString(const IPAddressNumber
& addr
) {
1659 return IPAddressToString(&addr
.front(), addr
.size());
1662 std::string
IPAddressToStringWithPort(const IPAddressNumber
& addr
,
1664 return IPAddressToStringWithPort(&addr
.front(), addr
.size(), port
);
1667 std::string
IPAddressToPackedString(const IPAddressNumber
& addr
) {
1668 return std::string(reinterpret_cast<const char *>(&addr
.front()),
1672 std::string
GetHostName() {
1674 EnsureWinsockInit();
1677 // Host names are limited to 255 bytes.
1679 int result
= gethostname(buffer
, sizeof(buffer
));
1681 DVLOG(1) << "gethostname() failed with " << result
;
1684 return std::string(buffer
);
1687 void GetIdentityFromURL(const GURL
& url
,
1688 base::string16
* username
,
1689 base::string16
* password
) {
1690 UnescapeRule::Type flags
=
1691 UnescapeRule::SPACES
| UnescapeRule::URL_SPECIAL_CHARS
;
1692 *username
= UnescapeAndDecodeUTF8URLComponent(url
.username(), flags
, NULL
);
1693 *password
= UnescapeAndDecodeUTF8URLComponent(url
.password(), flags
, NULL
);
1696 std::string
GetHostOrSpecFromURL(const GURL
& url
) {
1697 return url
.has_host() ? TrimEndingDot(url
.host()) : url
.spec();
1700 void AppendFormattedHost(const GURL
& url
,
1701 const std::string
& languages
,
1702 base::string16
* output
) {
1704 AppendFormattedComponent(url
.possibly_invalid_spec(),
1705 url
.parsed_for_possibly_invalid_spec().host
, offsets
,
1706 HostComponentTransform(languages
), output
, NULL
, NULL
);
1709 base::string16
FormatUrlWithOffsets(
1711 const std::string
& languages
,
1712 FormatUrlTypes format_types
,
1713 UnescapeRule::Type unescape_rules
,
1714 url_parse::Parsed
* new_parsed
,
1716 Offsets
* offsets_for_adjustment
) {
1717 url_parse::Parsed parsed_temp
;
1719 new_parsed
= &parsed_temp
;
1721 *new_parsed
= url_parse::Parsed();
1722 Offsets original_offsets
;
1723 if (offsets_for_adjustment
)
1724 original_offsets
= *offsets_for_adjustment
;
1726 // Special handling for view-source:. Don't use content::kViewSourceScheme
1727 // because this library shouldn't depend on chrome.
1728 const char* const kViewSource
= "view-source";
1729 // Reject "view-source:view-source:..." to avoid deep recursion.
1730 const char* const kViewSourceTwice
= "view-source:view-source:";
1731 if (url
.SchemeIs(kViewSource
) &&
1732 !StartsWithASCII(url
.possibly_invalid_spec(), kViewSourceTwice
, false)) {
1733 return FormatViewSourceUrl(url
, original_offsets
, languages
, format_types
,
1734 unescape_rules
, new_parsed
, prefix_end
,
1735 offsets_for_adjustment
);
1738 // We handle both valid and invalid URLs (this will give us the spec
1739 // regardless of validity).
1740 const std::string
& spec
= url
.possibly_invalid_spec();
1741 const url_parse::Parsed
& parsed
= url
.parsed_for_possibly_invalid_spec();
1743 // Scheme & separators. These are ASCII.
1744 base::string16 url_string
;
1745 url_string
.insert(url_string
.end(), spec
.begin(),
1746 spec
.begin() + parsed
.CountCharactersBefore(url_parse::Parsed::USERNAME
,
1748 const char kHTTP
[] = "http://";
1749 const char kFTP
[] = "ftp.";
1750 // URLFixerUpper::FixupURL() treats "ftp.foo.com" as ftp://ftp.foo.com. This
1751 // means that if we trim "http://" off a URL whose host starts with "ftp." and
1752 // the user inputs this into any field subject to fixup (which is basically
1753 // all input fields), the meaning would be changed. (In fact, often the
1754 // formatted URL is directly pre-filled into an input field.) For this reason
1755 // we avoid stripping "http://" in this case.
1756 bool omit_http
= (format_types
& kFormatUrlOmitHTTP
) &&
1757 EqualsASCII(url_string
, kHTTP
) &&
1758 !StartsWithASCII(url
.host(), kFTP
, true);
1759 new_parsed
->scheme
= parsed
.scheme
;
1761 // Username & password.
1762 if ((format_types
& kFormatUrlOmitUsernamePassword
) != 0) {
1763 // Remove the username and password fields. We don't want to display those
1764 // to the user since they can be used for attacks,
1765 // e.g. "http://google.com:search@evil.ru/"
1766 new_parsed
->username
.reset();
1767 new_parsed
->password
.reset();
1768 // Update the offsets based on removed username and/or password.
1769 if (offsets_for_adjustment
&& !offsets_for_adjustment
->empty() &&
1770 (parsed
.username
.is_nonempty() || parsed
.password
.is_nonempty())) {
1771 base::OffsetAdjuster
offset_adjuster(offsets_for_adjustment
);
1772 if (parsed
.username
.is_nonempty() && parsed
.password
.is_nonempty()) {
1773 // The seeming off-by-one and off-by-two in these first two lines are to
1774 // account for the ':' after the username and '@' after the password.
1775 offset_adjuster
.Add(base::OffsetAdjuster::Adjustment(
1776 static_cast<size_t>(parsed
.username
.begin
),
1777 static_cast<size_t>(parsed
.username
.len
+ parsed
.password
.len
+ 2),
1780 const url_parse::Component
* nonempty_component
=
1781 parsed
.username
.is_nonempty() ? &parsed
.username
: &parsed
.password
;
1782 // The seeming off-by-one in below is to account for the '@' after the
1783 // username/password.
1784 offset_adjuster
.Add(base::OffsetAdjuster::Adjustment(
1785 static_cast<size_t>(nonempty_component
->begin
),
1786 static_cast<size_t>(nonempty_component
->len
+ 1), 0));
1790 AppendFormattedComponent(spec
, parsed
.username
, original_offsets
,
1791 NonHostComponentTransform(unescape_rules
), &url_string
,
1792 &new_parsed
->username
, offsets_for_adjustment
);
1793 if (parsed
.password
.is_valid())
1794 url_string
.push_back(':');
1795 AppendFormattedComponent(spec
, parsed
.password
, original_offsets
,
1796 NonHostComponentTransform(unescape_rules
), &url_string
,
1797 &new_parsed
->password
, offsets_for_adjustment
);
1798 if (parsed
.username
.is_valid() || parsed
.password
.is_valid())
1799 url_string
.push_back('@');
1802 *prefix_end
= static_cast<size_t>(url_string
.length());
1805 AppendFormattedComponent(spec
, parsed
.host
, original_offsets
,
1806 HostComponentTransform(languages
), &url_string
, &new_parsed
->host
,
1807 offsets_for_adjustment
);
1810 if (parsed
.port
.is_nonempty()) {
1811 url_string
.push_back(':');
1812 new_parsed
->port
.begin
= url_string
.length();
1813 url_string
.insert(url_string
.end(),
1814 spec
.begin() + parsed
.port
.begin
,
1815 spec
.begin() + parsed
.port
.end());
1816 new_parsed
->port
.len
= url_string
.length() - new_parsed
->port
.begin
;
1818 new_parsed
->port
.reset();
1821 // Path & query. Both get the same general unescape & convert treatment.
1822 if (!(format_types
& kFormatUrlOmitTrailingSlashOnBareHostname
) ||
1823 !CanStripTrailingSlash(url
)) {
1824 AppendFormattedComponent(spec
, parsed
.path
, original_offsets
,
1825 NonHostComponentTransform(unescape_rules
), &url_string
,
1826 &new_parsed
->path
, offsets_for_adjustment
);
1828 base::OffsetAdjuster
offset_adjuster(offsets_for_adjustment
);
1829 offset_adjuster
.Add(base::OffsetAdjuster::Adjustment(
1830 url_string
.length(), parsed
.path
.len
, 0));
1832 if (parsed
.query
.is_valid())
1833 url_string
.push_back('?');
1834 AppendFormattedComponent(spec
, parsed
.query
, original_offsets
,
1835 NonHostComponentTransform(unescape_rules
), &url_string
,
1836 &new_parsed
->query
, offsets_for_adjustment
);
1838 // Ref. This is valid, unescaped UTF-8, so we can just convert.
1839 if (parsed
.ref
.is_valid())
1840 url_string
.push_back('#');
1841 AppendFormattedComponent(spec
, parsed
.ref
, original_offsets
,
1842 NonHostComponentTransform(UnescapeRule::NONE
), &url_string
,
1843 &new_parsed
->ref
, offsets_for_adjustment
);
1845 // If we need to strip out http do it after the fact. This way we don't need
1846 // to worry about how offset_for_adjustment is interpreted.
1847 if (omit_http
&& StartsWith(url_string
, base::ASCIIToUTF16(kHTTP
), true)) {
1848 const size_t kHTTPSize
= arraysize(kHTTP
) - 1;
1849 url_string
= url_string
.substr(kHTTPSize
);
1850 if (offsets_for_adjustment
&& !offsets_for_adjustment
->empty()) {
1851 base::OffsetAdjuster
offset_adjuster(offsets_for_adjustment
);
1852 offset_adjuster
.Add(base::OffsetAdjuster::Adjustment(0, kHTTPSize
, 0));
1855 *prefix_end
-= kHTTPSize
;
1857 // Adjust new_parsed.
1858 DCHECK(new_parsed
->scheme
.is_valid());
1859 int delta
= -(new_parsed
->scheme
.len
+ 3); // +3 for ://.
1860 new_parsed
->scheme
.reset();
1861 AdjustAllComponentsButScheme(delta
, new_parsed
);
1864 LimitOffsets(url_string
, offsets_for_adjustment
);
1868 base::string16
FormatUrl(const GURL
& url
,
1869 const std::string
& languages
,
1870 FormatUrlTypes format_types
,
1871 UnescapeRule::Type unescape_rules
,
1872 url_parse::Parsed
* new_parsed
,
1874 size_t* offset_for_adjustment
) {
1876 if (offset_for_adjustment
)
1877 offsets
.push_back(*offset_for_adjustment
);
1878 base::string16 result
= FormatUrlWithOffsets(url
, languages
, format_types
,
1879 unescape_rules
, new_parsed
, prefix_end
, &offsets
);
1880 if (offset_for_adjustment
)
1881 *offset_for_adjustment
= offsets
[0];
1885 bool CanStripTrailingSlash(const GURL
& url
) {
1886 // Omit the path only for standard, non-file URLs with nothing but "/" after
1888 return url
.IsStandard() && !url
.SchemeIsFile() &&
1889 !url
.SchemeIsFileSystem() && !url
.has_query() && !url
.has_ref()
1890 && url
.path() == "/";
1893 GURL
SimplifyUrlForRequest(const GURL
& url
) {
1894 DCHECK(url
.is_valid());
1895 GURL::Replacements replacements
;
1896 replacements
.ClearUsername();
1897 replacements
.ClearPassword();
1898 replacements
.ClearRef();
1899 return url
.ReplaceComponents(replacements
);
1902 // Specifies a comma separated list of port numbers that should be accepted
1903 // despite bans. If the string is invalid no allowed ports are stored.
1904 void SetExplicitlyAllowedPorts(const std::string
& allowed_ports
) {
1905 if (allowed_ports
.empty())
1908 std::multiset
<int> ports
;
1910 size_t size
= allowed_ports
.size();
1911 // The comma delimiter.
1912 const std::string::value_type kComma
= ',';
1914 // Overflow is still possible for evil user inputs.
1915 for (size_t i
= 0; i
<= size
; ++i
) {
1916 // The string should be composed of only digits and commas.
1917 if (i
!= size
&& !IsAsciiDigit(allowed_ports
[i
]) &&
1918 (allowed_ports
[i
] != kComma
))
1920 if (i
== size
|| allowed_ports
[i
] == kComma
) {
1923 base::StringToInt(base::StringPiece(allowed_ports
.begin() + last
,
1924 allowed_ports
.begin() + i
),
1931 g_explicitly_allowed_ports
.Get() = ports
;
1934 ScopedPortException::ScopedPortException(int port
) : port_(port
) {
1935 g_explicitly_allowed_ports
.Get().insert(port
);
1938 ScopedPortException::~ScopedPortException() {
1939 std::multiset
<int>::iterator it
=
1940 g_explicitly_allowed_ports
.Get().find(port_
);
1941 if (it
!= g_explicitly_allowed_ports
.Get().end())
1942 g_explicitly_allowed_ports
.Get().erase(it
);
1947 bool HaveOnlyLoopbackAddresses() {
1948 #if defined(OS_ANDROID)
1949 return android::HaveOnlyLoopbackAddresses();
1950 #elif defined(OS_POSIX)
1951 struct ifaddrs
* interface_addr
= NULL
;
1952 int rv
= getifaddrs(&interface_addr
);
1954 DVLOG(1) << "getifaddrs() failed with errno = " << errno
;
1959 for (struct ifaddrs
* interface
= interface_addr
;
1961 interface
= interface
->ifa_next
) {
1962 if (!(IFF_UP
& interface
->ifa_flags
))
1964 if (IFF_LOOPBACK
& interface
->ifa_flags
)
1966 const struct sockaddr
* addr
= interface
->ifa_addr
;
1969 if (addr
->sa_family
== AF_INET6
) {
1970 // Safe cast since this is AF_INET6.
1971 const struct sockaddr_in6
* addr_in6
=
1972 reinterpret_cast<const struct sockaddr_in6
*>(addr
);
1973 const struct in6_addr
* sin6_addr
= &addr_in6
->sin6_addr
;
1974 if (IN6_IS_ADDR_LOOPBACK(sin6_addr
) || IN6_IS_ADDR_LINKLOCAL(sin6_addr
))
1977 if (addr
->sa_family
!= AF_INET6
&& addr
->sa_family
!= AF_INET
)
1983 freeifaddrs(interface_addr
);
1985 #elif defined(OS_WIN)
1986 // TODO(wtc): implement with the GetAdaptersAddresses function.
1992 #endif // defined(various platforms)
1995 AddressFamily
GetAddressFamily(const IPAddressNumber
& address
) {
1996 switch (address
.size()) {
1997 case kIPv4AddressSize
:
1998 return ADDRESS_FAMILY_IPV4
;
1999 case kIPv6AddressSize
:
2000 return ADDRESS_FAMILY_IPV6
;
2002 return ADDRESS_FAMILY_UNSPECIFIED
;
2006 int ConvertAddressFamily(AddressFamily address_family
) {
2007 switch (address_family
) {
2008 case ADDRESS_FAMILY_UNSPECIFIED
:
2010 case ADDRESS_FAMILY_IPV4
:
2012 case ADDRESS_FAMILY_IPV6
:
2019 bool ParseIPLiteralToNumber(const std::string
& ip_literal
,
2020 IPAddressNumber
* ip_number
) {
2021 // |ip_literal| could be either a IPv4 or an IPv6 literal. If it contains
2022 // a colon however, it must be an IPv6 address.
2023 if (ip_literal
.find(':') != std::string::npos
) {
2024 // GURL expects IPv6 hostnames to be surrounded with brackets.
2025 std::string host_brackets
= "[" + ip_literal
+ "]";
2026 url_parse::Component
host_comp(0, host_brackets
.size());
2028 // Try parsing the hostname as an IPv6 literal.
2029 ip_number
->resize(16); // 128 bits.
2030 return url_canon::IPv6AddressToNumber(host_brackets
.data(),
2035 // Otherwise the string is an IPv4 address.
2036 ip_number
->resize(4); // 32 bits.
2037 url_parse::Component
host_comp(0, ip_literal
.size());
2039 url_canon::CanonHostInfo::Family family
= url_canon::IPv4AddressToNumber(
2040 ip_literal
.data(), host_comp
, &(*ip_number
)[0], &num_components
);
2041 return family
== url_canon::CanonHostInfo::IPV4
;
2046 const unsigned char kIPv4MappedPrefix
[] =
2047 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
2050 IPAddressNumber
ConvertIPv4NumberToIPv6Number(
2051 const IPAddressNumber
& ipv4_number
) {
2052 DCHECK(ipv4_number
.size() == 4);
2054 // IPv4-mapped addresses are formed by:
2055 // <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>.
2056 IPAddressNumber ipv6_number
;
2057 ipv6_number
.reserve(16);
2058 ipv6_number
.insert(ipv6_number
.end(),
2060 kIPv4MappedPrefix
+ arraysize(kIPv4MappedPrefix
));
2061 ipv6_number
.insert(ipv6_number
.end(), ipv4_number
.begin(), ipv4_number
.end());
2065 bool IsIPv4Mapped(const IPAddressNumber
& address
) {
2066 if (address
.size() != kIPv6AddressSize
)
2068 return std::equal(address
.begin(),
2069 address
.begin() + arraysize(kIPv4MappedPrefix
),
2073 IPAddressNumber
ConvertIPv4MappedToIPv4(const IPAddressNumber
& address
) {
2074 DCHECK(IsIPv4Mapped(address
));
2075 return IPAddressNumber(address
.begin() + arraysize(kIPv4MappedPrefix
),
2079 bool ParseCIDRBlock(const std::string
& cidr_literal
,
2080 IPAddressNumber
* ip_number
,
2081 size_t* prefix_length_in_bits
) {
2082 // We expect CIDR notation to match one of these two templates:
2083 // <IPv4-literal> "/" <number of bits>
2084 // <IPv6-literal> "/" <number of bits>
2086 std::vector
<std::string
> parts
;
2087 base::SplitString(cidr_literal
, '/', &parts
);
2088 if (parts
.size() != 2)
2091 // Parse the IP address.
2092 if (!ParseIPLiteralToNumber(parts
[0], ip_number
))
2095 // Parse the prefix length.
2096 int number_of_bits
= -1;
2097 if (!base::StringToInt(parts
[1], &number_of_bits
))
2100 // Make sure the prefix length is in a valid range.
2101 if (number_of_bits
< 0 ||
2102 number_of_bits
> static_cast<int>(ip_number
->size() * 8))
2105 *prefix_length_in_bits
= static_cast<size_t>(number_of_bits
);
2109 bool IPNumberMatchesPrefix(const IPAddressNumber
& ip_number
,
2110 const IPAddressNumber
& ip_prefix
,
2111 size_t prefix_length_in_bits
) {
2112 // Both the input IP address and the prefix IP address should be
2113 // either IPv4 or IPv6.
2114 DCHECK(ip_number
.size() == 4 || ip_number
.size() == 16);
2115 DCHECK(ip_prefix
.size() == 4 || ip_prefix
.size() == 16);
2117 DCHECK_LE(prefix_length_in_bits
, ip_prefix
.size() * 8);
2119 // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
2120 // IPv6 addresses in order to do the comparison.
2121 if (ip_number
.size() != ip_prefix
.size()) {
2122 if (ip_number
.size() == 4) {
2123 return IPNumberMatchesPrefix(ConvertIPv4NumberToIPv6Number(ip_number
),
2124 ip_prefix
, prefix_length_in_bits
);
2126 return IPNumberMatchesPrefix(ip_number
,
2127 ConvertIPv4NumberToIPv6Number(ip_prefix
),
2128 96 + prefix_length_in_bits
);
2131 return IPNumberPrefixCheck(ip_number
, &ip_prefix
[0], prefix_length_in_bits
);
2134 const uint16
* GetPortFieldFromSockaddr(const struct sockaddr
* address
,
2135 socklen_t address_len
) {
2136 if (address
->sa_family
== AF_INET
) {
2137 DCHECK_LE(sizeof(sockaddr_in
), static_cast<size_t>(address_len
));
2138 const struct sockaddr_in
* sockaddr
=
2139 reinterpret_cast<const struct sockaddr_in
*>(address
);
2140 return &sockaddr
->sin_port
;
2141 } else if (address
->sa_family
== AF_INET6
) {
2142 DCHECK_LE(sizeof(sockaddr_in6
), static_cast<size_t>(address_len
));
2143 const struct sockaddr_in6
* sockaddr
=
2144 reinterpret_cast<const struct sockaddr_in6
*>(address
);
2145 return &sockaddr
->sin6_port
;
2152 int GetPortFromSockaddr(const struct sockaddr
* address
, socklen_t address_len
) {
2153 const uint16
* port_field
= GetPortFieldFromSockaddr(address
, address_len
);
2156 return base::NetToHost16(*port_field
);
2159 bool IsLocalhost(const std::string
& host
) {
2160 if (host
== "localhost" ||
2161 host
== "localhost.localdomain" ||
2162 host
== "localhost6" ||
2163 host
== "localhost6.localdomain6")
2166 IPAddressNumber ip_number
;
2167 if (ParseIPLiteralToNumber(host
, &ip_number
)) {
2168 size_t size
= ip_number
.size();
2170 case kIPv4AddressSize
: {
2171 IPAddressNumber localhost_prefix
;
2172 localhost_prefix
.push_back(127);
2173 for (int i
= 0; i
< 3; ++i
) {
2174 localhost_prefix
.push_back(0);
2176 return IPNumberMatchesPrefix(ip_number
, localhost_prefix
, 8);
2179 case kIPv6AddressSize
: {
2180 struct in6_addr sin6_addr
;
2181 memcpy(&sin6_addr
, &ip_number
[0], kIPv6AddressSize
);
2182 return !!IN6_IS_ADDR_LOOPBACK(&sin6_addr
);
2193 NetworkInterface::NetworkInterface() : network_prefix(0) {
2196 NetworkInterface::NetworkInterface(const std::string
& name
,
2197 const std::string
& friendly_name
,
2198 uint32 interface_index
,
2199 const IPAddressNumber
& address
,
2200 size_t network_prefix
)
2202 friendly_name(friendly_name
),
2203 interface_index(interface_index
),
2205 network_prefix(network_prefix
) {
2208 NetworkInterface::~NetworkInterface() {
2211 unsigned CommonPrefixLength(const IPAddressNumber
& a1
,
2212 const IPAddressNumber
& a2
) {
2213 DCHECK_EQ(a1
.size(), a2
.size());
2214 for (size_t i
= 0; i
< a1
.size(); ++i
) {
2215 unsigned diff
= a1
[i
] ^ a2
[i
];
2218 for (unsigned j
= 0; j
< CHAR_BIT
; ++j
) {
2219 if (diff
& (1 << (CHAR_BIT
- 1)))
2220 return i
* CHAR_BIT
+ j
;
2225 return a1
.size() * CHAR_BIT
;
2228 unsigned MaskPrefixLength(const IPAddressNumber
& mask
) {
2229 IPAddressNumber
all_ones(mask
.size(), 0xFF);
2230 return CommonPrefixLength(mask
, all_ones
);