blob: 5fcc9b77371c5f51a7911cfaaa5ba77287832223 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/public/common/url_utils.h"
#include <set>
#include <string>
#include "base/containers/flat_set.h"
#include "base/logging.h"
#include "base/no_destructor.h"
#include "base/strings/string_piece.h"
#include "build/build_config.h"
#include "content/common/url_schemes.h"
#include "content/public/common/url_constants.h"
#include "url/gurl.h"
#include "url/url_util.h"
namespace content {
bool HasWebUIScheme(const GURL& url) {
return url.SchemeIs(kChromeDevToolsScheme) ||
url.SchemeIs(kChromeUIScheme);
}
bool IsSavableURL(const GURL& url) {
for (auto& scheme : GetSavableSchemes()) {
if (url.SchemeIs(scheme))
return true;
}
return false;
}
bool IsURLHandledByNetworkStack(const GURL& url) {
// Javascript URLs, srcdoc, schemes that don't load data should not send a
// request to the network stack.
if (url.SchemeIs(url::kJavaScriptScheme) || url.is_empty() ||
url == content::kAboutSrcDocURL) {
return false;
}
for (const auto& scheme : url::GetEmptyDocumentSchemes()) {
if (url.SchemeIs(scheme))
return false;
}
// Renderer debug URLs (e.g. chrome://kill) are handled in the renderer
// process directly and should not be sent to the network stack.
if (IsRendererDebugURL(url))
return false;
// For you information, even though a "data:" url doesn't generate actual
// network requests, it is handled by the network stack and so must return
// true. The reason is that a few "data:" urls can't be handled locally. For
// instance:
// - the ones that result in downloads.
// - the ones that are invalid. An error page must be served instead.
// - the ones that have an unsupported MIME type.
// - the ones that target the top-level frame on Android.
return true;
}
bool IsURLHandledByNetworkService(const GURL& url) {
return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsWSOrWSS() ||
url.SchemeIs(url::kFtpScheme) || url.SchemeIs(url::kGopherScheme);
}
bool IsRendererDebugURL(const GURL& url) {
if (!url.is_valid())
return false;
if (url.SchemeIs(url::kJavaScriptScheme))
return true;
if (!url.SchemeIs(kChromeUIScheme))
return false;
if (url == kChromeUICheckCrashURL || url == kChromeUIBadCastCrashURL ||
url == kChromeUICrashURL || url == kChromeUIDumpURL ||
url == kChromeUIKillURL || url == kChromeUIHangURL ||
url == kChromeUIShorthangURL || url == kChromeUIMemoryExhaustURL) {
return true;
}
#if defined(ADDRESS_SANITIZER)
if (url == kChromeUICrashHeapOverflowURL ||
url == kChromeUICrashHeapUnderflowURL ||
url == kChromeUICrashUseAfterFreeURL) {
return true;
}
#endif
#if defined(OS_WIN)
if (url == kChromeUIHeapCorruptionCrashURL)
return true;
#endif
#if DCHECK_IS_ON()
if (url == kChromeUICrashDcheckURL)
return true;
#endif
#if defined(OS_WIN) && defined(ADDRESS_SANITIZER)
if (url == kChromeUICrashCorruptHeapBlockURL ||
url == kChromeUICrashCorruptHeapURL) {
return true;
}
#endif
return false;
}
bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) {
static const base::NoDestructor<base::flat_set<base::StringPiece>>
kUnsafeSchemes(base::flat_set<base::StringPiece>({
url::kAboutScheme, url::kDataScheme, url::kFileScheme,
url::kFileSystemScheme, url::kBlobScheme,
#if defined(OS_ANDROID)
url::kContentScheme,
#endif
}));
if (HasWebUIScheme(to_url))
return false;
if (!kUnsafeSchemes->contains(to_url.scheme_piece()))
return true;
if (from_url.is_empty())
return false;
if (from_url.SchemeIsFile() && to_url.SchemeIsFile())
return true;
if (from_url.SchemeIsFileSystem() && to_url.SchemeIsFileSystem())
return true;
return false;
}
} // namespace content
|
