Remove credentials from view-source URLs

Task-number: QTBUG-65997
Change-Id: Icb55326c51f1dfff77e8e862e9ced619be17ead1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

3 files changed, 81 insertions, 8 deletions

diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp
index 1c856e5b2..316ee9b94 100644
--- a/src/core/web_contents_delegate_qt.cpp
+++ b/src/core/web_contents_delegate_qt.cpp
@@ -77,6 +77,7 @@
 #include "content/public/common/url_constants.h"
 #include "content/public/common/web_preferences.h"
 #include "net/base/data_url.h"
+#include "net/base/url_util.h"
 
 #include <QDesktopServices>
 #include <QTimer>
@@ -153,17 +154,12 @@ content::WebContents *WebContentsDelegateQt::OpenURLFromTab(content::WebContents
 
 static bool shouldUseActualURL(const content::NavigationEntry *entry)
 {
-    if (!entry)
-        return false;
+    Q_ASSERT(entry);
 
     // Show actual URL for data URLs only
     if (!entry->GetURL().SchemeIs(url::kDataScheme))
         return false;
 
-    // Keep view-source: prefix
-    if (entry->IsViewSourceMode())
-        return false;
-
     // Do not show data URL of interstitial and error pages
     if (entry->GetPageType() != content::PAGE_TYPE_NORMAL)
         return false;
@@ -180,9 +176,24 @@ static bool shouldUseActualURL(const content::NavigationEntry *entry)
 void WebContentsDelegateQt::NavigationStateChanged(content::WebContents* source, content::InvalidateTypes changed_flags)
 {
     if (changed_flags & content::INVALIDATE_TYPE_URL) {
-        // If there is a visible entry there are special cases when we dont wan't to use the actual URL
         content::NavigationEntry *entry = source->GetController().GetVisibleEntry();
-        QUrl newUrl = shouldUseActualURL(entry) ? toQt(entry->GetURL()) : toQt(source->GetVisibleURL());
+
+        QUrl newUrl;
+        if (source->GetVisibleURL().SchemeIs(content::kViewSourceScheme)) {
+            Q_ASSERT(entry);
+            GURL url = entry->GetURL();
+
+            // Strip user name, password and reference section from view-source URLs
+            if (url.has_password() || url.has_username() || url.has_ref()) {
+                GURL strippedUrl = net::SimplifyUrlForRequest(entry->GetURL());
+                newUrl = QUrl(QString("%1:%2").arg(content::kViewSourceScheme, QString::fromStdString(strippedUrl.spec())));
+            }
+        }
+
+        // If there is a visible entry there are special cases when we dont wan't to use the actual URL
+        if (entry && newUrl.isEmpty())
+            newUrl = shouldUseActualURL(entry) ? toQt(entry->GetURL()) : toQt(source->GetVisibleURL());
+
         if (m_url != newUrl) {
             m_url = newUrl;
             m_viewClient->urlChanged(m_url);
diff --git a/tests/auto/quick/qmltests/data/tst_viewSource.qml b/tests/auto/quick/qmltests/data/tst_viewSource.qml
index a9cf11f34..d0bc0529d 100644
--- a/tests/auto/quick/qmltests/data/tst_viewSource.qml
+++ b/tests/auto/quick/qmltests/data/tst_viewSource.qml
@@ -124,6 +124,34 @@ TestWebEngineView {
             // FIXME(pvarga): Reintroduce this check in the fix for QTBUG-56117
             //verify(!webEngineView.canViewSource);
         }
+
+        function test_viewSourceCredentials() {
+            var url = "http://user:passwd@httpbin.org/basic-auth/user/passwd";
+
+            // Test explicit view-source URL with credentials
+            webEngineView.url = Qt.resolvedUrl("view-source:" + url);
+            if (!webEngineView.waitForLoadSucceeded(12000))
+                skip("Couldn't load page from network, skipping test.");
+
+            compare(webEngineView.url, "view-source:" + url.replace("user:passwd@", ""));
+            compare(webEngineView.title, "view-source:" + url.replace("http://user:passwd@", ""));
+            titleChangedSpy.clear();
+
+            // Test ViewSource web action on URL with credentials
+            webEngineView.url = Qt.resolvedUrl(url);
+            if (!webEngineView.waitForLoadSucceeded(12000))
+                skip("Couldn't load page from network, skipping test.");
+            webEngineView.triggerWebAction(WebEngineView.ViewSource);
+            tryCompare(newViewRequestedSpy, "count", 1);
+
+            // The first titleChanged signal is emitted by adoptWebContents()
+            tryVerify(function() { return titleChangedSpy.count >= 2; });
+            compare(viewRequest.destination, WebEngineView.NewViewInTab);
+            verify(viewRequest.userInitiated);
+
+            tryCompare(webEngineView, "url", "view-source:" + url.replace("user:passwd@", ""));
+            tryCompare(webEngineView, "title", "view-source:" + url.replace("http://user:passwd@", ""));
+        }
     }
 }
 
diff --git a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp
index 7b9cc31e9..e67636378 100644
--- a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp
+++ b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp
@@ -211,6 +211,7 @@ private Q_SLOTS:
     void viewSource();
     void viewSourceURL_data();
     void viewSourceURL();
+    void viewSourceCredentials();
     void proxyConfigWithUnexpectedHostPortPair();
     void registerProtocolHandler_data();
     void registerProtocolHandler();
@@ -4190,6 +4191,39 @@ void tst_QWebEnginePage::viewSourceURL()
     QVERIFY(!page.action(QWebEnginePage::ViewSource)->isEnabled());
 }
 
+void tst_QWebEnginePage::viewSourceCredentials()
+{
+    TestPage page;
+    QSignalSpy loadFinishedSpy(&page, SIGNAL(loadFinished(bool)));
+    QSignalSpy windowCreatedSpy(&page, SIGNAL(windowCreated()));
+    QUrl url("http://user:passwd@httpbin.org/basic-auth/user/passwd");
+
+    // Test explicit view-source URL with credentials
+    page.load(QUrl(QString("view-source:" + url.toString())));
+    if (!loadFinishedSpy.wait(10000) || !loadFinishedSpy.at(0).at(0).toBool())
+        QSKIP("Couldn't load page from network, skipping test.");
+
+    QCOMPARE(page.url().toString(), QString("view-source:" + url.toDisplayString(QUrl::RemoveUserInfo)));
+    QCOMPARE(page.requestedUrl(), url);
+    QCOMPARE(page.title(), QString("view-source:" + url.toDisplayString(QUrl::RemoveScheme | QUrl::RemoveUserInfo).remove(0, 2)));
+    loadFinishedSpy.clear();
+    windowCreatedSpy.clear();
+
+    // Test ViewSource web action on URL with credentials
+    page.load(url);
+    if (!loadFinishedSpy.wait(10000) || !loadFinishedSpy.at(0).at(0).toBool())
+        QSKIP("Couldn't load page from network, skipping test.");
+    QVERIFY(page.action(QWebEnginePage::ViewSource)->isEnabled());
+
+    page.triggerAction(QWebEnginePage::ViewSource);
+    QTRY_COMPARE(windowCreatedSpy.count(), 1);
+    QCOMPARE(page.createdWindows.size(), 1);
+
+    QTRY_COMPARE(page.createdWindows[0]->url().toString(), QString("view-source:" + url.toDisplayString(QUrl::RemoveUserInfo)));
+    QTRY_COMPARE(page.createdWindows[0]->requestedUrl(), url);
+    QTRY_COMPARE(page.createdWindows[0]->title(), QString("view-source:" + url.toDisplayString(QUrl::RemoveScheme | QUrl::RemoveUserInfo).remove(0, 2)));
+}
+
 Q_DECLARE_METATYPE(QNetworkProxy::ProxyType);
 
 void tst_QWebEnginePage::proxyConfigWithUnexpectedHostPortPair()