1 /* 2 * Copyright (C) 2013 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include "config.h" 32 #include "core/loader/TextResourceDecoderBuilder.h" 33 34 #include "core/dom/Document.h" 35 #include "core/page/Frame.h" 36 #include "core/page/Settings.h" 37 #include "weborigin/SecurityOrigin.h" 38 39 namespace WebCore { 40 41 static inline bool canReferToParentFrameEncoding(const Frame* frame, const Frame* parentFrame) 42 { 43 return parentFrame && parentFrame->document()->securityOrigin()->canAccess(frame->document()->securityOrigin()); 44 } 45 46 47 TextResourceDecoderBuilder::TextResourceDecoderBuilder(const String& mimeType, const String& encoding, bool encodingUserChoosen) 48 : m_mimeType(mimeType) 49 , m_encoding(encoding) 50 , m_encodingWasChosenByUser(encodingUserChoosen) 51 { 52 } 53 54 TextResourceDecoderBuilder::~TextResourceDecoderBuilder() 55 { 56 } 57 58 59 inline PassRefPtr<TextResourceDecoder> TextResourceDecoderBuilder::createDecoderInstance(Document* document) 60 { 61 if (Frame* frame = document->frame()) { 62 if (Settings* settings = frame->settings()) 63 return TextResourceDecoder::create(m_mimeType, settings->defaultTextEncodingName(), settings->usesEncodingDetector()); 64 } 65 66 return TextResourceDecoder::create(m_mimeType, String()); 67 } 68 69 inline void TextResourceDecoderBuilder::setupEncoding(TextResourceDecoder* decoder, Document* document) 70 { 71 Frame* frame = document->frame(); 72 Frame* parentFrame = frame ? frame->tree()->parent() : 0; 73 74 if (!m_encoding.isEmpty()) 75 decoder->setEncoding(m_encoding, m_encodingWasChosenByUser ? TextResourceDecoder::UserChosenEncoding : TextResourceDecoder::EncodingFromHTTPHeader); 76 77 // Set the hint encoding to the parent frame encoding only if 78 // the parent and the current frames share the security origin. 79 // We impose this condition because somebody can make a child frameg63 80 // containing a carefully crafted html/javascript in one encoding 81 // that can be mistaken for hintEncoding (or related encoding) by 82 // an auto detector. When interpreted in the latter, it could be 83 // an attack vector. 84 // FIXME: This might be too cautious for non-7bit-encodings and 85 // we may consider relaxing this later after testing. 86 if (frame && canReferToParentFrameEncoding(frame, parentFrame)) { 87 decoder->setHintEncoding(parentFrame->document()->decoder()); 88 if (m_encoding.isEmpty()) 89 decoder->setEncoding(parentFrame->document()->inputEncoding(), TextResourceDecoder::EncodingFromParentFrame); 90 } 91 } 92 93 PassRefPtr<TextResourceDecoder> TextResourceDecoderBuilder::buildFor(Document* document) 94 { 95 RefPtr<TextResourceDecoder> decoder = createDecoderInstance(document); 96 setupEncoding(decoder.get(), document); 97 document->setDecoder(decoder); 98 return decoder.release(); 99 } 100 101 void TextResourceDecoderBuilder::clear() 102 { 103 if (!m_encodingWasChosenByUser) 104 m_encoding = String(); 105 } 106 107 } 108