1 /* 2 * Copyright (C) 2010 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include "config.h" 32 #include "core/loader/FormSubmission.h" 33 34 #include "HTMLNames.h" 35 #include "core/dom/Document.h" 36 #include "core/dom/Event.h" 37 #include "core/html/DOMFormData.h" 38 #include "core/html/HTMLFormControlElement.h" 39 #include "core/html/HTMLFormElement.h" 40 #include "core/html/HTMLInputElement.h" 41 #include "core/html/parser/HTMLParserIdioms.h" 42 #include "core/loader/FormState.h" 43 #include "core/loader/FrameLoadRequest.h" 44 #include "core/loader/FrameLoader.h" 45 #include "core/platform/network/FormData.h" 46 #include "core/platform/network/FormDataBuilder.h" 47 #include "wtf/CurrentTime.h" 48 #include "wtf/text/TextEncoding.h" 49 50 namespace WebCore { 51 52 using namespace HTMLNames; 53 54 static int64_t generateFormDataIdentifier() 55 { 56 // Initialize to the current time to reduce the likelihood of generating 57 // identifiers that overlap with those from past/future browser sessions. 58 static int64_t nextIdentifier = static_cast<int64_t>(currentTime() * 1000000.0); 59 return ++nextIdentifier; 60 } 61 62 static void appendMailtoPostFormDataToURL(KURL& url, const FormData& data, const String& encodingType) 63 { 64 String body = data.flattenToString(); 65 66 if (equalIgnoringCase(encodingType, "text/plain")) { 67 // Convention seems to be to decode, and s/&/\r\n/. Also, spaces are encoded as %20. 68 body = decodeURLEscapeSequences(body.replaceWithLiteral('&', "\r\n").replace('+', ' ') + "\r\n"); 69 } 70 71 Vector<char> bodyData; 72 bodyData.append("body=", 5); 73 FormDataBuilder::encodeStringAsFormData(bodyData, body.utf8()); 74 body = String(bodyData.data(), bodyData.size()).replaceWithLiteral('+', "%20"); 75 76 String query = url.query(); 77 if (!query.isEmpty()) 78 query.append('&'); 79 query.append(body); 80 url.setQuery(query); 81 } 82 83 void FormSubmission::Attributes::parseAction(const String& action) 84 { 85 // FIXME: Can we parse into a KURL? 86 m_action = stripLeadingAndTrailingHTMLSpaces(action); 87 } 88 89 String FormSubmission::Attributes::parseEncodingType(const String& type) 90 { 91 if (equalIgnoringCase(type, "multipart/form-data")) 92 return "multipart/form-data"; 93 if (equalIgnoringCase(type, "text/plain")) 94 return "text/plain"; 95 return "application/x-www-form-urlencoded"; 96 } 97 98 void FormSubmission::Attributes::updateEncodingType(const String& type) 99 { 100 m_encodingType = parseEncodingType(type); 101 m_isMultiPartForm = (m_encodingType == "multipart/form-data"); 102 } 103 104 FormSubmission::Method FormSubmission::Attributes::parseMethodType(const String& type) 105 { 106 return equalIgnoringCase(type, "post") ? FormSubmission::PostMethod : FormSubmission::GetMethod; 107 } 108 109 void FormSubmission::Attributes::updateMethodType(const String& type) 110 { 111 m_method = parseMethodType(type); 112 } 113 114 void FormSubmission::Attributes::copyFrom(const Attributes& other) 115 { 116 m_method = other.m_method; 117 m_isMultiPartForm = other.m_isMultiPartForm; 118 119 m_action = other.m_action; 120 m_target = other.m_target; 121 m_encodingType = other.m_encodingType; 122 m_acceptCharset = other.m_acceptCharset; 123 } 124 125 inline FormSubmission::FormSubmission(Method method, const KURL& action, const String& target, const String& contentType, PassRefPtr<FormState> state, PassRefPtr<FormData> data, const String& boundary, PassRefPtr<Event> event) 126 : m_method(method) 127 , m_action(action) 128 , m_target(target) 129 , m_contentType(contentType) 130 , m_formState(state) 131 , m_formData(data) 132 , m_boundary(boundary) 133 , m_event(event) 134 { 135 } 136 137 PassRefPtr<FormSubmission> FormSubmission::create(HTMLFormElement* form, const Attributes& attributes, PassRefPtr<Event> event, FormSubmissionTrigger trigger) 138 { 139 ASSERT(form); 140 141 HTMLFormControlElement* submitButton = 0; 142 if (event && event->target()) { 143 for (Node* node = event->target()->toNode(); node; node = node->parentNode()) { 144 if (node->isElementNode() && toElement(node)->isFormControlElement()) { 145 submitButton = toHTMLFormControlElement(node); 146 break; 147 } 148 } 149 } 150 151 FormSubmission::Attributes copiedAttributes; 152 copiedAttributes.copyFrom(attributes); 153 if (submitButton) { 154 String attributeValue; 155 if (!(attributeValue = submitButton->getAttribute(formactionAttr)).isNull()) 156 copiedAttributes.parseAction(attributeValue); 157 if (!(attributeValue = submitButton->getAttribute(formenctypeAttr)).isNull()) 158 copiedAttributes.updateEncodingType(attributeValue); 159 if (!(attributeValue = submitButton->getAttribute(formmethodAttr)).isNull()) 160 copiedAttributes.updateMethodType(attributeValue); 161 if (!(attributeValue = submitButton->getAttribute(formtargetAttr)).isNull()) 162 copiedAttributes.setTarget(attributeValue); 163 } 164 165 Document* document = form->document(); 166 KURL actionURL = document->completeURL(copiedAttributes.action().isEmpty() ? document->url().string() : copiedAttributes.action()); 167 bool isMailtoForm = actionURL.protocolIs("mailto"); 168 bool isMultiPartForm = false; 169 String encodingType = copiedAttributes.encodingType(); 170 171 if (copiedAttributes.method() == PostMethod) { 172 isMultiPartForm = copiedAttributes.isMultiPartForm(); 173 if (isMultiPartForm && isMailtoForm) { 174 encodingType = "application/x-www-form-urlencoded"; 175 isMultiPartForm = false; 176 } 177 } 178 179 WTF::TextEncoding dataEncoding = isMailtoForm ? UTF8Encoding() : FormDataBuilder::encodingFromAcceptCharset(copiedAttributes.acceptCharset(), document); 180 RefPtr<DOMFormData> domFormData = DOMFormData::create(dataEncoding.encodingForFormSubmission()); 181 Vector<pair<String, String> > formValues; 182 183 bool containsPasswordData = false; 184 for (unsigned i = 0; i < form->associatedElements().size(); ++i) { 185 FormAssociatedElement* control = form->associatedElements()[i]; 186 HTMLElement* element = toHTMLElement(control); 187 if (!element->isDisabledFormControl()) 188 control->appendFormData(*domFormData, isMultiPartForm); 189 if (element->hasTagName(inputTag)) { 190 HTMLInputElement* input = toHTMLInputElement(element); 191 if (input->isTextField()) 192 formValues.append(pair<String, String>(input->name().string(), input->value())); 193 if (input->isPasswordField() && !input->value().isEmpty()) 194 containsPasswordData = true; 195 } 196 } 197 198 RefPtr<FormData> formData; 199 String boundary; 200 201 if (isMultiPartForm) { 202 formData = FormData::createMultiPart(*(static_cast<FormDataList*>(domFormData.get())), domFormData->encoding(), document); 203 boundary = formData->boundary().data(); 204 } else { 205 formData = FormData::create(*(static_cast<FormDataList*>(domFormData.get())), domFormData->encoding(), attributes.method() == GetMethod ? FormData::FormURLEncoded : FormData::parseEncodingType(encodingType)); 206 if (copiedAttributes.method() == PostMethod && isMailtoForm) { 207 // Convert the form data into a string that we put into the URL. 208 appendMailtoPostFormDataToURL(actionURL, *formData, encodingType); 209 formData = FormData::create(); 210 } 211 } 212 213 formData->setIdentifier(generateFormDataIdentifier()); 214 formData->setContainsPasswordData(containsPasswordData); 215 String targetOrBaseTarget = copiedAttributes.target().isEmpty() ? document->baseTarget() : copiedAttributes.target(); 216 RefPtr<FormState> formState = FormState::create(form, formValues, document, trigger); 217 return adoptRef(new FormSubmission(copiedAttributes.method(), actionURL, targetOrBaseTarget, encodingType, formState.release(), formData.release(), boundary, event)); 218 } 219 220 KURL FormSubmission::requestURL() const 221 { 222 if (m_method == FormSubmission::PostMethod) 223 return m_action; 224 225 KURL requestURL(m_action); 226 requestURL.setQuery(m_formData->flattenToString()); 227 return requestURL; 228 } 229 230 void FormSubmission::populateFrameLoadRequest(FrameLoadRequest& frameRequest) 231 { 232 if (!m_target.isEmpty()) 233 frameRequest.setFrameName(m_target); 234 235 if (!m_referrer.isEmpty()) 236 frameRequest.resourceRequest().setHTTPReferrer(m_referrer); 237 238 if (m_method == FormSubmission::PostMethod) { 239 frameRequest.resourceRequest().setHTTPMethod("POST"); 240 frameRequest.resourceRequest().setHTTPBody(m_formData); 241 242 // construct some user headers if necessary 243 if (m_boundary.isEmpty()) 244 frameRequest.resourceRequest().setHTTPContentType(m_contentType); 245 else 246 frameRequest.resourceRequest().setHTTPContentType(m_contentType + "; boundary=" + m_boundary); 247 } 248 249 frameRequest.resourceRequest().setURL(requestURL()); 250 FrameLoader::addHTTPOriginIfNeeded(frameRequest.resourceRequest(), m_origin); 251 } 252 253 } 254