Home | History | Annotate | Download | only in loader 
      1 /*
      2  * Copyright (C) 2013 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #include "config.h"
     32 #include "core/loader/TextResourceDecoderBuilder.h"
     33 
     34 #include "core/dom/Document.h"
     35 #include "core/frame/Frame.h"
     36 #include "core/frame/Settings.h"
     37 #include "platform/weborigin/SecurityOrigin.h"
     38 
     39 namespace WebCore {
     40 
     41 static inline bool canReferToParentFrameEncoding(const Frame* frame, const Frame* parentFrame)
     42 {
     43     return parentFrame && parentFrame->document()->securityOrigin()->canAccess(frame->document()->securityOrigin());
     44 }
     45 
     46 
     47 TextResourceDecoderBuilder::TextResourceDecoderBuilder(const AtomicString& mimeType, const AtomicString& encoding, bool encodingUserChoosen)
     48     : m_mimeType(mimeType)
     49     , m_encoding(encoding)
     50     , m_encodingWasChosenByUser(encodingUserChoosen)
     51 {
     52 }
     53 
     54 TextResourceDecoderBuilder::~TextResourceDecoderBuilder()
     55 {
     56 }
     57 
     58 
     59 inline PassOwnPtr<TextResourceDecoder> TextResourceDecoderBuilder::createDecoderInstance(Document* document)
     60 {
     61     if (Frame* frame = document->frame()) {
     62         if (Settings* settings = frame->settings())
     63             return TextResourceDecoder::create(m_mimeType, settings->defaultTextEncodingName(), settings->usesEncodingDetector());
     64     }
     65 
     66     return TextResourceDecoder::create(m_mimeType, String());
     67 }
     68 
     69 inline void TextResourceDecoderBuilder::setupEncoding(TextResourceDecoder* decoder, Document* document)
     70 {
     71     Frame* frame = document->frame();
     72     Frame* parentFrame = frame ? frame->tree().parent() : 0;
     73 
     74     if (!m_encoding.isEmpty())
     75         decoder->setEncoding(m_encoding.string(), m_encodingWasChosenByUser ? TextResourceDecoder::UserChosenEncoding : TextResourceDecoder::EncodingFromHTTPHeader);
     76 
     77     // Set the hint encoding to the parent frame encoding only if
     78     // the parent and the current frames share the security origin.
     79     // We impose this condition because somebody can make a child frameg63
     80     // containing a carefully crafted html/javascript in one encoding
     81     // that can be mistaken for hintEncoding (or related encoding) by
     82     // an auto detector. When interpreted in the latter, it could be
     83     // an attack vector.
     84     // FIXME: This might be too cautious for non-7bit-encodings and
     85     // we may consider relaxing this later after testing.
     86     if (frame && canReferToParentFrameEncoding(frame, parentFrame)) {
     87         if (parentFrame->document()->encodingWasDetectedHeuristically())
     88             decoder->setHintEncoding(parentFrame->document()->encoding());
     89 
     90         if (m_encoding.isEmpty())
     91             decoder->setEncoding(parentFrame->document()->inputEncoding().string(), TextResourceDecoder::EncodingFromParentFrame);
     92     }
     93 }
     94 
     95 PassOwnPtr<TextResourceDecoder> TextResourceDecoderBuilder::buildFor(Document* document)
     96 {
     97     OwnPtr<TextResourceDecoder> decoder = createDecoderInstance(document);
     98     setupEncoding(decoder.get(), document);
     99     return decoder.release();
    100 }
    101 
    102 void TextResourceDecoderBuilder::clear()
    103 {
    104     if (!m_encodingWasChosenByUser)
    105         m_encoding = nullAtom;
    106 }
    107 
    108 }
    109