1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 // 5 #include "chrome_frame/html_utils.h" 6 7 #include <atlbase.h> 8 #include <urlmon.h> 9 10 #include "base/strings/string_tokenizer.h" 11 #include "base/strings/string_util.h" 12 #include "base/strings/stringprintf.h" 13 #include "chrome/common/chrome_version_info.h" 14 #include "chrome_frame/utils.h" 15 #include "net/base/net_util.h" 16 #include "webkit/common/user_agent/user_agent_util.h" 17 18 const wchar_t kQuotes[] = L"\"'"; 19 const char kXFrameOptionsHeader[] = "X-Frame-Options"; 20 const char kXFrameOptionsValueAllowAll[] = "allowall"; 21 22 HTMLScanner::StringRange::StringRange() { 23 } 24 25 HTMLScanner::StringRange::StringRange(StrPos start, StrPos end) 26 : start_(start), end_(end) { 27 } 28 29 bool HTMLScanner::StringRange::LowerCaseEqualsASCII(const char* other) const { 30 return ::LowerCaseEqualsASCII(start_, end_, other); 31 } 32 33 bool HTMLScanner::StringRange::Equals(const wchar_t* other) const { 34 int ret = wcsncmp(&start_[0], other, end_ - start_); 35 if (ret == 0) 36 ret = (other[end_ - start_] == L'\0') ? 0 : -1; 37 return ret == 0; 38 } 39 40 std::wstring HTMLScanner::StringRange::Copy() const { 41 return std::wstring(start_, end_); 42 } 43 44 bool HTMLScanner::StringRange::GetTagName(std::wstring* tag_name) const { 45 if (*start_ != L'<') { 46 LOG(ERROR) << "Badly formatted tag found"; 47 return false; 48 } 49 50 StrPos name_start = start_; 51 name_start++; 52 while (name_start < end_ && IsWhitespace(*name_start)) 53 name_start++; 54 55 if (name_start >= end_) { 56 // We seem to have a degenerate tag (i.e. < >). Return false here. 57 return false; 58 } 59 60 StrPos name_end = name_start + 1; 61 while (name_end < end_ && !IsWhitespace(*name_end)) 62 name_end++; 63 64 if (name_end > end_) { 65 // This looks like an improperly formatted tab ('<foo'). Return false here. 66 return false; 67 } 68 69 tag_name->assign(name_start, name_end); 70 return true; 71 } 72 73 74 bool HTMLScanner::StringRange::GetTagAttribute(const wchar_t* attribute_name, 75 StringRange* attribute_value) const { 76 if (NULL == attribute_name || NULL == attribute_value) { 77 NOTREACHED(); 78 return false; 79 } 80 81 // Use this so we can use the convenience method LowerCaseEqualsASCII() 82 // from string_util.h. 83 std::string search_name_ascii(WideToASCII(attribute_name)); 84 85 base::WStringTokenizer tokenizer(start_, end_, L" =/"); 86 tokenizer.set_options(base::WStringTokenizer::RETURN_DELIMS); 87 88 // Set up the quote chars so that we get quoted attribute values as single 89 // tokens. 90 tokenizer.set_quote_chars(L"\"'"); 91 92 const bool PARSE_STATE_NAME = true; 93 const bool PARSE_STATE_VALUE = false; 94 bool parse_state = PARSE_STATE_NAME; 95 96 // Used to skip the first token, which is the tag name. 97 bool first_token_skipped = false; 98 99 // This is set during a loop iteration in which an '=' sign was spotted. 100 // It is used to filter out degenerate tags such as: 101 // <meta foo==bar> 102 bool last_token_was_delim = false; 103 104 // Set this if the attribute name has been found that we might then 105 // pick up the value in the next loop iteration. 106 bool attribute_name_found = false; 107 108 while (tokenizer.GetNext()) { 109 // If we have a whitespace delimiter, just keep going. Cases of this should 110 // be reduced by the CollapseWhitespace call. If we have an '=' character, 111 // we update our state and reiterate. 112 if (tokenizer.token_is_delim()) { 113 if (*tokenizer.token_begin() == L'=') { 114 if (last_token_was_delim) { 115 // Looks like we have a badly formed tag, just stop parsing now. 116 return false; 117 } 118 parse_state = !parse_state; 119 last_token_was_delim = true; 120 } 121 continue; 122 } 123 124 last_token_was_delim = false; 125 126 // The first non-delimiter token is the tag name, which we don't want. 127 if (!first_token_skipped) { 128 first_token_skipped = true; 129 continue; 130 } 131 132 if (PARSE_STATE_NAME == parse_state) { 133 // We have a tag name, check to see if it matches our target name: 134 if (::LowerCaseEqualsASCII(tokenizer.token_begin(), tokenizer.token_end(), 135 search_name_ascii.c_str())) { 136 attribute_name_found = true; 137 continue; 138 } 139 } else if (PARSE_STATE_VALUE == parse_state && attribute_name_found) { 140 attribute_value->start_ = tokenizer.token_begin(); 141 attribute_value->end_ = tokenizer.token_end(); 142 143 // Unquote the attribute value if need be. 144 attribute_value->UnQuote(); 145 146 return true; 147 } else if (PARSE_STATE_VALUE == parse_state) { 148 // If we haven't found the attribute name we want yet, ignore this token 149 // and go back to looking for our name. 150 parse_state = PARSE_STATE_NAME; 151 } 152 } 153 154 return false; 155 } 156 157 bool HTMLScanner::StringRange::UnQuote() { 158 if (start_ + 2 > end_) { 159 // String's too short to be quoted, bail. 160 return false; 161 } 162 163 if ((*start_ == L'\'' && *(end_ - 1) == L'\'') || 164 (*start_ == L'"' && *(end_ - 1) == L'"')) { 165 start_ = start_ + 1; 166 end_ = end_ - 1; 167 return true; 168 } 169 170 return false; 171 } 172 173 HTMLScanner::HTMLScanner(const wchar_t* html_string) 174 : html_string_(CollapseWhitespace(html_string, true)), 175 quotes_(kQuotes) { 176 } 177 178 void HTMLScanner::GetTagsByName(const wchar_t* name, StringRangeList* tag_list, 179 const wchar_t* stop_tag) { 180 DCHECK(NULL != name); 181 DCHECK(NULL != tag_list); 182 DCHECK(NULL != stop_tag); 183 184 StringRange remaining_html(html_string_.begin(), html_string_.end()); 185 186 std::wstring search_name(name); 187 TrimWhitespace(search_name, TRIM_ALL, &search_name); 188 189 // Use this so we can use the convenience method LowerCaseEqualsASCII() 190 // from string_util.h. 191 std::string search_name_ascii(WideToASCII(search_name)); 192 std::string stop_tag_ascii(WideToASCII(stop_tag)); 193 194 StringRange current_tag; 195 std::wstring current_name; 196 while (NextTag(&remaining_html, ¤t_tag)) { 197 if (current_tag.GetTagName(¤t_name)) { 198 if (LowerCaseEqualsASCII(current_name, search_name_ascii.c_str())) { 199 tag_list->push_back(current_tag); 200 } else if (LowerCaseEqualsASCII(current_name, stop_tag_ascii.c_str())) { 201 // We hit the stop tag so it's time to go home. 202 break; 203 } 204 } 205 } 206 } 207 208 struct ScanState { 209 bool in_quote; 210 bool in_escape; 211 wchar_t quote_char; 212 ScanState() : in_quote(false), in_escape(false) {} 213 }; 214 215 bool HTMLScanner::IsQuote(wchar_t c) { 216 return quotes_.find(c) != std::wstring::npos; 217 } 218 219 bool HTMLScanner::IsHTMLCommentClose(const StringRange* html_string, 220 StrPos pos) { 221 if (pos < html_string->end_ && pos > html_string->start_ + 2 && 222 *pos == L'>') { 223 return *(pos-1) == L'-' && *(pos-2) == L'-'; 224 } 225 return false; 226 } 227 228 bool HTMLScanner::IsIEConditionalCommentClose(const StringRange* html_string, 229 StrPos pos) { 230 if (pos < html_string->end_ && pos > html_string->start_ + 2 && 231 *pos == L'>') { 232 return *(pos-1) == L']'; 233 } 234 return false; 235 } 236 237 238 bool HTMLScanner::NextTag(StringRange* html_string, StringRange* tag) { 239 DCHECK(NULL != html_string); 240 DCHECK(NULL != tag); 241 242 tag->start_ = html_string->start_; 243 while (tag->start_ < html_string->end_ && *tag->start_ != L'<') { 244 tag->start_++; 245 } 246 247 // we went past the end of the string. 248 if (tag->start_ >= html_string->end_) { 249 return false; 250 } 251 252 tag->end_ = tag->start_ + 1; 253 254 // Get the tag name to see if we are in an HTML comment. If we are, then 255 // don't consider quotes. This should work for example: 256 // <!-- foo ' --> <meta foo='bar'> 257 std::wstring tag_name; 258 StringRange start_range(tag->start_, html_string->end_); 259 start_range.GetTagName(&tag_name); 260 if (StartsWith(tag_name, L"!--[if", true)) { 261 // This looks like the beginning of an IE conditional comment, scan until 262 // we hit the end which always looks like ']>'. For now we disregard the 263 // contents of the condition, and always assume true. 264 // TODO(robertshield): Optionally support the grammar defined by 265 // http://msdn.microsoft.com/en-us/library/ms537512(VS.85).aspx#syntax. 266 while (tag->end_ < html_string->end_ && 267 !IsIEConditionalCommentClose(html_string, tag->end_)) { 268 tag->end_++; 269 } 270 } else if (StartsWith(tag_name, L"!--", true)) { 271 // We're inside a comment tag which ends in '-->'. Keep going until we 272 // reach the end. 273 while (tag->end_ < html_string->end_ && 274 !IsHTMLCommentClose(html_string, tag->end_)) { 275 tag->end_++; 276 } 277 } else if (StartsWith(tag_name, L"![endif", true)) { 278 // We're inside the closing tag of an IE conditional comment which ends in 279 // either '-->' of ']>'. Keep going until we reach the end. 280 while (tag->end_ < html_string->end_ && 281 !IsIEConditionalCommentClose(html_string, tag->end_) && 282 !IsHTMLCommentClose(html_string, tag->end_)) { 283 tag->end_++; 284 } 285 } else { 286 // Properly handle quoted strings within non-comment tags by maintaining 287 // some state while scanning. Specifically, we have to maintain state on 288 // whether we are inside a string, what the string terminating character 289 // will be and whether we are inside an escape sequence. 290 ScanState state; 291 while (tag->end_ < html_string->end_) { 292 if (state.in_quote) { 293 if (state.in_escape) { 294 state.in_escape = false; 295 } else if (*tag->end_ == '\\') { 296 state.in_escape = true; 297 } else if (*tag->end_ == state.quote_char) { 298 state.in_quote = false; 299 } 300 } else { 301 state.in_quote = IsQuote(state.quote_char = *tag->end_); 302 } 303 304 if (!state.in_quote && *tag->end_ == L'>') { 305 break; 306 } 307 tag->end_++; 308 } 309 } 310 311 // We hit the end_ but found no matching tag closure. Consider this an 312 // incomplete tag and do not report it. 313 if (tag->end_ >= html_string->end_) 314 return false; 315 316 // Modify html_string to point to just beyond the end_ of the current tag. 317 html_string->start_ = tag->end_ + 1; 318 319 return true; 320 } 321 322 namespace http_utils { 323 324 const char kChromeFrameUserAgent[] = "chromeframe"; 325 static char g_cf_user_agent[100] = {0}; 326 static char g_chrome_user_agent[255] = {0}; 327 328 const char* GetChromeFrameUserAgent() { 329 if (!g_cf_user_agent[0]) { 330 _pAtlModule->m_csStaticDataInitAndTypeInfo.Lock(); 331 if (!g_cf_user_agent[0]) { 332 uint32 high_version = 0, low_version = 0; 333 GetModuleVersion(reinterpret_cast<HMODULE>(&__ImageBase), &high_version, 334 &low_version); 335 wsprintfA(g_cf_user_agent, "%s/%i.%i.%i.%i", kChromeFrameUserAgent, 336 HIWORD(high_version), LOWORD(high_version), 337 HIWORD(low_version), LOWORD(low_version)); 338 } 339 _pAtlModule->m_csStaticDataInitAndTypeInfo.Unlock(); 340 } 341 return g_cf_user_agent; 342 } 343 344 std::string AddChromeFrameToUserAgentValue(const std::string& value) { 345 if (value.empty()) { 346 return value; 347 } 348 349 if (value.find(kChromeFrameUserAgent) != std::string::npos) { 350 // Our user agent has already been added. 351 return value; 352 } 353 354 std::string ret(value); 355 size_t insert_position = ret.find(')'); 356 if (insert_position != std::string::npos) { 357 if (insert_position > 1 && isalnum(ret[insert_position - 1])) 358 ret.insert(insert_position++, ";"); 359 ret.insert(insert_position++, " "); 360 ret.insert(insert_position, GetChromeFrameUserAgent()); 361 } else { 362 ret += " "; 363 ret += GetChromeFrameUserAgent(); 364 } 365 366 return ret; 367 } 368 369 std::string RemoveChromeFrameFromUserAgentValue(const std::string& value) { 370 size_t cf_start = value.find(kChromeFrameUserAgent); 371 if (cf_start == std::string::npos) { 372 // The user agent is not present. 373 return value; 374 } 375 376 size_t offset = 0; 377 // If we prepended a '; ' or a ' ' then remove that in the output. 378 if (cf_start > 1 && value[cf_start - 1] == ' ') 379 ++offset; 380 if (cf_start > 3 && 381 value[cf_start - 2] == ';' && 382 isalnum(value[cf_start - 3])) { 383 ++offset; 384 } 385 386 std::string ret(value, 0, std::max(cf_start - offset, 0U)); 387 cf_start += strlen(kChromeFrameUserAgent); 388 while (cf_start < value.length() && 389 ((value[cf_start] >= '0' && value[cf_start] <= '9') || 390 value[cf_start] == '.' || 391 value[cf_start] == '/')) { 392 ++cf_start; 393 } 394 395 if (cf_start < value.length()) 396 ret.append(value, cf_start, std::string::npos); 397 398 return ret; 399 } 400 401 std::string GetDefaultUserAgentHeaderWithCFTag() { 402 std::string ua(GetDefaultUserAgent()); 403 return "User-Agent: " + AddChromeFrameToUserAgentValue(ua); 404 } 405 406 const char* GetChromeUserAgent() { 407 if (!g_chrome_user_agent[0]) { 408 _pAtlModule->m_csStaticDataInitAndTypeInfo.Lock(); 409 if (!g_chrome_user_agent[0]) { 410 std::string ua; 411 412 chrome::VersionInfo version_info; 413 std::string product("Chrome/"); 414 product += version_info.is_valid() ? version_info.Version() 415 : "0.0.0.0"; 416 417 ua = webkit_glue::BuildUserAgentFromProduct(product); 418 419 DCHECK(ua.length() < arraysize(g_chrome_user_agent)); 420 lstrcpynA(g_chrome_user_agent, ua.c_str(), 421 arraysize(g_chrome_user_agent) - 1); 422 } 423 _pAtlModule->m_csStaticDataInitAndTypeInfo.Unlock(); 424 } 425 return g_chrome_user_agent; 426 } 427 428 std::string GetDefaultUserAgent() { 429 std::string ret; 430 DWORD size = MAX_PATH; 431 HRESULT hr = E_OUTOFMEMORY; 432 for (int retries = 1; hr == E_OUTOFMEMORY && retries <= 10; ++retries) { 433 hr = ::ObtainUserAgentString(0, WriteInto(&ret, size + 1), &size); 434 if (hr == E_OUTOFMEMORY) { 435 size = MAX_PATH * retries; 436 } else if (SUCCEEDED(hr)) { 437 // Truncate the extra allocation. 438 DCHECK_GT(size, 0U); 439 ret.resize(size - 1); 440 } 441 } 442 443 if (FAILED(hr)) { 444 NOTREACHED() << base::StringPrintf("ObtainUserAgentString==0x%08X", hr); 445 return std::string(); 446 } 447 448 return ret; 449 } 450 451 bool HasFrameBustingHeader(const std::string& http_headers) { 452 // NOTE: We cannot use net::GetSpecificHeader() here since when there are 453 // multiple instances of a header that returns the first value seen, and we 454 // need to look at all instances. 455 net::HttpUtil::HeadersIterator it(http_headers.begin(), http_headers.end(), 456 "\r\n"); 457 while (it.GetNext()) { 458 if (!lstrcmpiA(it.name().c_str(), kXFrameOptionsHeader) && 459 lstrcmpiA(it.values().c_str(), kXFrameOptionsValueAllowAll)) 460 return true; 461 } 462 return false; 463 } 464 465 std::string GetHttpHeaderFromHeaderList(const std::string& header, 466 const std::string& headers) { 467 net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(), "\r\n"); 468 while (it.GetNext()) { 469 if (!lstrcmpiA(it.name().c_str(), header.c_str())) 470 return std::string(it.values_begin(), it.values_end()); 471 } 472 return std::string(); 473 } 474 475 } // namespace http_utils 476
