1 /* 2 * Copyright (C) 2010 Apple Inc. All Rights Reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 */ 26 27 #include "config.h" 28 #include "platform/weborigin/SchemeRegistry.h" 29 30 #include "wtf/MainThread.h" 31 32 namespace WebCore { 33 34 static URLSchemesMap& localURLSchemes() 35 { 36 DEFINE_STATIC_LOCAL(URLSchemesMap, localSchemes, ()); 37 38 if (localSchemes.isEmpty()) 39 localSchemes.add("file"); 40 41 return localSchemes; 42 } 43 44 static URLSchemesMap& displayIsolatedURLSchemes() 45 { 46 DEFINE_STATIC_LOCAL(URLSchemesMap, displayIsolatedSchemes, ()); 47 return displayIsolatedSchemes; 48 } 49 50 static URLSchemesMap& secureSchemes() 51 { 52 DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ()); 53 54 if (secureSchemes.isEmpty()) { 55 secureSchemes.add("https"); 56 secureSchemes.add("about"); 57 secureSchemes.add("data"); 58 secureSchemes.add("wss"); 59 } 60 61 return secureSchemes; 62 } 63 64 static URLSchemesMap& schemesWithUniqueOrigins() 65 { 66 DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ()); 67 68 if (schemesWithUniqueOrigins.isEmpty()) { 69 schemesWithUniqueOrigins.add("about"); 70 schemesWithUniqueOrigins.add("javascript"); 71 // This is a willful violation of HTML5. 72 // See https://bugs.webkit.org/show_bug.cgi?id=11885 73 schemesWithUniqueOrigins.add("data"); 74 } 75 76 return schemesWithUniqueOrigins; 77 } 78 79 static URLSchemesMap& emptyDocumentSchemes() 80 { 81 DEFINE_STATIC_LOCAL(URLSchemesMap, emptyDocumentSchemes, ()); 82 83 if (emptyDocumentSchemes.isEmpty()) 84 emptyDocumentSchemes.add("about"); 85 86 return emptyDocumentSchemes; 87 } 88 89 static HashSet<String>& schemesForbiddenFromDomainRelaxation() 90 { 91 DEFINE_STATIC_LOCAL(HashSet<String>, schemes, ()); 92 return schemes; 93 } 94 95 static URLSchemesMap& canDisplayOnlyIfCanRequestSchemes() 96 { 97 DEFINE_STATIC_LOCAL(URLSchemesMap, canDisplayOnlyIfCanRequestSchemes, ()); 98 99 if (canDisplayOnlyIfCanRequestSchemes.isEmpty()) { 100 canDisplayOnlyIfCanRequestSchemes.add("blob"); 101 canDisplayOnlyIfCanRequestSchemes.add("filesystem"); 102 } 103 104 return canDisplayOnlyIfCanRequestSchemes; 105 } 106 107 static URLSchemesMap& notAllowingJavascriptURLsSchemes() 108 { 109 DEFINE_STATIC_LOCAL(URLSchemesMap, notAllowingJavascriptURLsSchemes, ()); 110 return notAllowingJavascriptURLsSchemes; 111 } 112 113 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme) 114 { 115 localURLSchemes().add(scheme); 116 } 117 118 void SchemeRegistry::removeURLSchemeRegisteredAsLocal(const String& scheme) 119 { 120 if (scheme == "file") 121 return; 122 localURLSchemes().remove(scheme); 123 } 124 125 const URLSchemesMap& SchemeRegistry::localSchemes() 126 { 127 return localURLSchemes(); 128 } 129 130 static URLSchemesMap& CORSEnabledSchemes() 131 { 132 // FIXME: http://bugs.webkit.org/show_bug.cgi?id=77160 133 DEFINE_STATIC_LOCAL(URLSchemesMap, CORSEnabledSchemes, ()); 134 135 if (CORSEnabledSchemes.isEmpty()) { 136 CORSEnabledSchemes.add("http"); 137 CORSEnabledSchemes.add("https"); 138 CORSEnabledSchemes.add("data"); 139 } 140 141 return CORSEnabledSchemes; 142 } 143 144 static URLSchemesMap& ContentSecurityPolicyBypassingSchemes() 145 { 146 DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ()); 147 return schemes; 148 } 149 150 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme) 151 { 152 if (scheme.isEmpty()) 153 return false; 154 return localURLSchemes().contains(scheme); 155 } 156 157 void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme) 158 { 159 schemesWithUniqueOrigins().add(scheme); 160 } 161 162 bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme) 163 { 164 if (scheme.isEmpty()) 165 return false; 166 return schemesWithUniqueOrigins().contains(scheme); 167 } 168 169 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme) 170 { 171 displayIsolatedURLSchemes().add(scheme); 172 } 173 174 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(const String& scheme) 175 { 176 if (scheme.isEmpty()) 177 return false; 178 return displayIsolatedURLSchemes().contains(scheme); 179 } 180 181 void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme) 182 { 183 secureSchemes().add(scheme); 184 } 185 186 bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme) 187 { 188 if (scheme.isEmpty()) 189 return false; 190 return secureSchemes().contains(scheme); 191 } 192 193 void SchemeRegistry::registerURLSchemeAsEmptyDocument(const String& scheme) 194 { 195 emptyDocumentSchemes().add(scheme); 196 } 197 198 bool SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(const String& scheme) 199 { 200 if (scheme.isEmpty()) 201 return false; 202 return emptyDocumentSchemes().contains(scheme); 203 } 204 205 void SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String& scheme) 206 { 207 if (scheme.isEmpty()) 208 return; 209 210 if (forbidden) 211 schemesForbiddenFromDomainRelaxation().add(scheme); 212 else 213 schemesForbiddenFromDomainRelaxation().remove(scheme); 214 } 215 216 bool SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(const String& scheme) 217 { 218 if (scheme.isEmpty()) 219 return false; 220 return schemesForbiddenFromDomainRelaxation().contains(scheme); 221 } 222 223 bool SchemeRegistry::canDisplayOnlyIfCanRequest(const String& scheme) 224 { 225 if (scheme.isEmpty()) 226 return false; 227 return canDisplayOnlyIfCanRequestSchemes().contains(scheme); 228 } 229 230 void SchemeRegistry::registerAsCanDisplayOnlyIfCanRequest(const String& scheme) 231 { 232 canDisplayOnlyIfCanRequestSchemes().add(scheme); 233 } 234 235 void SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(const String& scheme) 236 { 237 notAllowingJavascriptURLsSchemes().add(scheme); 238 } 239 240 bool SchemeRegistry::shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String& scheme) 241 { 242 if (scheme.isEmpty()) 243 return false; 244 return notAllowingJavascriptURLsSchemes().contains(scheme); 245 } 246 247 void SchemeRegistry::registerURLSchemeAsCORSEnabled(const String& scheme) 248 { 249 CORSEnabledSchemes().add(scheme); 250 } 251 252 bool SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(const String& scheme) 253 { 254 if (scheme.isEmpty()) 255 return false; 256 return CORSEnabledSchemes().contains(scheme); 257 } 258 259 void SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme) 260 { 261 ContentSecurityPolicyBypassingSchemes().add(scheme); 262 } 263 264 void SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme) 265 { 266 ContentSecurityPolicyBypassingSchemes().remove(scheme); 267 } 268 269 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy(const String& scheme) 270 { 271 if (scheme.isEmpty()) 272 return false; 273 return ContentSecurityPolicyBypassingSchemes().contains(scheme); 274 } 275 276 } // namespace WebCore 277