Home | History | Annotate | Download | only in weborigin 
      1 /*
      2  * Copyright (C) 2010 Apple Inc. All Rights Reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  * 1. Redistributions of source code must retain the above copyright
      8  *    notice, this list of conditions and the following disclaimer.
      9  * 2. Redistributions in binary form must reproduce the above copyright
     10  *    notice, this list of conditions and the following disclaimer in the
     11  *    documentation and/or other materials provided with the distribution.
     12  *
     13  * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
     14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
     17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
     18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
     20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
     21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  *
     25  */
     26 
     27 #include "config.h"
     28 #include "platform/weborigin/SchemeRegistry.h"
     29 
     30 #include "wtf/MainThread.h"
     31 
     32 namespace WebCore {
     33 
     34 static URLSchemesMap& localURLSchemes()
     35 {
     36     DEFINE_STATIC_LOCAL(URLSchemesMap, localSchemes, ());
     37 
     38     if (localSchemes.isEmpty())
     39         localSchemes.add("file");
     40 
     41     return localSchemes;
     42 }
     43 
     44 static URLSchemesMap& displayIsolatedURLSchemes()
     45 {
     46     DEFINE_STATIC_LOCAL(URLSchemesMap, displayIsolatedSchemes, ());
     47     return displayIsolatedSchemes;
     48 }
     49 
     50 static URLSchemesMap& secureSchemes()
     51 {
     52     DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ());
     53 
     54     if (secureSchemes.isEmpty()) {
     55         secureSchemes.add("https");
     56         secureSchemes.add("about");
     57         secureSchemes.add("data");
     58         secureSchemes.add("wss");
     59     }
     60 
     61     return secureSchemes;
     62 }
     63 
     64 static URLSchemesMap& schemesWithUniqueOrigins()
     65 {
     66     DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
     67 
     68     if (schemesWithUniqueOrigins.isEmpty()) {
     69         schemesWithUniqueOrigins.add("about");
     70         schemesWithUniqueOrigins.add("javascript");
     71         // This is a willful violation of HTML5.
     72         // See https://bugs.webkit.org/show_bug.cgi?id=11885
     73         schemesWithUniqueOrigins.add("data");
     74     }
     75 
     76     return schemesWithUniqueOrigins;
     77 }
     78 
     79 static URLSchemesMap& emptyDocumentSchemes()
     80 {
     81     DEFINE_STATIC_LOCAL(URLSchemesMap, emptyDocumentSchemes, ());
     82 
     83     if (emptyDocumentSchemes.isEmpty())
     84         emptyDocumentSchemes.add("about");
     85 
     86     return emptyDocumentSchemes;
     87 }
     88 
     89 static HashSet<String>& schemesForbiddenFromDomainRelaxation()
     90 {
     91     DEFINE_STATIC_LOCAL(HashSet<String>, schemes, ());
     92     return schemes;
     93 }
     94 
     95 static URLSchemesMap& canDisplayOnlyIfCanRequestSchemes()
     96 {
     97     DEFINE_STATIC_LOCAL(URLSchemesMap, canDisplayOnlyIfCanRequestSchemes, ());
     98 
     99     if (canDisplayOnlyIfCanRequestSchemes.isEmpty()) {
    100         canDisplayOnlyIfCanRequestSchemes.add("blob");
    101         canDisplayOnlyIfCanRequestSchemes.add("filesystem");
    102     }
    103 
    104     return canDisplayOnlyIfCanRequestSchemes;
    105 }
    106 
    107 static URLSchemesMap& notAllowingJavascriptURLsSchemes()
    108 {
    109     DEFINE_STATIC_LOCAL(URLSchemesMap, notAllowingJavascriptURLsSchemes, ());
    110     return notAllowingJavascriptURLsSchemes;
    111 }
    112 
    113 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme)
    114 {
    115     localURLSchemes().add(scheme);
    116 }
    117 
    118 void SchemeRegistry::removeURLSchemeRegisteredAsLocal(const String& scheme)
    119 {
    120     if (scheme == "file")
    121         return;
    122     localURLSchemes().remove(scheme);
    123 }
    124 
    125 const URLSchemesMap& SchemeRegistry::localSchemes()
    126 {
    127     return localURLSchemes();
    128 }
    129 
    130 static URLSchemesMap& CORSEnabledSchemes()
    131 {
    132     // FIXME: http://bugs.webkit.org/show_bug.cgi?id=77160
    133     DEFINE_STATIC_LOCAL(URLSchemesMap, CORSEnabledSchemes, ());
    134 
    135     if (CORSEnabledSchemes.isEmpty()) {
    136         CORSEnabledSchemes.add("http");
    137         CORSEnabledSchemes.add("https");
    138         CORSEnabledSchemes.add("data");
    139     }
    140 
    141     return CORSEnabledSchemes;
    142 }
    143 
    144 static URLSchemesMap& ContentSecurityPolicyBypassingSchemes()
    145 {
    146     DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ());
    147     return schemes;
    148 }
    149 
    150 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme)
    151 {
    152     if (scheme.isEmpty())
    153         return false;
    154     return localURLSchemes().contains(scheme);
    155 }
    156 
    157 void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme)
    158 {
    159     schemesWithUniqueOrigins().add(scheme);
    160 }
    161 
    162 bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme)
    163 {
    164     if (scheme.isEmpty())
    165         return false;
    166     return schemesWithUniqueOrigins().contains(scheme);
    167 }
    168 
    169 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme)
    170 {
    171     displayIsolatedURLSchemes().add(scheme);
    172 }
    173 
    174 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(const String& scheme)
    175 {
    176     if (scheme.isEmpty())
    177         return false;
    178     return displayIsolatedURLSchemes().contains(scheme);
    179 }
    180 
    181 void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme)
    182 {
    183     secureSchemes().add(scheme);
    184 }
    185 
    186 bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme)
    187 {
    188     if (scheme.isEmpty())
    189         return false;
    190     return secureSchemes().contains(scheme);
    191 }
    192 
    193 void SchemeRegistry::registerURLSchemeAsEmptyDocument(const String& scheme)
    194 {
    195     emptyDocumentSchemes().add(scheme);
    196 }
    197 
    198 bool SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(const String& scheme)
    199 {
    200     if (scheme.isEmpty())
    201         return false;
    202     return emptyDocumentSchemes().contains(scheme);
    203 }
    204 
    205 void SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String& scheme)
    206 {
    207     if (scheme.isEmpty())
    208         return;
    209 
    210     if (forbidden)
    211         schemesForbiddenFromDomainRelaxation().add(scheme);
    212     else
    213         schemesForbiddenFromDomainRelaxation().remove(scheme);
    214 }
    215 
    216 bool SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(const String& scheme)
    217 {
    218     if (scheme.isEmpty())
    219         return false;
    220     return schemesForbiddenFromDomainRelaxation().contains(scheme);
    221 }
    222 
    223 bool SchemeRegistry::canDisplayOnlyIfCanRequest(const String& scheme)
    224 {
    225     if (scheme.isEmpty())
    226         return false;
    227     return canDisplayOnlyIfCanRequestSchemes().contains(scheme);
    228 }
    229 
    230 void SchemeRegistry::registerAsCanDisplayOnlyIfCanRequest(const String& scheme)
    231 {
    232     canDisplayOnlyIfCanRequestSchemes().add(scheme);
    233 }
    234 
    235 void SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
    236 {
    237     notAllowingJavascriptURLsSchemes().add(scheme);
    238 }
    239 
    240 bool SchemeRegistry::shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
    241 {
    242     if (scheme.isEmpty())
    243         return false;
    244     return notAllowingJavascriptURLsSchemes().contains(scheme);
    245 }
    246 
    247 void SchemeRegistry::registerURLSchemeAsCORSEnabled(const String& scheme)
    248 {
    249     CORSEnabledSchemes().add(scheme);
    250 }
    251 
    252 bool SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(const String& scheme)
    253 {
    254     if (scheme.isEmpty())
    255         return false;
    256     return CORSEnabledSchemes().contains(scheme);
    257 }
    258 
    259 void SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme)
    260 {
    261     ContentSecurityPolicyBypassingSchemes().add(scheme);
    262 }
    263 
    264 void SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme)
    265 {
    266     ContentSecurityPolicyBypassingSchemes().remove(scheme);
    267 }
    268 
    269 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy(const String& scheme)
    270 {
    271     if (scheme.isEmpty())
    272         return false;
    273     return ContentSecurityPolicyBypassingSchemes().contains(scheme);
    274 }
    275 
    276 } // namespace WebCore
    277