| 1 | /* |
|---|---|
| 2 | * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 3 | * Copyright (C) 2009 Google Inc. All rights reserved. |
| 4 | * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions |
| 8 | * are met: |
| 9 | * |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. Neither the name of Apple Inc. ("Apple") nor the names of |
| 16 | * its contributors may be used to endorse or promote products derived |
| 17 | * from this software without specific prior written permission. |
| 18 | * |
| 19 | * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY |
| 20 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
| 21 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| 22 | * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY |
| 23 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 24 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 25 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| 26 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 28 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | |
| 31 | #pragma once |
| 32 | |
| 33 | #include <wtf/HashSet.h> |
| 34 | #include <wtf/WallTime.h> |
| 35 | #include <wtf/text/StringHash.h> |
| 36 | |
| 37 | namespace WebCore { |
| 38 | |
| 39 | typedef HashSet<String, ASCIICaseInsensitiveHash> HTTPHeaderSet; |
| 40 | |
| 41 | enum class HTTPHeaderName; |
| 42 | |
| 43 | enum class XSSProtectionDisposition { |
| 44 | Invalid, |
| 45 | Disabled, |
| 46 | Enabled, |
| 47 | BlockEnabled, |
| 48 | }; |
| 49 | |
| 50 | enum ContentTypeOptionsDisposition { |
| 51 | ContentTypeOptionsNone, |
| 52 | ContentTypeOptionsNosniff |
| 53 | }; |
| 54 | |
| 55 | enum XFrameOptionsDisposition { |
| 56 | XFrameOptionsNone, |
| 57 | XFrameOptionsDeny, |
| 58 | XFrameOptionsSameOrigin, |
| 59 | XFrameOptionsAllowAll, |
| 60 | XFrameOptionsInvalid, |
| 61 | XFrameOptionsConflict |
| 62 | }; |
| 63 | |
| 64 | enum class CrossOriginResourcePolicy { |
| 65 | None, |
| 66 | SameOrigin, |
| 67 | SameSite, |
| 68 | Invalid |
| 69 | }; |
| 70 | |
| 71 | bool isValidReasonPhrase(const String&); |
| 72 | bool isValidHTTPHeaderValue(const String&); |
| 73 | bool isValidAcceptHeaderValue(const String&); |
| 74 | bool isValidLanguageHeaderValue(const String&); |
| 75 | bool isValidHTTPToken(const String&); |
| 76 | bool parseHTTPRefresh(const String& refresh, double& delay, String& url); |
| 77 | Optional<WallTime> parseHTTPDate(const String&); |
| 78 | String filenameFromHTTPContentDisposition(const String&); |
| 79 | String extractMIMETypeFromMediaType(const String&); |
| 80 | String extractCharsetFromMediaType(const String&); |
| 81 | void findCharsetInMediaType(const String& mediaType, unsigned int& charsetPos, unsigned int& charsetLen, unsigned int start = 0); |
| 82 | XSSProtectionDisposition parseXSSProtectionHeader(const String& header, String& failureReason, unsigned& failurePosition, String& reportURL); |
| 83 | AtomString extractReasonPhraseFromHTTPStatusLine(const String&); |
| 84 | WEBCORE_EXPORT XFrameOptionsDisposition parseXFrameOptionsHeader(const String&); |
| 85 | |
| 86 | // -1 could be set to one of the return parameters to indicate the value is not specified. |
| 87 | WEBCORE_EXPORT bool parseRange(const String&, long long& rangeOffset, long long& rangeEnd, long long& rangeSuffixLength); |
| 88 | |
| 89 | ContentTypeOptionsDisposition parseContentTypeOptionsHeader(StringView header); |
| 90 | |
| 91 | // Parsing Complete HTTP Messages. |
| 92 | enum HTTPVersion { Unknown, HTTP_1_0, HTTP_1_1 }; |
| 93 | size_t parseHTTPRequestLine(const char* data, size_t length, String& failureReason, String& method, String& url, HTTPVersion&); |
| 94 | size_t parseHTTPHeader(const char* data, size_t length, String& failureReason, StringView& nameStr, String& valueStr, bool strict = true); |
| 95 | size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned char>& body); |
| 96 | |
| 97 | // HTTP Header routine as per https://fetch.spec.whatwg.org/#terminology-headers |
| 98 | bool isForbiddenHeaderName(const String&); |
| 99 | bool isForbiddenResponseHeaderName(const String&); |
| 100 | bool isForbiddenMethod(const String&); |
| 101 | bool isSimpleHeader(const String& name, const String& value); |
| 102 | bool isCrossOriginSafeHeader(HTTPHeaderName, const HTTPHeaderSet&); |
| 103 | bool isCrossOriginSafeHeader(const String&, const HTTPHeaderSet&); |
| 104 | bool isCrossOriginSafeRequestHeader(HTTPHeaderName, const String&); |
| 105 | |
| 106 | String normalizeHTTPMethod(const String&); |
| 107 | |
| 108 | WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView); |
| 109 | |
| 110 | inline bool isHTTPSpace(UChar character) |
| 111 | { |
| 112 | return character <= ' ' && (character == ' ' || character == '\n' || character == '\t' || character == '\r'); |
| 113 | } |
| 114 | |
| 115 | // Strip leading and trailing whitespace as defined in https://fetch.spec.whatwg.org/#concept-header-value-normalize. |
| 116 | inline String stripLeadingAndTrailingHTTPSpaces(const String& string) |
| 117 | { |
| 118 | return string.stripLeadingAndTrailingCharacters(isHTTPSpace); |
| 119 | } |
| 120 | |
| 121 | inline StringView stripLeadingAndTrailingHTTPSpaces(StringView string) |
| 122 | { |
| 123 | return string.stripLeadingAndTrailingMatchedCharacters(isHTTPSpace); |
| 124 | } |
| 125 | |
| 126 | template<class HashType> |
| 127 | void addToAccessControlAllowList(const String& string, unsigned start, unsigned end, HashSet<String, HashType>& set) |
| 128 | { |
| 129 | StringImpl* stringImpl = string.impl(); |
| 130 | if (!stringImpl) |
| 131 | return; |
| 132 | |
| 133 | // Skip white space from start. |
| 134 | while (start <= end && isSpaceOrNewline((*stringImpl)[start])) |
| 135 | ++start; |
| 136 | |
| 137 | // only white space |
| 138 | if (start > end) |
| 139 | return; |
| 140 | |
| 141 | // Skip white space from end. |
| 142 | while (end && isSpaceOrNewline((*stringImpl)[end])) |
| 143 | --end; |
| 144 | |
| 145 | set.add(string.substring(start, end - start + 1)); |
| 146 | } |
| 147 | |
| 148 | template<class HashType = DefaultHash<String>::Hash> |
| 149 | HashSet<String, HashType> parseAccessControlAllowList(const String& string) |
| 150 | { |
| 151 | HashSet<String, HashType> set; |
| 152 | unsigned start = 0; |
| 153 | size_t end; |
| 154 | while ((end = string.find(',', start)) != notFound) { |
| 155 | if (start != end) |
| 156 | addToAccessControlAllowList(string, start, end - 1, set); |
| 157 | start = end + 1; |
| 158 | } |
| 159 | if (start != string.length()) |
| 160 | addToAccessControlAllowList(string, start, string.length() - 1, set); |
| 161 | return set; |
| 162 | } |
| 163 | |
| 164 | } |
| 165 |
Generated while processing webcore/Source/WebCore/Modules/beacon/NavigatorBeacon.cpp
Generated on 2019-Jul-08 from project webcore revision master
Powered by 
Code Browser 2.1
Generator usage only permitted with license.