blob: 5afd2911cf38aaa8d20245a0e4ba0285805bd29a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/public/common/url_utils.h"
#include <set>
#include <string>
#include "base/check_op.h"
#include "base/containers/flat_set.h"
#include "base/feature_list.h"
#include "base/no_destructor.h"
#include "base/strings/string_piece.h"
#include "content/common/url_schemes.h"
#include "content/public/common/content_features.h"
#include "content/public/common/url_constants.h"
#include "third_party/blink/public/common/chrome_debug_urls.h"
#include "url/gurl.h"
#include "url/url_util.h"
namespace content {
bool HasWebUIScheme(const GURL& url) {
return url.SchemeIs(kChromeDevToolsScheme) || url.SchemeIs(kChromeUIScheme) ||
url.SchemeIs(kChromeUIUntrustedScheme);
}
bool IsSavableURL(const GURL& url) {
for (auto& scheme : GetSavableSchemes()) {
if (url.SchemeIs(scheme))
return true;
}
return false;
}
bool IsURLHandledByNetworkStack(const GURL& url) {
// Javascript URLs, srcdoc, schemes that don't load data should not send a
// request to the network stack.
if (url.SchemeIs(url::kJavaScriptScheme) || url.is_empty() ||
url.IsAboutSrcdoc()) {
return false;
}
for (const auto& scheme : url::GetEmptyDocumentSchemes()) {
if (url.SchemeIs(scheme))
return false;
}
// Renderer debug URLs (e.g. chrome://kill) are handled in the renderer
// process directly and should not be sent to the network stack.
if (blink::IsRendererDebugURL(url))
return false;
// For you information, even though a "data:" url doesn't generate actual
// network requests, it is handled by the network stack and so must return
// true. The reason is that a few "data:" urls can't be handled locally. For
// instance:
// - the ones that result in downloads.
// - the ones that are invalid. An error page must be served instead.
// - the ones that have an unsupported MIME type.
// - the ones that target the top-level frame on Android.
return true;
}
bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) {
static const base::NoDestructor<base::flat_set<base::StringPiece>>
kUnsafeSchemes(base::flat_set<base::StringPiece>({
url::kAboutScheme,
url::kBlobScheme,
url::kJavaScriptScheme,
#if !defined(CHROMECAST_BUILD)
url::kDataScheme,
#endif
#if defined(OS_ANDROID)
url::kContentScheme,
#endif
}));
#if defined(TOOLKIT_QT)
if (from_url.IsCustom())
return true;
#endif
if (HasWebUIScheme(to_url))
return false;
if (kUnsafeSchemes->contains(to_url.scheme_piece()))
return false;
if (from_url.is_empty())
return false;
for (const auto& local_scheme : url::GetLocalSchemes()) {
if (to_url.SchemeIs(local_scheme)) {
return from_url.SchemeIs(local_scheme);
}
}
if (to_url.SchemeIsFileSystem())
return from_url.SchemeIsFileSystem();
return true;
}
} // namespace content
|
