| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/public/common/url_utils.h" |
| |
| #include <set> |
| #include <string> |
| |
| #include "base/check_op.h" |
| #include "base/containers/fixed_flat_set.h" |
| #include "base/feature_list.h" |
| #include "base/strings/string_piece.h" |
| #include "build/build_config.h" |
| #include "content/common/url_schemes.h" |
| #include "content/public/common/content_features.h" |
| #include "content/public/common/url_constants.h" |
| #include "third_party/blink/public/common/chrome_debug_urls.h" |
| #include "url/gurl.h" |
| #include "url/url_util.h" |
| |
| namespace content { |
| |
| bool HasWebUIScheme(const GURL& url) { |
| return url.SchemeIs(kChromeDevToolsScheme) || url.SchemeIs(kChromeUIScheme) || |
| url.SchemeIs(kChromeUIUntrustedScheme); |
| } |
| |
| bool IsSavableURL(const GURL& url) { |
| for (auto& scheme : GetSavableSchemes()) { |
| if (url.SchemeIs(scheme)) |
| return true; |
| } |
| return false; |
| } |
| |
| bool IsURLHandledByNetworkStack(const GURL& url) { |
| // Javascript URLs, srcdoc, schemes that don't load data should not send a |
| // request to the network stack. |
| if (url.SchemeIs(url::kJavaScriptScheme) || url.is_empty() || |
| url.IsAboutSrcdoc()) { |
| return false; |
| } |
| |
| for (const auto& scheme : url::GetEmptyDocumentSchemes()) { |
| if (url.SchemeIs(scheme)) |
| return false; |
| } |
| |
| // Renderer debug URLs (e.g. chrome://kill) are handled in the renderer |
| // process directly and should not be sent to the network stack. |
| if (blink::IsRendererDebugURL(url)) |
| return false; |
| |
| // For your information, even though a "data:" url doesn't generate actual |
| // network requests, it is handled by the network stack and so must return |
| // true. The reason is that a few "data:" urls can't be handled locally. For |
| // instance: |
| // - the ones that result in downloads. |
| // - the ones that are invalid. An error page must be served instead. |
| // - the ones that have an unsupported MIME type. |
| // - the ones that target the top-level frame on Android. |
| |
| return true; |
| } |
| |
| bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) { |
| static const auto kUnsafeSchemes = base::MakeFixedFlatSet<base::StringPiece>({ |
| url::kAboutScheme, url::kFileScheme, url::kFileSystemScheme, |
| url::kBlobScheme, |
| #if !defined(CHROMECAST_BUILD) |
| url::kDataScheme, |
| #endif |
| #if BUILDFLAG(IS_ANDROID) |
| url::kContentScheme, |
| #endif |
| }); |
| if (HasWebUIScheme(to_url)) |
| return false; |
| if (!kUnsafeSchemes.contains(to_url.scheme_piece())) |
| return true; |
| if (from_url.is_empty()) |
| return false; |
| if (from_url.SchemeIsFile() && to_url.SchemeIsFile()) |
| return true; |
| if (from_url.SchemeIsFileSystem() && to_url.SchemeIsFileSystem()) |
| return true; |
| return false; |
| } |
| |
| } // namespace content |