forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[OutOfBlinkSandbox] Move parser to services/network.
Move the sandbox flags parser from blink to network. Design doc: https://docs.google.com/document/d/1PechV73KKMF8leh7uTlyGkR32kD5qILvu3ZeG8TYGfk/edit?usp=drive_web&ouid=112561809712693690020 Bug: 1041376 Change-Id: Ifbae41fa9e8b3ad86e6dca29594b7a1e9c5be8a7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2129699 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#761883}
- Loading branch information
1 parent
ce8e90d
commit 7a3477d
Showing
7 changed files
with
161 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "services/network/public/cpp/web_sandbox_flags.h" | ||
#include <set> | ||
#include "base/stl_util.h" | ||
#include "base/strings/string_split.h" | ||
#include "base/strings/string_util.h" | ||
#include "services/network/public/mojom/web_sandbox_flags.mojom.h" | ||
|
||
namespace network { | ||
|
||
using mojom::WebSandboxFlags; | ||
namespace { | ||
|
||
// See: https://infra.spec.whatwg.org/#ascii-whitespace | ||
// This is different from: base::kWhitespaceASCII. | ||
const char* kHtmlWhitespace = " \n\t\r\f"; | ||
|
||
WebSandboxFlags ParseWebSandboxToken(const base::StringPiece& token) { | ||
constexpr struct { | ||
const char* token; | ||
WebSandboxFlags flags; | ||
} table[] = { | ||
{"allow-downloads", WebSandboxFlags::kDownloads}, | ||
{"allow-forms", WebSandboxFlags::kForms}, | ||
{"allow-modals", WebSandboxFlags::kModals}, | ||
{"allow-orientation-lock", WebSandboxFlags::kOrientationLock}, | ||
{"allow-pointer-lock", WebSandboxFlags::kPointerLock}, | ||
{"allow-popups", WebSandboxFlags::kPopups}, | ||
{"allow-popups-to-escape-sandbox", | ||
WebSandboxFlags::kPropagatesToAuxiliaryBrowsingContexts}, | ||
{"allow-presentation", WebSandboxFlags::kPresentationController}, | ||
{"allow-same-origin", WebSandboxFlags::kOrigin}, | ||
{"allow-scripts", | ||
WebSandboxFlags::kAutomaticFeatures | WebSandboxFlags::kScripts}, | ||
{"allow-storage-access-by-user-activation", | ||
WebSandboxFlags::kStorageAccessByUserActivation}, | ||
{"allow-top-navigation", WebSandboxFlags::kTopNavigation}, | ||
{"allow-top-navigation-by-user-activation", | ||
WebSandboxFlags::kTopNavigationByUserActivation}, | ||
}; | ||
|
||
for (const auto& it : table) { | ||
if (CompareCaseInsensitiveASCII(it.token, token) == 0) | ||
return it.flags; | ||
} | ||
|
||
return WebSandboxFlags::kNone; // Not found. | ||
} | ||
|
||
} // namespace | ||
|
||
// See: http://www.w3.org/TR/html5/the-iframe-element.html#attr-iframe-sandbox | ||
WebSandboxFlagsParsingResult ParseWebSandboxPolicy( | ||
const base::StringPiece& input, | ||
WebSandboxFlags ignored_flags) { | ||
WebSandboxFlagsParsingResult out; | ||
out.flags = WebSandboxFlags::kAll; | ||
|
||
std::vector<base::StringPiece> error_tokens; | ||
for (const auto& token : | ||
base::SplitStringPiece(input, kHtmlWhitespace, base::KEEP_WHITESPACE, | ||
base::SPLIT_WANT_NONEMPTY)) { | ||
WebSandboxFlags flags = ~ParseWebSandboxToken(token); | ||
flags |= ignored_flags; | ||
out.flags &= flags; | ||
if (flags == WebSandboxFlags::kAll) | ||
error_tokens.push_back(token); | ||
} | ||
|
||
if (!error_tokens.empty()) { | ||
// Some tests expect the order of error tokens to be preserved, while | ||
// removing the duplicates: | ||
// See /fast/frames/sandboxed-iframe-attribute-parsing-03.html | ||
std::set<base::StringPiece> set; | ||
base::EraseIf(error_tokens, [&](auto x) { return !set.insert(x).second; }); | ||
|
||
out.error_message = | ||
"'" + base::JoinString(error_tokens, "', '") + | ||
(error_tokens.size() > 1 ? "' are invalid sandbox flags." | ||
: "' is an invalid sandbox flag."); | ||
} | ||
|
||
return out; | ||
} | ||
|
||
} // namespace network |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters