2 * Copyright (C) 2010 Apple Inc. All Rights Reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include "platform/weborigin/SchemeRegistry.h"
30 #include "wtf/MainThread.h"
31 #include "wtf/text/StringBuilder.h"
35 static URLSchemesMap& localURLSchemes()
37 DEFINE_STATIC_LOCAL(URLSchemesMap, localSchemes, ());
39 if (localSchemes.isEmpty())
40 localSchemes.add("file");
45 static URLSchemesMap& displayIsolatedURLSchemes()
47 DEFINE_STATIC_LOCAL(URLSchemesMap, displayIsolatedSchemes, ());
48 return displayIsolatedSchemes;
51 static URLSchemesMap& secureSchemes()
53 DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ());
55 if (secureSchemes.isEmpty()) {
56 secureSchemes.add("https");
57 secureSchemes.add("about");
58 secureSchemes.add("data");
59 secureSchemes.add("wss");
65 static URLSchemesMap& schemesWithUniqueOrigins()
67 DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
69 if (schemesWithUniqueOrigins.isEmpty()) {
70 schemesWithUniqueOrigins.add("about");
71 schemesWithUniqueOrigins.add("javascript");
72 // This is a willful violation of HTML5.
73 // See https://bugs.webkit.org/show_bug.cgi?id=11885
74 schemesWithUniqueOrigins.add("data");
77 return schemesWithUniqueOrigins;
80 static URLSchemesMap& emptyDocumentSchemes()
82 DEFINE_STATIC_LOCAL(URLSchemesMap, emptyDocumentSchemes, ());
84 if (emptyDocumentSchemes.isEmpty())
85 emptyDocumentSchemes.add("about");
87 return emptyDocumentSchemes;
90 static HashSet<String>& schemesForbiddenFromDomainRelaxation()
92 DEFINE_STATIC_LOCAL(HashSet<String>, schemes, ());
96 static URLSchemesMap& canDisplayOnlyIfCanRequestSchemes()
98 DEFINE_STATIC_LOCAL(URLSchemesMap, canDisplayOnlyIfCanRequestSchemes, ());
100 if (canDisplayOnlyIfCanRequestSchemes.isEmpty()) {
101 canDisplayOnlyIfCanRequestSchemes.add("blob");
102 canDisplayOnlyIfCanRequestSchemes.add("filesystem");
105 return canDisplayOnlyIfCanRequestSchemes;
108 static URLSchemesMap& notAllowingJavascriptURLsSchemes()
110 DEFINE_STATIC_LOCAL(URLSchemesMap, notAllowingJavascriptURLsSchemes, ());
111 return notAllowingJavascriptURLsSchemes;
114 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme)
116 localURLSchemes().add(scheme);
119 void SchemeRegistry::removeURLSchemeRegisteredAsLocal(const String& scheme)
121 if (scheme == "file")
123 localURLSchemes().remove(scheme);
126 const URLSchemesMap& SchemeRegistry::localSchemes()
128 return localURLSchemes();
131 static URLSchemesMap& CORSEnabledSchemes()
133 // FIXME: http://bugs.webkit.org/show_bug.cgi?id=77160
134 DEFINE_STATIC_LOCAL(URLSchemesMap, CORSEnabledSchemes, ());
136 if (CORSEnabledSchemes.isEmpty()) {
137 CORSEnabledSchemes.add("http");
138 CORSEnabledSchemes.add("https");
139 CORSEnabledSchemes.add("data");
142 return CORSEnabledSchemes;
145 static URLSchemesMap& LegacySchemes()
147 DEFINE_STATIC_LOCAL(URLSchemesMap, LegacySchemes, ());
149 if (LegacySchemes.isEmpty()) {
150 LegacySchemes.add("ftp");
151 LegacySchemes.add("gopher");
154 return LegacySchemes;
157 static URLSchemesMap& ContentSecurityPolicyBypassingSchemes()
159 DEFINE_STATIC_LOCAL(URLSchemesMap, schemes, ());
163 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme)
165 if (scheme.isEmpty())
167 return localURLSchemes().contains(scheme);
170 void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme)
172 schemesWithUniqueOrigins().add(scheme);
175 bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme)
177 if (scheme.isEmpty())
179 return schemesWithUniqueOrigins().contains(scheme);
182 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme)
184 displayIsolatedURLSchemes().add(scheme);
187 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(const String& scheme)
189 if (scheme.isEmpty())
191 return displayIsolatedURLSchemes().contains(scheme);
194 void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme)
196 secureSchemes().add(scheme);
199 bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme)
201 if (scheme.isEmpty())
203 return secureSchemes().contains(scheme);
206 void SchemeRegistry::registerURLSchemeAsEmptyDocument(const String& scheme)
208 emptyDocumentSchemes().add(scheme);
211 bool SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(const String& scheme)
213 if (scheme.isEmpty())
215 return emptyDocumentSchemes().contains(scheme);
218 void SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String& scheme)
220 if (scheme.isEmpty())
224 schemesForbiddenFromDomainRelaxation().add(scheme);
226 schemesForbiddenFromDomainRelaxation().remove(scheme);
229 bool SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(const String& scheme)
231 if (scheme.isEmpty())
233 return schemesForbiddenFromDomainRelaxation().contains(scheme);
236 bool SchemeRegistry::canDisplayOnlyIfCanRequest(const String& scheme)
238 if (scheme.isEmpty())
240 return canDisplayOnlyIfCanRequestSchemes().contains(scheme);
243 void SchemeRegistry::registerAsCanDisplayOnlyIfCanRequest(const String& scheme)
245 canDisplayOnlyIfCanRequestSchemes().add(scheme);
248 void SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
250 notAllowingJavascriptURLsSchemes().add(scheme);
253 bool SchemeRegistry::shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String& scheme)
255 if (scheme.isEmpty())
257 return notAllowingJavascriptURLsSchemes().contains(scheme);
260 void SchemeRegistry::registerURLSchemeAsCORSEnabled(const String& scheme)
262 CORSEnabledSchemes().add(scheme);
265 bool SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(const String& scheme)
267 if (scheme.isEmpty())
269 return CORSEnabledSchemes().contains(scheme);
272 String SchemeRegistry::listOfCORSEnabledURLSchemes()
274 StringBuilder builder;
275 const URLSchemesMap& corsEnabledSchemes = CORSEnabledSchemes();
277 bool addSeparator = false;
278 for (URLSchemesMap::const_iterator it = corsEnabledSchemes.begin(); it != corsEnabledSchemes.end(); ++it) {
280 builder.appendLiteral(", ");
286 return builder.toString();
289 void SchemeRegistry::registerURLSchemeAsLegacy(const String& scheme)
291 LegacySchemes().add(scheme);
294 bool SchemeRegistry::shouldTreatURLSchemeAsLegacy(const String& scheme)
296 if (scheme.isEmpty())
298 return LegacySchemes().contains(scheme);
301 void SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme)
303 ContentSecurityPolicyBypassingSchemes().add(scheme);
306 void SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme)
308 ContentSecurityPolicyBypassingSchemes().remove(scheme);
311 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy(const String& scheme)
313 if (scheme.isEmpty())
315 return ContentSecurityPolicyBypassingSchemes().contains(scheme);