// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // #include "chrome_frame/html_utils.h" #include <atlbase.h> #include <urlmon.h> #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "chrome/common/chrome_version_info.h" #include "chrome_frame/utils.h" #include "net/base/net_util.h" #include "webkit/common/user_agent/user_agent_util.h" const wchar_t kQuotes[] = L"\"'"; const char kXFrameOptionsHeader[] = "X-Frame-Options"; const char kXFrameOptionsValueAllowAll[] = "allowall"; HTMLScanner::StringRange::StringRange() { } HTMLScanner::StringRange::StringRange(StrPos start, StrPos end) : start_(start), end_(end) { } bool HTMLScanner::StringRange::LowerCaseEqualsASCII(const char* other) const { return ::LowerCaseEqualsASCII(start_, end_, other); } bool HTMLScanner::StringRange::Equals(const wchar_t* other) const { int ret = wcsncmp(&start_[0], other, end_ - start_); if (ret == 0) ret = (other[end_ - start_] == L'\0') ? 0 : -1; return ret == 0; } std::wstring HTMLScanner::StringRange::Copy() const { return std::wstring(start_, end_); } bool HTMLScanner::StringRange::GetTagName(std::wstring* tag_name) const { if (*start_ != L'<') { LOG(ERROR) << "Badly formatted tag found"; return false; } StrPos name_start = start_; name_start++; while (name_start < end_ && IsWhitespace(*name_start)) name_start++; if (name_start >= end_) { // We seem to have a degenerate tag (i.e. < >). Return false here. return false; } StrPos name_end = name_start + 1; while (name_end < end_ && !IsWhitespace(*name_end)) name_end++; if (name_end > end_) { // This looks like an improperly formatted tab ('<foo'). Return false here. return false; } tag_name->assign(name_start, name_end); return true; } bool HTMLScanner::StringRange::GetTagAttribute(const wchar_t* attribute_name, StringRange* attribute_value) const { if (NULL == attribute_name || NULL == attribute_value) { NOTREACHED(); return false; } // Use this so we can use the convenience method LowerCaseEqualsASCII() // from string_util.h. std::string search_name_ascii(WideToASCII(attribute_name)); base::WStringTokenizer tokenizer(start_, end_, L" =/"); tokenizer.set_options(base::WStringTokenizer::RETURN_DELIMS); // Set up the quote chars so that we get quoted attribute values as single // tokens. tokenizer.set_quote_chars(L"\"'"); const bool PARSE_STATE_NAME = true; const bool PARSE_STATE_VALUE = false; bool parse_state = PARSE_STATE_NAME; // Used to skip the first token, which is the tag name. bool first_token_skipped = false; // This is set during a loop iteration in which an '=' sign was spotted. // It is used to filter out degenerate tags such as: // <meta foo==bar> bool last_token_was_delim = false; // Set this if the attribute name has been found that we might then // pick up the value in the next loop iteration. bool attribute_name_found = false; while (tokenizer.GetNext()) { // If we have a whitespace delimiter, just keep going. Cases of this should // be reduced by the CollapseWhitespace call. If we have an '=' character, // we update our state and reiterate. if (tokenizer.token_is_delim()) { if (*tokenizer.token_begin() == L'=') { if (last_token_was_delim) { // Looks like we have a badly formed tag, just stop parsing now. return false; } parse_state = !parse_state; last_token_was_delim = true; } continue; } last_token_was_delim = false; // The first non-delimiter token is the tag name, which we don't want. if (!first_token_skipped) { first_token_skipped = true; continue; } if (PARSE_STATE_NAME == parse_state) { // We have a tag name, check to see if it matches our target name: if (::LowerCaseEqualsASCII(tokenizer.token_begin(), tokenizer.token_end(), search_name_ascii.c_str())) { attribute_name_found = true; continue; } } else if (PARSE_STATE_VALUE == parse_state && attribute_name_found) { attribute_value->start_ = tokenizer.token_begin(); attribute_value->end_ = tokenizer.token_end(); // Unquote the attribute value if need be. attribute_value->UnQuote(); return true; } else if (PARSE_STATE_VALUE == parse_state) { // If we haven't found the attribute name we want yet, ignore this token // and go back to looking for our name. parse_state = PARSE_STATE_NAME; } } return false; } bool HTMLScanner::StringRange::UnQuote() { if (start_ + 2 > end_) { // String's too short to be quoted, bail. return false; } if ((*start_ == L'\'' && *(end_ - 1) == L'\'') || (*start_ == L'"' && *(end_ - 1) == L'"')) { start_ = start_ + 1; end_ = end_ - 1; return true; } return false; } HTMLScanner::HTMLScanner(const wchar_t* html_string) : html_string_(CollapseWhitespace(html_string, true)), quotes_(kQuotes) { } void HTMLScanner::GetTagsByName(const wchar_t* name, StringRangeList* tag_list, const wchar_t* stop_tag) { DCHECK(NULL != name); DCHECK(NULL != tag_list); DCHECK(NULL != stop_tag); StringRange remaining_html(html_string_.begin(), html_string_.end()); std::wstring search_name(name); TrimWhitespace(search_name, TRIM_ALL, &search_name); // Use this so we can use the convenience method LowerCaseEqualsASCII() // from string_util.h. std::string search_name_ascii(WideToASCII(search_name)); std::string stop_tag_ascii(WideToASCII(stop_tag)); StringRange current_tag; std::wstring current_name; while (NextTag(&remaining_html, ¤t_tag)) { if (current_tag.GetTagName(¤t_name)) { if (LowerCaseEqualsASCII(current_name, search_name_ascii.c_str())) { tag_list->push_back(current_tag); } else if (LowerCaseEqualsASCII(current_name, stop_tag_ascii.c_str())) { // We hit the stop tag so it's time to go home. break; } } } } struct ScanState { bool in_quote; bool in_escape; wchar_t quote_char; ScanState() : in_quote(false), in_escape(false) {} }; bool HTMLScanner::IsQuote(wchar_t c) { return quotes_.find(c) != std::wstring::npos; } bool HTMLScanner::IsHTMLCommentClose(const StringRange* html_string, StrPos pos) { if (pos < html_string->end_ && pos > html_string->start_ + 2 && *pos == L'>') { return *(pos-1) == L'-' && *(pos-2) == L'-'; } return false; } bool HTMLScanner::IsIEConditionalCommentClose(const StringRange* html_string, StrPos pos) { if (pos < html_string->end_ && pos > html_string->start_ + 2 && *pos == L'>') { return *(pos-1) == L']'; } return false; } bool HTMLScanner::NextTag(StringRange* html_string, StringRange* tag) { DCHECK(NULL != html_string); DCHECK(NULL != tag); tag->start_ = html_string->start_; while (tag->start_ < html_string->end_ && *tag->start_ != L'<') { tag->start_++; } // we went past the end of the string. if (tag->start_ >= html_string->end_) { return false; } tag->end_ = tag->start_ + 1; // Get the tag name to see if we are in an HTML comment. If we are, then // don't consider quotes. This should work for example: // <!-- foo ' --> <meta foo='bar'> std::wstring tag_name; StringRange start_range(tag->start_, html_string->end_); start_range.GetTagName(&tag_name); if (StartsWith(tag_name, L"!--[if", true)) { // This looks like the beginning of an IE conditional comment, scan until // we hit the end which always looks like ']>'. For now we disregard the // contents of the condition, and always assume true. // TODO(robertshield): Optionally support the grammar defined by // http://msdn.microsoft.com/en-us/library/ms537512(VS.85).aspx#syntax. while (tag->end_ < html_string->end_ && !IsIEConditionalCommentClose(html_string, tag->end_)) { tag->end_++; } } else if (StartsWith(tag_name, L"!--", true)) { // We're inside a comment tag which ends in '-->'. Keep going until we // reach the end. while (tag->end_ < html_string->end_ && !IsHTMLCommentClose(html_string, tag->end_)) { tag->end_++; } } else if (StartsWith(tag_name, L"![endif", true)) { // We're inside the closing tag of an IE conditional comment which ends in // either '-->' of ']>'. Keep going until we reach the end. while (tag->end_ < html_string->end_ && !IsIEConditionalCommentClose(html_string, tag->end_) && !IsHTMLCommentClose(html_string, tag->end_)) { tag->end_++; } } else { // Properly handle quoted strings within non-comment tags by maintaining // some state while scanning. Specifically, we have to maintain state on // whether we are inside a string, what the string terminating character // will be and whether we are inside an escape sequence. ScanState state; while (tag->end_ < html_string->end_) { if (state.in_quote) { if (state.in_escape) { state.in_escape = false; } else if (*tag->end_ == '\\') { state.in_escape = true; } else if (*tag->end_ == state.quote_char) { state.in_quote = false; } } else { state.in_quote = IsQuote(state.quote_char = *tag->end_); } if (!state.in_quote && *tag->end_ == L'>') { break; } tag->end_++; } } // We hit the end_ but found no matching tag closure. Consider this an // incomplete tag and do not report it. if (tag->end_ >= html_string->end_) return false; // Modify html_string to point to just beyond the end_ of the current tag. html_string->start_ = tag->end_ + 1; return true; } namespace http_utils { const char kChromeFrameUserAgent[] = "chromeframe"; static char g_cf_user_agent[100] = {0}; static char g_chrome_user_agent[255] = {0}; const char* GetChromeFrameUserAgent() { if (!g_cf_user_agent[0]) { _pAtlModule->m_csStaticDataInitAndTypeInfo.Lock(); if (!g_cf_user_agent[0]) { uint32 high_version = 0, low_version = 0; GetModuleVersion(reinterpret_cast<HMODULE>(&__ImageBase), &high_version, &low_version); wsprintfA(g_cf_user_agent, "%s/%i.%i.%i.%i", kChromeFrameUserAgent, HIWORD(high_version), LOWORD(high_version), HIWORD(low_version), LOWORD(low_version)); } _pAtlModule->m_csStaticDataInitAndTypeInfo.Unlock(); } return g_cf_user_agent; } std::string AddChromeFrameToUserAgentValue(const std::string& value) { if (value.empty()) { return value; } if (value.find(kChromeFrameUserAgent) != std::string::npos) { // Our user agent has already been added. return value; } std::string ret(value); size_t insert_position = ret.find(')'); if (insert_position != std::string::npos) { if (insert_position > 1 && isalnum(ret[insert_position - 1])) ret.insert(insert_position++, ";"); ret.insert(insert_position++, " "); ret.insert(insert_position, GetChromeFrameUserAgent()); } else { ret += " "; ret += GetChromeFrameUserAgent(); } return ret; } std::string RemoveChromeFrameFromUserAgentValue(const std::string& value) { size_t cf_start = value.find(kChromeFrameUserAgent); if (cf_start == std::string::npos) { // The user agent is not present. return value; } size_t offset = 0; // If we prepended a '; ' or a ' ' then remove that in the output. if (cf_start > 1 && value[cf_start - 1] == ' ') ++offset; if (cf_start > 3 && value[cf_start - 2] == ';' && isalnum(value[cf_start - 3])) { ++offset; } std::string ret(value, 0, std::max(cf_start - offset, 0U)); cf_start += strlen(kChromeFrameUserAgent); while (cf_start < value.length() && ((value[cf_start] >= '0' && value[cf_start] <= '9') || value[cf_start] == '.' || value[cf_start] == '/')) { ++cf_start; } if (cf_start < value.length()) ret.append(value, cf_start, std::string::npos); return ret; } std::string GetDefaultUserAgentHeaderWithCFTag() { std::string ua(GetDefaultUserAgent()); return "User-Agent: " + AddChromeFrameToUserAgentValue(ua); } const char* GetChromeUserAgent() { if (!g_chrome_user_agent[0]) { _pAtlModule->m_csStaticDataInitAndTypeInfo.Lock(); if (!g_chrome_user_agent[0]) { std::string ua; chrome::VersionInfo version_info; std::string product("Chrome/"); product += version_info.is_valid() ? version_info.Version() : "0.0.0.0"; ua = webkit_glue::BuildUserAgentFromProduct(product); DCHECK(ua.length() < arraysize(g_chrome_user_agent)); lstrcpynA(g_chrome_user_agent, ua.c_str(), arraysize(g_chrome_user_agent) - 1); } _pAtlModule->m_csStaticDataInitAndTypeInfo.Unlock(); } return g_chrome_user_agent; } std::string GetDefaultUserAgent() { std::string ret; DWORD size = MAX_PATH; HRESULT hr = E_OUTOFMEMORY; for (int retries = 1; hr == E_OUTOFMEMORY && retries <= 10; ++retries) { hr = ::ObtainUserAgentString(0, WriteInto(&ret, size + 1), &size); if (hr == E_OUTOFMEMORY) { size = MAX_PATH * retries; } else if (SUCCEEDED(hr)) { // Truncate the extra allocation. DCHECK_GT(size, 0U); ret.resize(size - 1); } } if (FAILED(hr)) { NOTREACHED() << base::StringPrintf("ObtainUserAgentString==0x%08X", hr); return std::string(); } return ret; } bool HasFrameBustingHeader(const std::string& http_headers) { // NOTE: We cannot use net::GetSpecificHeader() here since when there are // multiple instances of a header that returns the first value seen, and we // need to look at all instances. net::HttpUtil::HeadersIterator it(http_headers.begin(), http_headers.end(), "\r\n"); while (it.GetNext()) { if (!lstrcmpiA(it.name().c_str(), kXFrameOptionsHeader) && lstrcmpiA(it.values().c_str(), kXFrameOptionsValueAllowAll)) return true; } return false; } std::string GetHttpHeaderFromHeaderList(const std::string& header, const std::string& headers) { net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(), "\r\n"); while (it.GetNext()) { if (!lstrcmpiA(it.name().c_str(), header.c_str())) return std::string(it.values_begin(), it.values_end()); } return std::string(); } } // namespace http_utils