1/* 2 * Copyright (C) 2013 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#include "config.h" 32#include "core/loader/TextResourceDecoderBuilder.h" 33 34#include "core/dom/Document.h" 35#include "core/frame/LocalFrame.h" 36#include "core/frame/Settings.h" 37#include "platform/weborigin/SecurityOrigin.h" 38 39namespace blink { 40 41static inline bool canReferToParentFrameEncoding(const LocalFrame* frame, const LocalFrame* parentFrame) 42{ 43 return parentFrame && parentFrame->document()->securityOrigin()->canAccess(frame->document()->securityOrigin()); 44} 45 46 47TextResourceDecoderBuilder::TextResourceDecoderBuilder(const AtomicString& mimeType, const AtomicString& encoding) 48 : m_mimeType(mimeType) 49 , m_encoding(encoding) 50{ 51} 52 53TextResourceDecoderBuilder::~TextResourceDecoderBuilder() 54{ 55} 56 57 58inline PassOwnPtr<TextResourceDecoder> TextResourceDecoderBuilder::createDecoderInstance(Document* document) 59{ 60 if (LocalFrame* frame = document->frame()) { 61 if (Settings* settings = frame->settings()) 62 return TextResourceDecoder::create(m_mimeType, settings->defaultTextEncodingName(), settings->usesEncodingDetector()); 63 } 64 65 return TextResourceDecoder::create(m_mimeType, String()); 66} 67 68inline void TextResourceDecoderBuilder::setupEncoding(TextResourceDecoder* decoder, Document* document) 69{ 70 LocalFrame* frame = document->frame(); 71 LocalFrame* parentFrame = 0; 72 if (frame && frame->tree().parent() && frame->tree().parent()->isLocalFrame()) 73 parentFrame = toLocalFrame(frame->tree().parent()); 74 75 if (!m_encoding.isEmpty()) 76 decoder->setEncoding(m_encoding.string(), TextResourceDecoder::EncodingFromHTTPHeader); 77 78 // Set the hint encoding to the parent frame encoding only if 79 // the parent and the current frames share the security origin. 80 // We impose this condition because somebody can make a child frameg63 81 // containing a carefully crafted html/javascript in one encoding 82 // that can be mistaken for hintEncoding (or related encoding) by 83 // an auto detector. When interpreted in the latter, it could be 84 // an attack vector. 85 // FIXME: This might be too cautious for non-7bit-encodings and 86 // we may consider relaxing this later after testing. 87 if (frame && canReferToParentFrameEncoding(frame, parentFrame)) { 88 if (parentFrame->document()->encodingWasDetectedHeuristically()) 89 decoder->setHintEncoding(parentFrame->document()->encoding()); 90 91 if (m_encoding.isEmpty()) 92 decoder->setEncoding(parentFrame->document()->inputEncoding().string(), TextResourceDecoder::EncodingFromParentFrame); 93 } 94} 95 96PassOwnPtr<TextResourceDecoder> TextResourceDecoderBuilder::buildFor(Document* document) 97{ 98 OwnPtr<TextResourceDecoder> decoder = createDecoderInstance(document); 99 setupEncoding(decoder.get(), document); 100 return decoder.release(); 101} 102 103void TextResourceDecoderBuilder::clear() 104{ 105 m_encoding = nullAtom; 106} 107 108} 109