RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 19:54:57 +00:00
Code Issues Activity Actions
serenity/Userland/Libraries/LibWeb/SecureContexts/AbstractOperations.cpp
Shannon Booth f9e5b43b7a LibWeb: Rename URL platform object to DOMURL 
Along with putting functions in the URL namespace into a DOMURL
namespace.

This is done as LibWeb is in an awkward situation where it needs
two URL classes. AK::URL is the general purpose URL class which
is all that is needed in 95% of cases. URL in the Web namespace
is needed predominantly for interfacing with the javascript
interfaces.

Because of two URLs in the same namespace, AK::URL has had to be
used throughout LibWeb. If we move AK::URL into a URL namespace,
this becomes more painful - where ::URL::URL is required to
specify the constructor (and something like
::URL::create_with_url_or_path in other places).

To fix this problem - rename the class in LibWeb implementing the
URL IDL interface to DOMURL, along with moving the other Web URL
related classes into this DOMURL folder.

One could argue that this name also makes the situation a little
more clear in LibWeb for why these two URL classes need be used
in the first place.
2024-02-25 08:54:31 +01:00

85 lines
3.7 KiB
C++
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*
* Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <AK/IPv4Address.h>
#include <AK/IPv6Address.h>
#include <AK/URL.h>
#include <LibWeb/DOMURL/DOMURL.h>
#include <LibWeb/HTML/Origin.h>
#include <LibWeb/SecureContexts/AbstractOperations.h>
namespace Web::SecureContexts {
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
Trustworthiness is_origin_potentially_trustworthy(HTML::Origin const& origin)
{
// 1. If origin is an opaque origin, return "Not Trustworthy".
if (origin.is_opaque())
return Trustworthiness::NotTrustworthy;
// 2. Assert: origin is a tuple origin.
// 3. If origins scheme is either "https" or "wss", return "Potentially Trustworthy".
// Note: This is meant to be analog to the a priori authenticated URL concept in [MIX].
if (origin.scheme().is_one_of("https"sv, "wss"sv))
return Trustworthiness::PotentiallyTrustworthy;
// 4. If origins host matches one of the CIDR notations 127.0.0.0/8 or ::1/128 [RFC4632], return "Potentially Trustworthy".
// FIXME: This would be nicer if URL::IPv4Address and URL::IPv6Address were instances of AK::IPv4Address and AK::IPv6Address
if (origin.host().has<AK::URL::IPv4Address>()) {
if ((origin.host().get<AK::URL::IPv4Address>() & 0xff000000) != 0)
return Trustworthiness::PotentiallyTrustworthy;
} else if (origin.host().has<AK::URL::IPv6Address>()) {
auto ipv6_address = origin.host().get<AK::URL::IPv6Address>();
static constexpr AK::URL::IPv6Address loopback { 0, 0, 0, 0, 0, 0, 0, 1 };
if (ipv6_address == loopback)
return Trustworthiness::PotentiallyTrustworthy;
}
// 5. If the user agent conforms to the name resolution rules in [let-localhost-be-localhost] and one of the following is true:
// - origins host is "localhost" or "localhost."
// - origins host ends with ".localhost" or ".localhost."
// then return "Potentially Trustworthy".
// Note: See §5.2 localhost for details on the requirements here.
if (origin.host().has<String>()) {
auto const& host = origin.host().get<String>();
if (host.is_one_of("localhost"sv, "localhost.")
|| host.ends_with_bytes(".localhost"sv)
|| host.ends_with_bytes(".localhost."sv)) {
return Trustworthiness::PotentiallyTrustworthy;
}
}
// 6. If origins scheme is "file", return "Potentially Trustworthy".
if (origin.scheme() == "file"sv)
return Trustworthiness::PotentiallyTrustworthy;
// 7. If origins scheme component is one which the user agent considers to be authenticated, return "Potentially Trustworthy".
// Note: See §7.1 Packaged Applications for detail here.
// 8. If origin has been configured as a trustworthy origin, return "Potentially Trustworthy".
// Note: See §7.2 Development Environments for detail here.
// 9. Return "Not Trustworthy".
return Trustworthiness::NotTrustworthy;
}
// https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy
Trustworthiness is_url_potentially_trustworthy(AK::URL const& url)
{
// 1. If url is "about:blank" or "about:srcdoc", return "Potentially Trustworthy".
if (url == "about:blank"sv || url == "about:srcdoc"sv)
return Trustworthiness::PotentiallyTrustworthy;
// 2. If urls scheme is "data", return "Potentially Trustworthy".
if (url.scheme() == "data"sv)
return Trustworthiness::PotentiallyTrustworthy;
// 3. Return the result of executing §3.1 Is origin potentially trustworthy? on urls origin.
return is_origin_potentially_trustworthy(DOMURL::url_origin(url));
}
}
Reference in a new issue View git blame Copy permalink