From 898c4a5351a8e377a920a24d80419481fda0fa83 Mon Sep 17 00:00:00 2001 From: Hiroshige Hayashizaki Date: Thu, 3 Dec 2020 16:33:21 +0000 Subject: [PATCH] [Import Maps] Do not allow prefix matching for non-special schemes Reflecting https://github.com/WICG/import-maps/pull/227 Bug: 848607, https://github.com/WICG/import-maps/issues/166 Change-Id: Ide80e105fc57dfa35a66051b241b699fa969fcec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2491594 Commit-Queue: Hiroshige Hayashizaki Reviewed-by: Kouhei Ueno Reviewed-by: Kinuko Yasuda Cr-Commit-Position: refs/heads/master@{#833322} GitOrigin-RevId: 895e1cd024248d79a79cc0c2f5ec1fa99e8245b2 --- blink/renderer/core/script/import_map.cc | 9 +++++ .../platform/weborigin/scheme_registry.cc | 7 ++++ .../platform/weborigin/scheme_registry.h | 3 ++ .../resolving-internal.https-expected.txt | 33 ------------------- 4 files changed, 19 insertions(+), 33 deletions(-) delete mode 100644 blink/web_tests/external/wpt/import-maps/data-driven/resolving-internal.https-expected.txt diff --git a/blink/renderer/core/script/import_map.cc b/blink/renderer/core/script/import_map.cc index 7149f83766b8..45f893924a36 100644 --- a/blink/renderer/core/script/import_map.cc +++ b/blink/renderer/core/script/import_map.cc @@ -431,6 +431,15 @@ base::Optional ImportMap::ResolveImportsMatch( return ResolveImportsMatchInternal(key, exact, debug_message); } + // ... either asURL is null, or asURL is special + if (parsed_specifier.GetType() == ParsedSpecifier::Type::kURL && + !SchemeRegistry::IsSpecialScheme(parsed_specifier.GetUrl().Protocol())) { + *debug_message = "Import Map: \"" + key + + "\" skips prefix match because of non-special URL scheme"; + + return base::nullopt; + } + // Step 1.2. if (auto prefix_match = MatchPrefix(parsed_specifier, specifier_map)) { return ResolveImportsMatchInternal(key, *prefix_match, debug_message); diff --git a/blink/renderer/platform/weborigin/scheme_registry.cc b/blink/renderer/platform/weborigin/scheme_registry.cc index 66634ce43ef6..a2cdb07a129f 100644 --- a/blink/renderer/platform/weborigin/scheme_registry.cc +++ b/blink/renderer/platform/weborigin/scheme_registry.cc @@ -320,6 +320,13 @@ bool SchemeRegistry::IsFetchScheme(const String& scheme) { scheme == "http" || scheme == "https"; } +// https://url.spec.whatwg.org/#special-scheme +bool SchemeRegistry::IsSpecialScheme(const String& scheme) { + DCHECK_EQ(scheme, scheme.LowerASCII()); + return scheme == "ftp" || scheme == "file" || scheme == "http" || + scheme == "https" || scheme == "ws" || scheme == "wss"; +} + void SchemeRegistry::RegisterURLSchemeAsFirstPartyWhenTopLevel( const String& scheme) { DCHECK_EQ(scheme, scheme.LowerASCII()); diff --git a/blink/renderer/platform/weborigin/scheme_registry.h b/blink/renderer/platform/weborigin/scheme_registry.h index be4da0937154..47dd1ccd64a3 100644 --- a/blink/renderer/platform/weborigin/scheme_registry.h +++ b/blink/renderer/platform/weborigin/scheme_registry.h @@ -110,6 +110,9 @@ class PLATFORM_EXPORT SchemeRegistry { // https://fetch.spec.whatwg.org/#fetch-scheme static bool IsFetchScheme(const String& scheme); + // https://url.spec.whatwg.org/#special-scheme + static bool IsSpecialScheme(const String& scheme); + // Schemes which override the first-/third-party checks on a Document. static void RegisterURLSchemeAsFirstPartyWhenTopLevel(const String& scheme); static void RemoveURLSchemeAsFirstPartyWhenTopLevel(const String& scheme); diff --git a/blink/web_tests/external/wpt/import-maps/data-driven/resolving-internal.https-expected.txt b/blink/web_tests/external/wpt/import-maps/data-driven/resolving-internal.https-expected.txt deleted file mode 100644 index 653b39824b51..000000000000 --- a/blink/web_tests/external/wpt/import-maps/data-driven/resolving-internal.https-expected.txt +++ /dev/null @@ -1,33 +0,0 @@ -This is a testharness.js-based test. -PASS global setup -PASS Test helper: fetching and sanity checking test JSON: resources/empty-import-map-internal.json -PASS Test helper: fetching and sanity checking test JSON: resources/url-specifiers-schemes-internal.json -PASS global cleanup -PASS non-HTTPS fetch scheme absolute URLs: about:fetch-scheme -PASS non-fetch scheme absolute URLs: about:fetch-scheme -PASS non-fetch scheme absolute URLs: mailto:non-fetch-scheme -PASS non-fetch scheme absolute URLs: import:non-fetch-scheme -PASS non-fetch scheme absolute URLs: javascript:non-fetch-scheme -PASS non-fetch scheme absolute URLs: wss:non-fetch-scheme -FAIL URL-like specifiers: Non-special vs. special schemes: data:text/javascript,console.log('foo') assert_equals: expected "data:text/javascript,console.log('foo')" but got "https://example.com/lib/test-data/javascript,console.log('foo')" -PASS URL-like specifiers: Non-special vs. special schemes: data:text/ -FAIL URL-like specifiers: Non-special vs. special schemes: about:text/foo assert_equals: expected "about:text/foo" but got "https://example.com/lib/test-about/foo" -PASS URL-like specifiers: Non-special vs. special schemes: about:text/ -FAIL URL-like specifiers: Non-special vs. special schemes: blob:text/foo assert_equals: expected "blob:text/foo" but got "https://example.com/lib/test-blob/foo" -PASS URL-like specifiers: Non-special vs. special schemes: blob:text/ -FAIL URL-like specifiers: Non-special vs. special schemes: blah:text/foo assert_equals: expected "blah:text/foo" but got "https://example.com/lib/test-blah/foo" -PASS URL-like specifiers: Non-special vs. special schemes: blah:text/ -PASS URL-like specifiers: Non-special vs. special schemes: http:text/foo -PASS URL-like specifiers: Non-special vs. special schemes: http:text/ -PASS URL-like specifiers: Non-special vs. special schemes: https:text/foo -PASS URL-like specifiers: Non-special vs. special schemes: https:text/ -PASS URL-like specifiers: Non-special vs. special schemes: ftp:text/foo -PASS URL-like specifiers: Non-special vs. special schemes: ftp:text/ -PASS URL-like specifiers: Non-special vs. special schemes: file:text/foo -PASS URL-like specifiers: Non-special vs. special schemes: file:text/ -PASS URL-like specifiers: Non-special vs. special schemes: ws:text/foo -PASS URL-like specifiers: Non-special vs. special schemes: ws:text/ -PASS URL-like specifiers: Non-special vs. special schemes: wss:text/foo -PASS URL-like specifiers: Non-special vs. special schemes: wss:text/ -Harness: the test ran to completion. -