1*6777b538SAndroid Build Coastguard Worker // Copyright 2020 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef BASE_STRINGS_ESCAPE_H_ 6*6777b538SAndroid Build Coastguard Worker #define BASE_STRINGS_ESCAPE_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <stdint.h> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include <set> 11*6777b538SAndroid Build Coastguard Worker #include <string> 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Worker #include "base/base_export.h" 14*6777b538SAndroid Build Coastguard Worker #include "base/strings/string_piece.h" 15*6777b538SAndroid Build Coastguard Worker #include "base/strings/utf_offset_string_conversions.h" 16*6777b538SAndroid Build Coastguard Worker #include "build/build_config.h" 17*6777b538SAndroid Build Coastguard Worker 18*6777b538SAndroid Build Coastguard Worker namespace base { 19*6777b538SAndroid Build Coastguard Worker 20*6777b538SAndroid Build Coastguard Worker // Escaping -------------------------------------------------------------------- 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard Worker // Escapes all characters except unreserved characters. Unreserved characters, 23*6777b538SAndroid Build Coastguard Worker // as defined in RFC 3986, include alphanumerics and -._~ 24*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeAllExceptUnreserved(StringPiece text); 25*6777b538SAndroid Build Coastguard Worker 26*6777b538SAndroid Build Coastguard Worker // Escapes characters in text suitable for use as a query parameter value. 27*6777b538SAndroid Build Coastguard Worker // We %XX everything except alphanumerics and -_.!~*'() 28*6777b538SAndroid Build Coastguard Worker // Spaces change to "+" unless you pass usePlus=false. 29*6777b538SAndroid Build Coastguard Worker // This is basically the same as encodeURIComponent in javascript. 30*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeQueryParamValue(StringPiece text, bool use_plus); 31*6777b538SAndroid Build Coastguard Worker 32*6777b538SAndroid Build Coastguard Worker // Escapes a partial or complete file/pathname. This includes: 33*6777b538SAndroid Build Coastguard Worker // non-printable, non-7bit, and (including space) "#%:<>?[\]^`{|} 34*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapePath(StringPiece path); 35*6777b538SAndroid Build Coastguard Worker 36*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_APPLE) 37*6777b538SAndroid Build Coastguard Worker // Escapes characters as per expectations of NSURL. This includes: 38*6777b538SAndroid Build Coastguard Worker // non-printable, non-7bit, and (including space) "#%<>[\]^`{|} 39*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeNSURLPrecursor(StringPiece precursor); 40*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_APPLE) 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Worker // Escapes application/x-www-form-urlencoded content. This includes: 43*6777b538SAndroid Build Coastguard Worker // non-printable, non-7bit, and (including space) ?>=<;+'&%$#"![\]^`{|} 44*6777b538SAndroid Build Coastguard Worker // Space is escaped as + (if use_plus is true) and other special characters 45*6777b538SAndroid Build Coastguard Worker // as %XX (hex). 46*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeUrlEncodedData(StringPiece path, bool use_plus); 47*6777b538SAndroid Build Coastguard Worker 48*6777b538SAndroid Build Coastguard Worker // Escapes all non-ASCII input, as well as escaping % to %25. 49*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeNonASCIIAndPercent(StringPiece input); 50*6777b538SAndroid Build Coastguard Worker 51*6777b538SAndroid Build Coastguard Worker // Escapes all non-ASCII input. Note this function leaves % unescaped, which 52*6777b538SAndroid Build Coastguard Worker // means the unescaping the resulting string will not give back the original 53*6777b538SAndroid Build Coastguard Worker // input. 54*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeNonASCII(StringPiece input); 55*6777b538SAndroid Build Coastguard Worker 56*6777b538SAndroid Build Coastguard Worker // Escapes characters in text suitable for use as an external protocol handler 57*6777b538SAndroid Build Coastguard Worker // command. 58*6777b538SAndroid Build Coastguard Worker // We %XX everything except alphanumerics and -_.!~*'() and the restricted 59*6777b538SAndroid Build Coastguard Worker // characters (;/?:@&=+$,#[]) and a valid percent escape sequence (%XX). 60*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeExternalHandlerValue(StringPiece text); 61*6777b538SAndroid Build Coastguard Worker 62*6777b538SAndroid Build Coastguard Worker // Appends the given character to the output string, escaping the character if 63*6777b538SAndroid Build Coastguard Worker // the character would be interpreted as an HTML delimiter. 64*6777b538SAndroid Build Coastguard Worker BASE_EXPORT void AppendEscapedCharForHTML(char c, std::string* output); 65*6777b538SAndroid Build Coastguard Worker 66*6777b538SAndroid Build Coastguard Worker // Escapes chars that might cause this text to be interpreted as HTML tags. 67*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string EscapeForHTML(StringPiece text); 68*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::u16string EscapeForHTML(StringPiece16 text); 69*6777b538SAndroid Build Coastguard Worker 70*6777b538SAndroid Build Coastguard Worker // Unescaping ------------------------------------------------------------------ 71*6777b538SAndroid Build Coastguard Worker 72*6777b538SAndroid Build Coastguard Worker class UnescapeRule { 73*6777b538SAndroid Build Coastguard Worker public: 74*6777b538SAndroid Build Coastguard Worker // A combination of the following flags that is passed to the unescaping 75*6777b538SAndroid Build Coastguard Worker // functions. 76*6777b538SAndroid Build Coastguard Worker typedef uint32_t Type; 77*6777b538SAndroid Build Coastguard Worker 78*6777b538SAndroid Build Coastguard Worker // Don't unescape anything at all. 79*6777b538SAndroid Build Coastguard Worker static constexpr Type NONE = 0; 80*6777b538SAndroid Build Coastguard Worker 81*6777b538SAndroid Build Coastguard Worker // Don't unescape anything special, but all normal unescaping will happen. 82*6777b538SAndroid Build Coastguard Worker // This is a placeholder and can't be combined with other flags (since it's 83*6777b538SAndroid Build Coastguard Worker // just the absence of them). All other unescape rules imply "normal" in 84*6777b538SAndroid Build Coastguard Worker // addition to their special meaning. Things like escaped letters, digits, 85*6777b538SAndroid Build Coastguard Worker // and most symbols will get unescaped with this mode. 86*6777b538SAndroid Build Coastguard Worker static constexpr Type NORMAL = 1 << 0; 87*6777b538SAndroid Build Coastguard Worker 88*6777b538SAndroid Build Coastguard Worker // Convert %20 to spaces. In some places where we're showing URLs, we may 89*6777b538SAndroid Build Coastguard Worker // want this. In places where the URL may be copied and pasted out, then 90*6777b538SAndroid Build Coastguard Worker // you wouldn't want this since it might not be interpreted in one piece 91*6777b538SAndroid Build Coastguard Worker // by other applications. Other UTF-8 spaces will not be unescaped. 92*6777b538SAndroid Build Coastguard Worker static constexpr Type SPACES = 1 << 1; 93*6777b538SAndroid Build Coastguard Worker 94*6777b538SAndroid Build Coastguard Worker // Unescapes '/' and '\\'. If these characters were unescaped, the resulting 95*6777b538SAndroid Build Coastguard Worker // URL won't be the same as the source one. Moreover, they are dangerous to 96*6777b538SAndroid Build Coastguard Worker // unescape in strings that will be used as file paths or names. This value 97*6777b538SAndroid Build Coastguard Worker // should only be used when slashes don't have special meaning, like data 98*6777b538SAndroid Build Coastguard Worker // URLs. 99*6777b538SAndroid Build Coastguard Worker static constexpr Type PATH_SEPARATORS = 1 << 2; 100*6777b538SAndroid Build Coastguard Worker 101*6777b538SAndroid Build Coastguard Worker // Unescapes various characters that will change the meaning of URLs, 102*6777b538SAndroid Build Coastguard Worker // including '%', '+', '&', '#'. Does not unescape path separators. 103*6777b538SAndroid Build Coastguard Worker // If these characters were unescaped, the resulting URL won't be the same 104*6777b538SAndroid Build Coastguard Worker // as the source one. This flag is used when generating final output like 105*6777b538SAndroid Build Coastguard Worker // filenames for URLs where we won't be interpreting as a URL and want to do 106*6777b538SAndroid Build Coastguard Worker // as much unescaping as possible. 107*6777b538SAndroid Build Coastguard Worker static constexpr Type URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS = 1 << 3; 108*6777b538SAndroid Build Coastguard Worker 109*6777b538SAndroid Build Coastguard Worker // URL queries use "+" for space. This flag controls that replacement. 110*6777b538SAndroid Build Coastguard Worker static constexpr Type REPLACE_PLUS_WITH_SPACE = 1 << 4; 111*6777b538SAndroid Build Coastguard Worker }; 112*6777b538SAndroid Build Coastguard Worker 113*6777b538SAndroid Build Coastguard Worker // Unescapes |escaped_text| and returns the result. 114*6777b538SAndroid Build Coastguard Worker // Unescaping consists of looking for the exact pattern "%XX", where each X is 115*6777b538SAndroid Build Coastguard Worker // a hex digit, and converting to the character with the numerical value of 116*6777b538SAndroid Build Coastguard Worker // those digits. Thus "i%20=%203%3b" unescapes to "i = 3;", if the 117*6777b538SAndroid Build Coastguard Worker // "UnescapeRule::SPACES" used. 118*6777b538SAndroid Build Coastguard Worker // 119*6777b538SAndroid Build Coastguard Worker // This method does not ensure that the output is a valid string using any 120*6777b538SAndroid Build Coastguard Worker // character encoding. However, it does leave escaped certain byte sequences 121*6777b538SAndroid Build Coastguard Worker // that would be dangerous to display to the user, because if interpreted as 122*6777b538SAndroid Build Coastguard Worker // UTF-8, they could be used to mislead the user. Callers that want to 123*6777b538SAndroid Build Coastguard Worker // unconditionally unescape everything for uses other than displaying data to 124*6777b538SAndroid Build Coastguard Worker // the user should use UnescapeBinaryURLComponent(). 125*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string UnescapeURLComponent(StringPiece escaped_text, 126*6777b538SAndroid Build Coastguard Worker UnescapeRule::Type rules); 127*6777b538SAndroid Build Coastguard Worker 128*6777b538SAndroid Build Coastguard Worker // Unescapes the given substring as a URL, and then tries to interpret the 129*6777b538SAndroid Build Coastguard Worker // result as being encoded as UTF-8. If the result is convertible into UTF-8, it 130*6777b538SAndroid Build Coastguard Worker // will be returned as converted. If it is not, the original escaped string will 131*6777b538SAndroid Build Coastguard Worker // be converted into a std::u16string and returned. |adjustments| provides 132*6777b538SAndroid Build Coastguard Worker // information on how the original string was adjusted to get the string 133*6777b538SAndroid Build Coastguard Worker // returned. 134*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::u16string UnescapeAndDecodeUTF8URLComponentWithAdjustments( 135*6777b538SAndroid Build Coastguard Worker StringPiece text, 136*6777b538SAndroid Build Coastguard Worker UnescapeRule::Type rules, 137*6777b538SAndroid Build Coastguard Worker OffsetAdjuster::Adjustments* adjustments); 138*6777b538SAndroid Build Coastguard Worker 139*6777b538SAndroid Build Coastguard Worker // Unescapes a component of a URL for use as binary data. Unlike 140*6777b538SAndroid Build Coastguard Worker // UnescapeURLComponent, leaves nothing unescaped, including nulls, invalid 141*6777b538SAndroid Build Coastguard Worker // characters, characters that are unsafe to display, etc. This should *not* 142*6777b538SAndroid Build Coastguard Worker // be used when displaying the decoded data to the user. 143*6777b538SAndroid Build Coastguard Worker // 144*6777b538SAndroid Build Coastguard Worker // Only the NORMAL and REPLACE_PLUS_WITH_SPACE rules are allowed. 145*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string UnescapeBinaryURLComponent( 146*6777b538SAndroid Build Coastguard Worker StringPiece escaped_text, 147*6777b538SAndroid Build Coastguard Worker UnescapeRule::Type rules = UnescapeRule::NORMAL); 148*6777b538SAndroid Build Coastguard Worker 149*6777b538SAndroid Build Coastguard Worker // Variant of UnescapeBinaryURLComponent(). Writes output to |unescaped_text|. 150*6777b538SAndroid Build Coastguard Worker // Returns true on success, returns false and clears |unescaped_text| on 151*6777b538SAndroid Build Coastguard Worker // failure. Fails on characters escaped that are unsafe to unescape in some 152*6777b538SAndroid Build Coastguard Worker // contexts, which are defined as characters "\0" through "\x1F" (Which includes 153*6777b538SAndroid Build Coastguard Worker // CRLF but not space), and optionally path separators. Path separators include 154*6777b538SAndroid Build Coastguard Worker // both forward and backward slashes on all platforms. Does not fail if any of 155*6777b538SAndroid Build Coastguard Worker // those characters appear unescaped in the input string. 156*6777b538SAndroid Build Coastguard Worker BASE_EXPORT bool UnescapeBinaryURLComponentSafe(StringPiece escaped_text, 157*6777b538SAndroid Build Coastguard Worker bool fail_on_path_separators, 158*6777b538SAndroid Build Coastguard Worker std::string* unescaped_text); 159*6777b538SAndroid Build Coastguard Worker 160*6777b538SAndroid Build Coastguard Worker // Returns true if |escaped_text| contains any element of |bytes| in 161*6777b538SAndroid Build Coastguard Worker // percent-encoded form. 162*6777b538SAndroid Build Coastguard Worker // 163*6777b538SAndroid Build Coastguard Worker // For example, if |bytes| is {'%', '/'}, returns true if |escaped_text| 164*6777b538SAndroid Build Coastguard Worker // contains "%25" or "%2F", but not if it just contains bare '%' or '/' 165*6777b538SAndroid Build Coastguard Worker // characters. 166*6777b538SAndroid Build Coastguard Worker BASE_EXPORT bool ContainsEncodedBytes(StringPiece escaped_text, 167*6777b538SAndroid Build Coastguard Worker const std::set<unsigned char>& bytes); 168*6777b538SAndroid Build Coastguard Worker 169*6777b538SAndroid Build Coastguard Worker // Unescapes the following ampersand character codes from |text|: 170*6777b538SAndroid Build Coastguard Worker // < > & " ' 171*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::u16string UnescapeForHTML(StringPiece16 text); 172*6777b538SAndroid Build Coastguard Worker 173*6777b538SAndroid Build Coastguard Worker } // namespace base 174*6777b538SAndroid Build Coastguard Worker 175*6777b538SAndroid Build Coastguard Worker #endif // BASE_STRINGS_ESCAPE_H_ 176