/* * Copyright (c) 2020-2022, Andreas Kling <kling@serenityos.org> * * SPDX-License-Identifier: BSD-2-Clause */ #include <AK/Debug.h> #include <AK/JsonArray.h> #include <AK/LexicalPath.h> #include <AK/SourceGenerator.h> #include <LibWeb/Bindings/MainThreadVM.h> #include <LibWeb/DOM/Document.h> #include <LibWeb/DOM/DocumentLoading.h> #include <LibWeb/DOM/ElementFactory.h> #include <LibWeb/DOM/Text.h> #include <LibWeb/HTML/NavigationParams.h> #include <LibWeb/HTML/Parser/HTMLParser.h> #include <LibWeb/Loader/FrameLoader.h> #include <LibWeb/Loader/ResourceLoader.h> #include <LibWeb/Namespace.h> #include <LibWeb/Page/Page.h> #include <LibWeb/Platform/ImageCodecPlugin.h> #include <LibWeb/ReferrerPolicy/AbstractOperations.h> #include <LibWeb/XML/XMLDocumentBuilder.h> namespace Web { static DeprecatedString s_default_favicon_path = "/res/icons/16x16/app-browser.png"; static RefPtr<Gfx::Bitmap> s_default_favicon_bitmap; void FrameLoader::set_default_favicon_path(DeprecatedString path) { s_default_favicon_path = move(path); } FrameLoader::FrameLoader(HTML::BrowsingContext& browsing_context) : m_browsing_context(browsing_context) { if (!s_default_favicon_bitmap) { s_default_favicon_bitmap = Gfx::Bitmap::load_from_file(s_default_favicon_path).release_value_but_fixme_should_propagate_errors(); VERIFY(s_default_favicon_bitmap); } } FrameLoader::~FrameLoader() = default; bool FrameLoader::load(LoadRequest& request, Type type) { if (!request.is_valid()) { load_error_page(request.url(), "Invalid request"); return false; } if (!m_browsing_context->is_frame_nesting_allowed(request.url())) { dbgln("No further recursion is allowed for the frame, abort load!"); return false; } request.set_main_resource(true); auto& url = request.url(); if (type == Type::Navigation || type == Type::Reload || type == Type::Redirect) { if (auto* page = browsing_context().page()) { if (&page->top_level_browsing_context() == m_browsing_context) page->client().page_did_start_loading(url, type == Type::Redirect); } } // https://fetch.spec.whatwg.org/#concept-fetch // Step 12: If request’s header list does not contain `Accept`, then: // 1. Let value be `*/*`. (NOTE: Not necessary as we're about to override it) // 2. A user agent should set value to the first matching statement, if any, switching on request’s destination: // -> "document" // -> "frame" // -> "iframe" // `text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8` if (!request.headers().contains("Accept")) request.set_header("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); // HACK: We're crudely computing the referer value and shoving it into the // request until fetch infrastructure is used here. auto referrer_url = ReferrerPolicy::strip_url_for_use_as_referrer(url); if (referrer_url.has_value() && !request.headers().contains("Referer")) request.set_header("Referer", referrer_url->serialize()); set_resource(ResourceLoader::the().load_resource(Resource::Type::Generic, request)); if (type == Type::IFrame) return true; if (url.scheme() == "http" || url.scheme() == "https") { AK::URL favicon_url; favicon_url.set_scheme(url.scheme()); favicon_url.set_host(url.host()); favicon_url.set_port(url.port_or_default()); favicon_url.set_paths({ "favicon.ico" }); ResourceLoader::the().load( favicon_url, [this, favicon_url](auto data, auto&, auto) { // Always fetch the current document auto* document = this->browsing_context().active_document(); if (document && document->has_active_favicon()) return; dbgln_if(SPAM_DEBUG, "Favicon downloaded, {} bytes from {}", data.size(), favicon_url); if (data.is_empty()) return; RefPtr<Gfx::Bitmap> favicon_bitmap; auto decoded_image = Platform::ImageCodecPlugin::the().decode_image(data); if (!decoded_image.has_value() || decoded_image->frames.is_empty()) { dbgln("Could not decode favicon {}", favicon_url); } else { favicon_bitmap = decoded_image->frames[0].bitmap; dbgln_if(IMAGE_DECODER_DEBUG, "Decoded favicon, {}", favicon_bitmap->size()); } load_favicon(favicon_bitmap); }, [this](auto&, auto) { // Always fetch the current document auto* document = this->browsing_context().active_document(); if (document && document->has_active_favicon()) return; load_favicon(); }); } else { load_favicon(); } return true; } bool FrameLoader::load(const AK::URL& url, Type type) { dbgln_if(SPAM_DEBUG, "FrameLoader::load: {}", url); if (!url.is_valid()) { load_error_page(url, "Invalid URL"); return false; } auto request = LoadRequest::create_for_url_on_page(url, browsing_context().page()); return load(request, type); } void FrameLoader::load_html(StringView html, const AK::URL& url) { auto& vm = Bindings::main_thread_vm(); auto response = Fetch::Infrastructure::Response::create(vm); response->url_list().append(url); HTML::NavigationParams navigation_params { .id = {}, .request = nullptr, .response = response, .origin = HTML::Origin {}, .policy_container = HTML::PolicyContainer {}, .final_sandboxing_flag_set = HTML::SandboxingFlagSet {}, .cross_origin_opener_policy = HTML::CrossOriginOpenerPolicy {}, .coop_enforcement_result = HTML::CrossOriginOpenerPolicyEnforcementResult {}, .reserved_environment = {}, .browsing_context = browsing_context(), .navigable = nullptr, }; auto document = DOM::Document::create_and_initialize(DOM::Document::Type::HTML, "text/html", move(navigation_params)).release_value_but_fixme_should_propagate_errors(); browsing_context().set_active_document(document); auto parser = HTML::HTMLParser::create(document, html, "utf-8"); parser->run(url); } static DeprecatedString s_resource_directory_url = "file:///res"; DeprecatedString FrameLoader::resource_directory_url() { return s_resource_directory_url; } void FrameLoader::set_resource_directory_url(DeprecatedString resource_directory_url) { s_resource_directory_url = resource_directory_url; } static DeprecatedString s_error_page_url = "file:///res/html/error.html"; DeprecatedString FrameLoader::error_page_url() { return s_error_page_url; } void FrameLoader::set_error_page_url(DeprecatedString error_page_url) { s_error_page_url = error_page_url; } static DeprecatedString s_directory_page_url = "file:///res/html/directory.html"; DeprecatedString FrameLoader::directory_page_url() { return s_directory_page_url; } void FrameLoader::set_directory_page_url(DeprecatedString directory_page_url) { s_directory_page_url = directory_page_url; } // FIXME: Use an actual templating engine (our own one when it's built, preferably // with a way to check these usages at compile time) void FrameLoader::load_error_page(const AK::URL& failed_url, DeprecatedString const& error) { LoadRequest request = LoadRequest::create_for_url_on_page(s_error_page_url, browsing_context().page()); ResourceLoader::the().load( request, [this, failed_url, error](auto data, auto&, auto) { VERIFY(!data.is_null()); StringBuilder builder; SourceGenerator generator { builder }; generator.set("resource_directory_url", resource_directory_url()); generator.set("failed_url", escape_html_entities(failed_url.to_deprecated_string())); generator.set("error", escape_html_entities(error)); generator.append(data); load_html(generator.as_string_view(), s_error_page_url); }, [](auto& error, auto) { dbgln("Failed to load error page: {}", error); VERIFY_NOT_REACHED(); }); } void FrameLoader::load_favicon(RefPtr<Gfx::Bitmap> bitmap) { if (auto* page = browsing_context().page()) { if (bitmap) page->client().page_did_change_favicon(*bitmap); else if (s_default_favicon_bitmap) page->client().page_did_change_favicon(*s_default_favicon_bitmap); } } void FrameLoader::resource_did_load() { // This prevents us setting up the document of a removed browsing context container (BCC, e.g. <iframe>), which will cause a crash // if the document contains a script that inserts another BCC as this will use the stale browsing context it previously set up, // even if it's reinserted. // Example: // index.html: // ``` // <body><script> // var i = document.createElement("iframe"); // i.src = "b.html"; // document.body.append(i); // i.remove(); // </script> // ``` // b.html: // ``` // <body><script> // var i = document.createElement("iframe"); // document.body.append(i); // </script> // ``` // Required by Prebid.js, which does this by inserting an <iframe> into a <div> in the active document via innerHTML, // then transfers it to the <html> element: // https://github.com/prebid/Prebid.js/blob/7b7389c5abdd05626f71c3df606a93713d1b9f85/src/utils.js#L597 // This is done in the spec by removing all tasks and aborting all fetches when a document is destroyed: // https://html.spec.whatwg.org/multipage/document-lifecycle.html#destroy-a-document if (browsing_context().has_been_discarded()) return; auto url = resource()->url(); // For 3xx (Redirection) responses, the Location value refers to the preferred target resource for automatically redirecting the request. auto status_code = resource()->status_code(); if (status_code.has_value() && *status_code >= 300 && *status_code <= 399) { auto location = resource()->response_headers().get("Location"); if (location.has_value()) { if (m_redirects_count > maximum_redirects_allowed) { m_redirects_count = 0; load_error_page(url, "Too many redirects"); return; } m_redirects_count++; load(url.complete_url(location.value()), Type::Redirect); return; } } m_redirects_count = 0; if (resource()->has_encoding()) { dbgln_if(RESOURCE_DEBUG, "This content has MIME type '{}', encoding '{}'", resource()->mime_type(), resource()->encoding().value()); } else { dbgln_if(RESOURCE_DEBUG, "This content has MIME type '{}', encoding unknown", resource()->mime_type()); } auto final_sandboxing_flag_set = HTML::SandboxingFlagSet {}; // (Part of https://html.spec.whatwg.org/#navigating-across-documents) // 3. Let responseOrigin be the result of determining the origin given browsingContext, resource's url, finalSandboxFlags, and incumbentNavigationOrigin. // FIXME: Pass incumbentNavigationOrigin auto response_origin = HTML::determine_the_origin(browsing_context(), url, final_sandboxing_flag_set, {}); auto& vm = Bindings::main_thread_vm(); auto response = Fetch::Infrastructure::Response::create(vm); response->url_list().append(url); HTML::NavigationParams navigation_params { .id = {}, .request = nullptr, .response = response, .origin = move(response_origin), .policy_container = HTML::PolicyContainer {}, .final_sandboxing_flag_set = final_sandboxing_flag_set, .cross_origin_opener_policy = HTML::CrossOriginOpenerPolicy {}, .coop_enforcement_result = HTML::CrossOriginOpenerPolicyEnforcementResult {}, .reserved_environment = {}, .browsing_context = browsing_context(), .navigable = nullptr, }; auto document = DOM::Document::create_and_initialize(DOM::Document::Type::HTML, "text/html", move(navigation_params)).release_value_but_fixme_should_propagate_errors(); document->set_url(url); document->set_encoding(resource()->encoding()); document->set_content_type(resource()->mime_type()); browsing_context().set_active_document(document); if (auto* page = browsing_context().page()) page->client().page_did_create_main_document(); if (!parse_document(*document, resource()->encoded_data())) { load_error_page(url, "Failed to parse content."); return; } if (url.fragment().has_value() && !url.fragment()->is_empty()) browsing_context().scroll_to_anchor(url.fragment()->to_deprecated_string()); else browsing_context().scroll_to({ 0, 0 }); if (auto* page = browsing_context().page()) page->client().page_did_finish_loading(url); } void FrameLoader::resource_did_fail() { // See comment in resource_did_load() about why this is done. if (browsing_context().has_been_discarded()) return; load_error_page(resource()->url(), resource()->error()); } }