1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
|
// NOTE: This method only strips the fragment and is not in accordance to the
// recommended draft specification:
// https://w3c.github.io/webappsec/specs/referrer-policy/#null
// TODO(kristijanburnik): Implement this helper as defined by spec once added
// scenarios for URLs containing username/password/etc.
function stripUrlForUseAsReferrer(url) {
return url.replace(/#.*$/, "");
}
function parseUrlQueryString(queryString) {
var queries = queryString.replace(/^\?/, "").split("&");
var params = {};
for (var i in queries) {
var kvp = queries[i].split("=");
params[kvp[0]] = kvp[1];
}
return params;
};
function appendIframeToBody(url, attributes) {
var iframe = document.createElement("iframe");
iframe.src = url;
// Extend element with attributes. (E.g. "referrerPolicy" or "rel")
if (attributes) {
for (var attr in attributes) {
iframe[attr] = attributes[attr];
}
}
document.body.appendChild(iframe);
return iframe;
}
function loadImage(src, callback, attributes) {
var image = new Image();
image.crossOrigin = "Anonymous";
image.onload = function() {
callback(image);
}
image.src = src;
// Extend element with attributes. (E.g. "referrerPolicy" or "rel")
if (attributes) {
for (var attr in attributes) {
image[attr] = attributes[attr];
}
}
document.body.appendChild(image)
}
function decodeImageData(rgba) {
var rgb = new Uint8ClampedArray(rgba.length);
// RGBA -> RGB.
var rgb_length = 0;
for (var i = 0; i < rgba.length; ++i) {
// Skip alpha component.
if (i % 4 == 3)
continue;
// Zero is the string terminator.
if (rgba[i] == 0)
break;
rgb[rgb_length++] = rgba[i];
}
// Remove trailing nulls from data.
rgb = rgb.subarray(0, rgb_length);
var string_data = (new TextDecoder("ascii")).decode(rgb);
return JSON.parse(string_data);
}
function decodeImage(url, callback, referrer_policy) {
loadImage(url, function(img) {
var canvas = document.createElement("canvas");
var context = canvas.getContext('2d');
context.drawImage(img, 0, 0);
var imgData = context.getImageData(0, 0, img.clientWidth, img.clientHeight);
callback(decodeImageData(imgData.data))
}, referrer_policy);
}
function normalizePort(targetPort) {
var defaultPorts = [80, 443];
var isDefaultPortForProtocol = (defaultPorts.indexOf(targetPort) >= 0);
return (targetPort == "" || isDefaultPortForProtocol) ?
"" : ":" + targetPort;
}
function wrapResult(url, server_data) {
return {
location: url,
referrer: server_data.headers.referer,
headers: server_data.headers
}
}
function queryIframe(url, callback, referrer_policy) {
var iframe = appendIframeToBody(url, referrer_policy);
var listener = function(event) {
if (event.source != iframe.contentWindow)
return;
callback(event.data, url);
window.removeEventListener("message", listener);
}
window.addEventListener("message", listener);
}
function queryImage(url, callback, referrer_policy) {
decodeImage(url, function(server_data) {
callback(wrapResult(url, server_data), url);
}, referrer_policy)
}
function queryXhr(url, callback) {
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onreadystatechange = function(e) {
if (this.readyState == 4 && this.status == 200) {
var server_data = JSON.parse(this.responseText);
callback(wrapResult(url, server_data), url);
}
};
xhr.send();
}
function queryWorker(url, callback) {
var worker = new Worker(url);
worker.onmessage = function(event) {
var server_data = event.data;
callback(wrapResult(url, server_data), url);
};
}
function queryFetch(url, callback) {
fetch(url).then(function(response) {
response.json().then(function(server_data) {
callback(wrapResult(url, server_data), url);
});
}
);
}
function queryNavigable(element, url, callback, attributes) {
var navigable = element
navigable.href = url;
navigable.target = "helper-iframe";
var helperIframe = document.createElement("iframe")
helperIframe.name = "helper-iframe"
document.body.appendChild(helperIframe)
// Extend element with attributes. (E.g. "referrer_policy" or "rel")
if (attributes) {
for (var attr in attributes) {
navigable[attr] = attributes[attr];
}
}
var listener = function(event) {
if (event.source != helperIframe.contentWindow)
return;
callback(event.data, url);
window.removeEventListener("message", listener);
}
window.addEventListener("message", listener);
navigable.click();
}
function queryLink(url, callback, referrer_policy) {
var a = document.createElement("a");
a.innerHTML = "Link to subresource";
document.body.appendChild(a);
queryNavigable(a, url, callback, referrer_policy)
}
function queryAreaLink(url, callback, referrer_policy) {
var area = document.createElement("area");
// TODO(kristijanburnik): Append to map and add image.
document.body.appendChild(area);
queryNavigable(area, url, callback, referrer_policy)
}
function queryScript(url, callback) {
var script = document.createElement("script");
script.src = url;
var listener = function(event) {
var server_data = event.data;
callback(wrapResult(url, server_data), url);
window.removeEventListener("message", listener);
}
window.addEventListener("message", listener);
document.body.appendChild(script);
}
// SanityChecker does nothing in release mode.
function SanityChecker() {}
SanityChecker.prototype.checkScenario = function() {};
SanityChecker.prototype.checkSubresourceResult = function() {};
// TODO(kristijanburnik): document.origin is supported since Chrome 41,
// other browsers still don't support it. Remove once they do.
document.origin = document.origin || (location.protocol + "//" + location.host);
|
