qurlidna.cpp source code [qtbase/src/corelib/io/qurlidna.cpp]

1	// Copyright (C) 2016 The Qt Company Ltd.
2	// Copyright (C) 2016 Intel Corporation.
3	// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
4	// Qt-Security score:critical reason:data-parser
5
6	#include "qurl_p.h"
7
8	#include <QtCore/qstringlist.h>
9	#include <QtCore/private/qnumeric_p.h>
10	#include <QtCore/private/qoffsetstringarray_p.h>
11	#include <QtCore/private/qstringiterator_p.h>
12	#include <QtCore/private/qunicodetables_p.h>
13
14	#include <algorithm>
15
16	QT_BEGIN_NAMESPACE
17
18	using namespace Qt::StringLiterals;
19
20	// needed by the punycode encoder/decoder
21	static const uint base = `36`;
22	static const uint tmin = `1`;
23	static const uint tmax = `26`;
24	static const uint skew = `38`;
25	static const uint damp = `700`;
26	static const uint initial_bias = `72`;
27	static const uint initial_n = `128`;
28
29	static constexpr qsizetype MaxDomainLabelLength = `63`;
30
31	static inline uint encodeDigit(uint digit)
32	{
33	return digit + `22` + `75` * (digit < `26`);
34	}
35
36	static inline uint adapt(uint delta, uint numpoints, bool firsttime)
37	{
38	delta /= (firsttime ? damp : `2`);
39	delta += (delta / numpoints);
40
41	uint k = `0`;
42	for (; delta > ((base - tmin) * tmax) / `2`; k += base)
43	delta /= (base - tmin);
44
45	return k + (((base - tmin + `1`) * delta) / (delta + skew));
46	}
47
48	static inline void appendEncode(QString *output, uint delta, uint bias)
49	{
50	uint qq;
51	uint k;
52	uint t;
53
54	// insert the variable length delta integer.
55	for (qq = delta, k = base;; k += base) {
56	// stop generating digits when the threshold is
57	// detected.
58	t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax : k - bias;
59	if (qq < t) break;
60
61	*output += QChar (encodeDigit(digit: t + (qq - t) % (base - t)));
62	qq = (qq - t) / (base - t);
63	}
64
65	*output += QChar (encodeDigit(digit: qq));
66	}
67
68	Q_AUTOTEST_EXPORT void qt_punycodeEncoder(QStringView in, QString *output)
69	{
70	uint n = initial_n;
71	uint delta = `0`;
72	uint bias = initial_bias;
73
74	// Do not try to encode strings that certainly will result in output
75	// that is longer than allowable domain name label length. Note that
76	// non-BMP codepoints are encoded as two QChars.
77	if (in.size() > MaxDomainLabelLength * `2`)
78	return;
79
80	int outLen = output->size();
81	output->resize(size: outLen + in.size());
82
83	QChar *d = output->data() + outLen;
84	bool skipped = false;
85	// copy all basic code points verbatim to output.
86	for (QChar c : in) {
87	if (c.unicode() < `0x80`)
88	*d++ = c;
89	else
90	skipped = true;
91	}
92
93	// if there were only basic code points, just return them
94	// directly; don't do any encoding.
95	if (!skipped)
96	return;
97
98	output->truncate(pos: d - output->constData());
99	int copied = output->size() - outLen;
100
101	// h and b now contain the number of basic code points in input.
102	uint b = copied;
103	uint h = copied;
104
105	// if basic code points were copied, add the delimiter character.
106	if (h > `0`)
107	*output += u`'-'`;
108
109	// compute the input length in Unicode code points.
110	uint inputLength = `0`;
111	for (QStringIterator iter(in); iter.hasNext();) {
112	inputLength++;
113
114	if (iter.next(invalidAs: char32_t(-`1`)) == char32_t(-`1`)) {
115	output->truncate(pos: outLen);
116	return; // invalid surrogate pair
117	}
118	}
119
120	// while there are still unprocessed non-basic code points left in
121	// the input string...
122	while (h < inputLength) {
123	// find the character in the input string with the lowest unprocessed value.
124	uint m = std::numeric_limits<uint>::max();
125	for (QStringIterator iter(in); iter.hasNext();) {
126	auto c = iter.nextUnchecked();
127	static_assert(std::numeric_limits<decltype(m)>::max()
128	>= std::numeric_limits<decltype(c)>::max(),
129	"Punycode uint should be able to cover all codepoints");
130	if (c >= n && c < m)
131	m = c;
132	}
133
134	// delta = delta + (m - n) (h + 1), fail on overflow*
135	uint tmp;
136	if (qMulOverflow<uint>(v1: m - n, v2: h + `1`, r: &tmp) \|\| qAddOverflow<uint>(v1: delta, v2: tmp, r: &delta)) {
137	output->truncate(pos: outLen);
138	return; // punycode_overflow
139	}
140	n = m;
141
142	for (QStringIterator iter(in); iter.hasNext();) {
143	auto c = iter.nextUnchecked();
144
145	// increase delta until we reach the character processed in this iteration;
146	// fail if delta overflows.
147	if (c < n) {
148	if (qAddOverflow<uint>(v1: delta, v2: `1`, r: &delta)) {
149	output->truncate(pos: outLen);
150	return; // punycode_overflow
151	}
152	}
153
154	if (c == n) {
155	appendEncode(output, delta, bias);
156
157	bias = adapt(delta, numpoints: h + `1`, firsttime: h == b);
158	delta = `0`;
159	++h;
160	}
161	}
162
163	++delta;
164	++n;
165	}
166
167	// prepend ACE prefix
168	output->insert(i: outLen, s: "xn--"_L1);
169	return;
170	}
171
172	Q_AUTOTEST_EXPORT QString qt_punycodeDecoder(const QString &pc)
173	{
174	uint n = initial_n;
175	uint i = `0`;
176	uint bias = initial_bias;
177
178	// Do not try to decode strings longer than allowable for a domain label.
179	// Non-ASCII strings are not allowed here anyway, so there is no need
180	// to account for surrogates.
181	if (pc.size() > MaxDomainLabelLength)
182	return QString ();
183
184	// strip any ACE prefix
185	int start = pc.startsWith(s: "xn--"_L1) ? `4` : `0`;
186	if (!start)
187	return pc;
188
189	// find the last delimiter character '-' in the input array. copy
190	// all data before this delimiter directly to the output array.
191	int delimiterPos = pc.lastIndexOf(c: u`'-'`);
192	auto output = delimiterPos < `4` ? std::u32string ()
193	: pc.mid(position: start, n: delimiterPos - start).toStdU32String();
194
195	// if a delimiter was found, skip to the position after it;
196	// otherwise start at the front of the input string. everything
197	// before the delimiter is assumed to be basic code points.
198	uint cnt = delimiterPos + `1`;
199
200	// loop through the rest of the input string, inserting non-basic
201	// characters into output as we go.
202	while (cnt < (uint) pc.size()) {
203	uint oldi = i;
204	uint w = `1`;
205
206	// find the next index for inserting a non-basic character.
207	for (uint k = base; cnt < (uint) pc.size(); k += base) {
208	// grab a character from the punycode input and find its
209	// delta digit (each digit code is part of the
210	// variable-length integer delta)
211	uint digit = pc.at(i: cnt++).unicode();
212	if (digit - `48` < `10`) digit -= `22`;
213	else if (digit - `65` < `26`) digit -= `65`;
214	else if (digit - `97` < `26`) digit -= `97`;
215	else digit = base;
216
217	// Fail if the code point has no digit value
218	if (digit >= base)
219	return QString ();
220
221	// i = i + digit w, fail on overflow*
222	uint tmp;
223	if (qMulOverflow<uint>(v1: digit, v2: w, r: &tmp) \|\| qAddOverflow<uint>(v1: i, v2: tmp, r: &i))
224	return QString ();
225
226	// detect threshold to stop reading delta digits
227	uint t;
228	if (k <= bias) t = tmin;
229	else if (k >= bias + tmax) t = tmax;
230	else t = k - bias;
231
232	if (digit < t) break;
233
234	// w = w (base - t), fail on overflow*
235	if (qMulOverflow<uint>(v1: w, v2: base - t, r: &w))
236	return QString ();
237	}
238
239	// find new bias and calculate the next non-basic code
240	// character.
241	uint outputLength = static_cast<uint>(output.length());
242	bias = adapt(delta: i - oldi, numpoints: outputLength + `1`, firsttime: oldi == `0`);
243
244	// n = n + i div (length(output) + 1), fail on overflow
245	if (qAddOverflow<uint>(v1: n, v2: i / (outputLength + `1`), r: &n))
246	return QString ();
247
248	// allow the deltas to wrap around
249	i %= (outputLength + `1`);
250
251	// if n is a basic code point then fail; this should not happen with
252	// correct implementation of Punycode, but check just n case.
253	if (n < initial_n) {
254	// Don't use Q_ASSERT() to avoid possibility of DoS
255	qWarning(msg: "Attempt to insert a basic codepoint. Unhandled overflow?");
256	return QString ();
257	}
258
259	// Surrogates should normally be rejected later by other IDNA code.
260	// But because of Qt's use of UTF-16 to represent strings the
261	// IDNA code is not able to distinguish characters represented as pairs
262	// of surrogates from normal code points. This is why surrogates are
263	// not allowed here.
264	//
265	// Allowing surrogates would lead to non-unique (after normalization)
266	// encoding of strings with non-BMP characters.
267	//
268	// Punycode that encodes characters outside the Unicode range is also
269	// invalid and is rejected here.
270	if (QChar::isSurrogate(ucs4: n) \|\| n > QChar::LastValidCodePoint)
271	return QString ();
272
273	// insert the character n at position i
274	output.insert(pos: i, n: `1`, c: static_cast<char32_t>(n));
275	++i;
276	}
277
278	return QString::fromStdU32String(s: output);
279	}
280
281	static constexpr auto idn_whitelist = qOffsetStringArray(
282	strings: "ac", strings: "ar", strings: "asia", strings: "at",
283	strings: "biz", strings: "br",
284	strings: "cat", strings: "ch", strings: "cl", strings: "cn", strings: "com",
285	strings: "de", strings: "dk",
286	strings: "es",
287	strings: "fi",
288	strings: "gr",
289	strings: "hu",
290	strings: "il", strings: "info", strings: "io", strings: "ir", strings: "is",
291	strings: "jp",
292	strings: "kr",
293	strings: "li", strings: "lt", strings: "lu", strings: "lv",
294	strings: "museum",
295	strings: "name", strings: "net", strings: "no", strings: "nu", strings: "nz",
296	strings: "org",
297	strings: "pl", strings: "pr",
298	strings: "se", strings: "sh",
299	strings: "tel", strings: "th", strings: "tm", strings: "tw",
300	strings: "ua",
301	strings: "vn",
302	strings: "xn--fiqs8s", // China
303	strings: "xn--fiqz9s", // China
304	strings: "xn--fzc2c9e2c", // Sri Lanka
305	strings: "xn--j6w193g", // Hong Kong
306	strings: "xn--kprw13d", // Taiwan
307	strings: "xn--kpry57d", // Taiwan
308	strings: "xn--mgba3a4f16a", // Iran
309	strings: "xn--mgba3a4fra", // Iran
310	strings: "xn--mgbaam7a8h", // UAE
311	strings: "xn--mgbayh7gpa", // Jordan
312	strings: "xn--mgberp4a5d4ar", // Saudi Arabia
313	strings: "xn--ogbpf8fl", // Syria
314	strings: "xn--p1ai", // Russian Federation
315	strings: "xn--wgbh1c", // Egypt
316	strings: "xn--wgbl6a", // Qatar
317	strings: "xn--xkc2al3hye2a" // Sri Lanka
318	);
319
320	Q_CONSTINIT static QStringList user_idn_whitelist = nullptr*;
321
322	static bool lessThan(const QChar a, int* l, const char *c)
323	{
324	const auto uc = reinterpret_cast<const* char16_t *>(a);
325	const char16_t *e = uc + l;
326
327	if (!c \|\| *c == `0`)
328	return false;
329
330	while (*c) {
331	if (uc == e \|\| uc != static_cast<unsigned* char>(*c))
332	break;
333	++uc;
334	++c;
335	}
336	return uc == e ? c : (uc < static_cast<unsigned char>(*c));
337	}
338
339	static bool equal(const QChar a, int* l, const char *b)
340	{
341	while (l && a->unicode() && *b) {
342	if (a != QLatin1Char (b))
343	return false;
344	++a;
345	++b;
346	--l;
347	}
348	return l == `0`;
349	}
350
351	static bool qt_is_idn_enabled(QStringView aceDomain)
352	{
353	auto idx = aceDomain.lastIndexOf(c: u`'.'`);
354	if (idx == -`1`)
355	return false;
356
357	auto tldString = aceDomain.mid(pos: idx + `1`);
358	const auto len = tldString.size();
359
360	const QChar *tld = tldString.constData();
361
362	if (user_idn_whitelist)
363	return user_idn_whitelist->contains(str: tldString);
364
365	int l = `0`;
366	int r = idn_whitelist.count() - `1`;
367	int i = (l + r + `1`) / `2`;
368
369	while (r != l) {
370	if (lessThan(a: tld, l: len, c: idn_whitelist.at(index: i)))
371	r = i - `1`;
372	else
373	l = i;
374	i = (l + r + `1`) / `2`;
375	}
376	return equal(a: tld, l: len, b: idn_whitelist.at(index: i));
377	}
378
379	template<typename C>
380	static inline bool isValidInNormalizedAsciiLabel(C c)
381	{
382	return c == u`'-'` \|\| c == u`'_'` \|\| (c >= u`'0'` && c <= u`'9'`) \|\| (c >= u`'a'` && c <= u`'z'`);
383	}
384
385	template<typename C>
386	static inline bool isValidInNormalizedAsciiName(C c)
387	{
388	return isValidInNormalizedAsciiLabel(c) \|\| c == u`'.'`;
389	}
390
391	/*
392	Map domain name according to algorithm in UTS #46, 4.1
393
394	Returns empty string if there are disallowed characters in the input.
395
396	Sets resultIsAscii if the result is known for sure to be all ASCII.
397	*/
398	static QString mapDomainName(const QString &in, QUrl::AceProcessingOptions options,
399	bool *resultIsAscii)
400	{
401	resultIsAscii = true*;
402
403	// Check if the input is already normalized ASCII first and can be returned as is.
404	int i = `0`;
405	for (auto c : in) {
406	if (c.unicode() >= `0x80` \|\| !isValidInNormalizedAsciiName(c))
407	break;
408	i++;
409	}
410
411	if (i == in.size())
412	return in;
413
414	QString result;
415	result.reserve(asize: in.size());
416	result.append(uc: in.constData(), len: i);
417	bool allAscii = true;
418
419	for (QStringIterator iter(QStringView (in).sliced(pos: i)); iter.hasNext();) {
420	char32_t uc = iter.next();
421
422	// Fast path for ASCII-only inputs
423	if (Q_LIKELY(uc < `0x80`)) {
424	if (uc >= U`'A'` && uc <= U`'Z'`)
425	uc \|= `0x20`; // lower-case it
426
427	if (isValidInNormalizedAsciiName(c: uc)) {
428	result.append(c: static_cast<char16_t>(uc));
429	continue;
430	}
431	}
432
433	allAscii = false;
434
435	// Capital sharp S is a special case since UTR #46 revision 31 (Unicode 15.1)
436	if (uc == `0x1E9E` && options.testFlag(flag: QUrl::AceTransitionalProcessing)) {
437	result.append(s: u"ss"_s);
438	continue;
439	}
440
441	QUnicodeTables::IdnaStatus status = QUnicodeTables::idnaStatus(ucs4: uc);
442
443	if (status == QUnicodeTables::IdnaStatus::Deviation)
444	status = options.testFlag(flag: QUrl::AceTransitionalProcessing)
445	? QUnicodeTables::IdnaStatus::Mapped
446	: QUnicodeTables::IdnaStatus::Valid;
447
448	switch (status) {
449	case QUnicodeTables::IdnaStatus::Ignored:
450	continue;
451	case QUnicodeTables::IdnaStatus::Valid:
452	case QUnicodeTables::IdnaStatus::Disallowed:
453	for (auto c : QChar::fromUcs4(c: uc))
454	result.append(c);
455	break;
456	case QUnicodeTables::IdnaStatus::Mapped:
457	result.append(v: QUnicodeTables::idnaMapping(usc4: uc));
458	break;
459	default:
460	Q_UNREACHABLE();
461	}
462	}
463
464	*resultIsAscii = allAscii;
465	return result;
466	}
467
468	/*
469	Check the rules for an ASCII label.
470
471	Check the size restriction and that the label does not start or end with dashes.
472
473	The label should be nonempty.
474	*/
475	static bool validateAsciiLabel(QStringView label)
476	{
477	if (label.size() > MaxDomainLabelLength)
478	return false;
479
480	if (label.first() == u`'-'` \|\| label.last() == u`'-'`)
481	return false;
482
483	return std::all_of(first: label.begin(), last: label.end(), pred: isValidInNormalizedAsciiLabel<QChar>);
484	}
485
486	namespace {
487
488	class DomainValidityChecker
489	{
490	bool domainNameIsBidi = false;
491	bool hadBidiErrors = false;
492	bool ignoreBidiErrors;
493
494	static constexpr char32_t ZWNJ = U`'\u200C'`;
495	static constexpr char32_t ZWJ = U`'\u200D'`;
496
497	public:
498	DomainValidityChecker(bool ignoreBidiErrors = false) : ignoreBidiErrors(ignoreBidiErrors) { }
499	bool checkLabel(const QString &label, QUrl::AceProcessingOptions options);
500
501	private:
502	static bool checkContextJRules(QStringView label);
503	static bool checkBidiRules(QStringView label);
504	};
505
506	} // anonymous namespace
507
508	/*
509	Check CONTEXTJ rules according to RFC 5892, appendix A.1 & A.2.
510
511	Rule Set for U+200C (ZWNJ):
512
513	False;
514
515	If Canonical_Combining_Class(Before(cp)) .eq. Virama Then True;
516
517	If RegExpMatch((Joining_Type:{L,D})(Joining_Type:T)\u200C*
518
519	(Joining_Type:T)(Joining_Type:{R,D})) Then True;*
520
521	Rule Set for U+200D (ZWJ):
522
523	False;
524
525	If Canonical_Combining_Class(Before(cp)) .eq. Virama Then True;
526
527	*/
528	bool DomainValidityChecker::checkContextJRules(QStringView label)
529	{
530	constexpr unsigned char CombiningClassVirama = `9`;
531
532	enum class State {
533	Initial,
534	LD_T, // L,D with possible following T*
535	ZWNJ_T, // ZWNJ with possible following T*
536	};
537	State regexpState = State::Initial;
538	bool previousIsVirama = false;
539
540	for (QStringIterator iter(label); iter.hasNext();) {
541	auto ch = iter.next();
542
543	if (ch == ZWJ) {
544	if (!previousIsVirama)
545	return false;
546	regexpState = State::Initial;
547	} else if (ch == ZWNJ) {
548	if (!previousIsVirama && regexpState != State::LD_T)
549	return false;
550	regexpState = previousIsVirama ? State::Initial : State::ZWNJ_T;
551	} else {
552	switch (QChar::joiningType(ucs4: ch)) {
553	case QChar::Joining_Left:
554	if (regexpState == State::ZWNJ_T)
555	return false;
556	regexpState = State::LD_T;
557	break;
558	case QChar::Joining_Right:
559	regexpState = State::Initial;
560	break;
561	case QChar::Joining_Dual:
562	regexpState = State::LD_T;
563	break;
564	case QChar::Joining_Transparent:
565	break;
566	default:
567	regexpState = State::Initial;
568	break;
569	}
570	}
571
572	previousIsVirama = QChar::combiningClass(ucs4: ch) == CombiningClassVirama;
573	}
574
575	return regexpState != State::ZWNJ_T;
576	}
577
578	/*
579	Check if the label conforms to BiDi rule of RFC 5893.
580
581	1. The first character must be a character with Bidi property L, R,
582	or AL. If it has the R or AL property, it is an RTL label; if it
583	has the L property, it is an LTR label.
584
585	2. In an RTL label, only characters with the Bidi properties R, AL,
586	AN, EN, ES, CS, ET, ON, BN, or NSM are allowed.
587
588	3. In an RTL label, the end of the label must be a character with
589	Bidi property R, AL, EN, or AN, followed by zero or more
590	characters with Bidi property NSM.
591
592	4. In an RTL label, if an EN is present, no AN may be present, and
593	vice versa.
594
595	5. In an LTR label, only characters with the Bidi properties L, EN,
596	ES, CS, ET, ON, BN, or NSM are allowed.
597
598	6. In an LTR label, the end of the label must be a character with
599	Bidi property L or EN, followed by zero or more characters with
600	Bidi property NSM.
601	*/
602	bool DomainValidityChecker::checkBidiRules(QStringView label)
603	{
604	if (label.isEmpty())
605	return true;
606
607	QStringIterator iter(label);
608	Q_ASSERT(iter.hasNext());
609
610	char32_t ch = iter.next();
611	bool labelIsRTL = false;
612
613	switch (QChar::direction(ucs4: ch)) {
614	case QChar::DirL:
615	break;
616	case QChar::DirR:
617	case QChar::DirAL:
618	labelIsRTL = true;
619	break;
620	default:
621	return false;
622	}
623
624	bool tailOk = true;
625	bool labelHasEN = false;
626	bool labelHasAN = false;
627
628	while (iter.hasNext()) {
629	ch = iter.next();
630
631	switch (QChar::direction(ucs4: ch)) {
632	case QChar::DirR:
633	case QChar::DirAL:
634	if (!labelIsRTL)
635	return false;
636	tailOk = true;
637	break;
638
639	case QChar::DirL:
640	if (labelIsRTL)
641	return false;
642	tailOk = true;
643	break;
644
645	case QChar::DirES:
646	case QChar::DirCS:
647	case QChar::DirET:
648	case QChar::DirON:
649	case QChar::DirBN:
650	tailOk = false;
651	break;
652
653	case QChar::DirNSM:
654	break;
655
656	case QChar::DirAN:
657	if (labelIsRTL) {
658	if (labelHasEN)
659	return false;
660	labelHasAN = true;
661	tailOk = true;
662	} else {
663	return false;
664	}
665	break;
666
667	case QChar::DirEN:
668	if (labelIsRTL) {
669	if (labelHasAN)
670	return false;
671	labelHasEN = true;
672	}
673	tailOk = true;
674	break;
675
676	default:
677	return false;
678	}
679	}
680
681	return tailOk;
682	}
683
684	/*
685	Check if the given label is valid according to UTS #46 validity criteria.
686
687	NFC check can be skipped if the label was transformed to NFC before calling
688	this function (as optimization).
689
690	The domain name is considered invalid if this function returns false at least
691	once.
692
693	1. The label must be in Unicode Normalization Form NFC.
694	2. If CheckHyphens, the label must not contain a U+002D HYPHEN-MINUS character
695	in both the third and fourth positions.
696	3. If CheckHyphens, the label must neither begin nor end with a U+002D HYPHEN-MINUS character.
697	4. The label must not contain a U+002E ( . ) FULL STOP.
698	5. The label must not begin with a combining mark, that is: General_Category=Mark.
699	6. Each code point in the label must only have certain status values according to Section 5,
700	IDNA Mapping Table:
701	1. For Transitional Processing, each value must be valid.
702	2. For Nontransitional Processing, each value must be either valid or deviation.
703	7. If CheckJoiners, the label must satisfy the ContextJ rules from Appendix A, in The Unicode
704	Code Points and Internationalized Domain Names for Applications (IDNA).
705	8. If CheckBidi, and if the domain name is a Bidi domain name, then the label must satisfy
706	all six of the numbered conditions in RFC 5893, Section 2.
707
708	NOTE: Don't use QStringView for label, so that call to QString::normalized() can avoid
709	memory allocation when there is nothing to normalize.
710	*/
711	bool DomainValidityChecker::checkLabel(const QString &label, QUrl::AceProcessingOptions options)
712	{
713	if (label.isEmpty())
714	return true;
715
716	if (label != label.normalized(mode: QString::NormalizationForm_C))
717	return false;
718
719	if (label.size() >= `4`) {
720	// This assumes that the first two characters are in BMP, but that's ok
721	// because non-BMP characters are unlikely to be used for specifying
722	// future extensions.
723	if (label [`2`] == u`'-'` && label [`3`] == u`'-'`)
724	return ignoreBidiErrors && label.startsWith(s: u"xn") && validateAsciiLabel(label);
725	}
726
727	if (label.startsWith(c: u`'-'`) \|\| label.endsWith(c: u`'-'`))
728	return false;
729
730	if (label.contains(c: u`'.'`))
731	return false;
732
733	QStringIterator iter(label);
734	auto c = iter.next();
735
736	if (QChar::isMark(ucs4: c))
737	return false;
738
739	// As optimization, CONTEXTJ rules check can be skipped if no
740	// ZWJ/ZWNJ characters were found during the first pass.
741	bool hasJoiners = false;
742
743	for (;;) {
744	hasJoiners = hasJoiners \|\| c == ZWNJ \|\| c == ZWJ;
745
746	if (!ignoreBidiErrors && !domainNameIsBidi) {
747	switch (QChar::direction(ucs4: c)) {
748	case QChar::DirR:
749	case QChar::DirAL:
750	case QChar::DirAN:
751	domainNameIsBidi = true;
752	if (hadBidiErrors)
753	return false;
754	break;
755	default:
756	break;
757	}
758	}
759
760	switch (QUnicodeTables::idnaStatus(ucs4: c)) {
761	case QUnicodeTables::IdnaStatus::Valid:
762	break;
763	case QUnicodeTables::IdnaStatus::Deviation:
764	if (options.testFlag(flag: QUrl::AceTransitionalProcessing))
765	return false;
766	break;
767	default:
768	return false;
769	}
770
771	if (!iter.hasNext())
772	break;
773	c = iter.next();
774	}
775
776	if (hasJoiners && !checkContextJRules(label))
777	return false;
778
779	hadBidiErrors = hadBidiErrors \|\| !checkBidiRules(label);
780
781	if (domainNameIsBidi && hadBidiErrors)
782	return false;
783
784	return true;
785	}
786
787	static QString convertToAscii(QStringView normalizedDomain, AceLeadingDot dot)
788	{
789	qsizetype lastIdx = `0`;
790	QString aceForm; // this variable is here for caching
791	QString aceResult;
792
793	while (true) {
794	qsizetype idx = normalizedDomain.indexOf(c: u`'.'`, from: lastIdx);
795	if (idx == -`1`)
796	idx = normalizedDomain.size();
797
798	const qsizetype labelLength = idx - lastIdx;
799	if (labelLength) {
800	const auto label = normalizedDomain.sliced(pos: lastIdx, n: labelLength);
801	aceForm.clear();
802	qt_punycodeEncoder(in: label, output: &aceForm);
803	if (aceForm.isEmpty())
804	return {};
805
806	aceResult.append(s: aceForm);
807	}
808
809	if (idx == normalizedDomain.size())
810	break;
811
812	if (labelLength == `0` && (dot == ForbidLeadingDot \|\| idx > `0`))
813	return {}; // two delimiters in a row -- empty label not allowed
814
815	lastIdx = idx + `1`;
816	aceResult += u`'.'`;
817	}
818
819	return aceResult;
820	}
821
822	static bool checkAsciiDomainName(QStringView normalizedDomain, AceLeadingDot dot,
823	bool *usesPunycode)
824	{
825	qsizetype lastIdx = `0`;
826	bool hasPunycode = false;
827	usesPunycode = false*;
828
829	while (lastIdx < normalizedDomain.size()) {
830	auto idx = normalizedDomain.indexOf(c: u`'.'`, from: lastIdx);
831	if (idx == -`1`)
832	idx = normalizedDomain.size();
833
834	const auto labelLength = idx - lastIdx;
835	if (labelLength == `0`) {
836	if (idx == normalizedDomain.size())
837	break;
838	if (dot == ForbidLeadingDot \|\| idx > `0`)
839	return false; // two delimiters in a row -- empty label not allowed
840	} else {
841	const auto label = normalizedDomain.sliced(pos: lastIdx, n: labelLength);
842	if (!validateAsciiLabel(label))
843	return false;
844
845	hasPunycode = hasPunycode \|\| label.startsWith(s: "xn--"_L1);
846	}
847
848	lastIdx = idx + `1`;
849	}
850
851	*usesPunycode = hasPunycode;
852	return true;
853	}
854
855	static QString convertToUnicode(const QString &asciiDomain, QUrl::AceProcessingOptions options)
856	{
857	QString result;
858	result.reserve(asize: asciiDomain.size());
859	qsizetype lastIdx = `0`;
860
861	DomainValidityChecker checker;
862
863	while (true) {
864	auto idx = asciiDomain.indexOf(c: u`'.'`, from: lastIdx);
865	if (idx == -`1`)
866	idx = asciiDomain.size();
867
868	const auto labelLength = idx - lastIdx;
869	if (labelLength == `0`) {
870	if (idx == asciiDomain.size())
871	break;
872	} else {
873	const auto label = asciiDomain.sliced(pos: lastIdx, n: labelLength);
874	const auto unicodeLabel = qt_punycodeDecoder(pc: label);
875
876	if (unicodeLabel.isEmpty())
877	return asciiDomain;
878
879	if (!checker.checkLabel(label: unicodeLabel, options))
880	return asciiDomain;
881
882	result.append(s: unicodeLabel);
883	}
884
885	if (idx == asciiDomain.size())
886	break;
887
888	lastIdx = idx + `1`;
889	result += u`'.'`;
890	}
891	return result;
892	}
893
894	static bool checkUnicodeName(const QString &domainName, QUrl::AceProcessingOptions options)
895	{
896	qsizetype lastIdx = `0`;
897
898	DomainValidityChecker checker(true);
899
900	while (true) {
901	qsizetype idx = domainName.indexOf(c: u`'.'`, from: lastIdx);
902	if (idx == -`1`)
903	idx = domainName.size();
904
905	const qsizetype labelLength = idx - lastIdx;
906	if (labelLength) {
907	const auto label = domainName.sliced(pos: lastIdx, n: labelLength);
908
909	if (!checker.checkLabel(label, options))
910	return false;
911	}
912
913	if (idx == domainName.size())
914	break;
915
916	lastIdx = idx + `1`;
917	}
918	return true;
919	}
920
921	QString qt_ACE_do(const QString &domain, AceOperation op, AceLeadingDot dot,
922	QUrl::AceProcessingOptions options)
923	{
924	if (domain.isEmpty())
925	return {};
926
927	bool mappedToAscii;
928	const QString mapped = mapDomainName(in: domain, options, resultIsAscii: &mappedToAscii);
929	const QString normalized =
930	mappedToAscii ? mapped : mapped.normalized(mode: QString::NormalizationForm_C);
931
932	if (normalized.isEmpty())
933	return {};
934
935	if (!mappedToAscii && !checkUnicodeName(domainName: normalized, options))
936	return {};
937
938	bool needsConversionToUnicode;
939	const QString aceResult = mappedToAscii ? normalized : convertToAscii(normalizedDomain: normalized, dot);
940	if (aceResult.isEmpty() \|\| !checkAsciiDomainName(normalizedDomain: aceResult, dot, usesPunycode: &needsConversionToUnicode))
941	return {};
942
943	if (op == ToAceOnly \|\| !needsConversionToUnicode
944	\|\| (!options.testFlag(flag: QUrl::IgnoreIDNWhitelist) && !qt_is_idn_enabled(aceDomain: aceResult))) {
945	return aceResult;
946	}
947
948	return convertToUnicode(asciiDomain: aceResult, options);
949	}
950
951	/!*
952	\since 4.2
953
954	Returns the current whitelist of top-level domains that are allowed
955	to have non-ASCII characters in their compositions.
956
957	See setIdnWhitelist() for the rationale of this list.
958
959	\sa AceProcessingOption
960	*/
961	QStringList QUrl::idnWhitelist()
962	{
963	if (user_idn_whitelist)
964	return *user_idn_whitelist;
965	static const QStringList list = [] {
966	QStringList list;
967	list.reserve(asize: idn_whitelist.count());
968	int i = `0`;
969	while (i < idn_whitelist.count()) {
970	list << QLatin1StringView (idn_whitelist.at(index: i));
971	++i;
972	}
973	return list;
974	}();
975	return list;
976	}
977
978	/!*
979	\since 4.2
980
981	Sets the whitelist of Top-Level Domains (TLDs) that are allowed to have
982	non-ASCII characters in domains to the value of \a list.
983
984	Note that if you call this function, you need to do so \e before
985	you start any threads that might access idnWhitelist().
986
987	Qt comes with a default list that contains the Internet top-level domains
988	that have published support for Internationalized Domain Names (IDNs)
989	and rules to guarantee that no deception can happen between similarly-looking
990	characters (such as the Latin lowercase letter \c 'a' and the Cyrillic
991	equivalent, which in most fonts are visually identical).
992
993	This list is periodically maintained, as registrars publish new rules.
994
995	This function is provided for those who need to manipulate the list, in
996	order to add or remove a TLD. It is not recommended to change its value
997	for purposes other than testing, as it may expose users to security risks.
998	*/
999	void QUrl::setIdnWhitelist(const QStringList &list)
1000	{
1001	if (!user_idn_whitelist)
1002	user_idn_whitelist = new QStringList;
1003	*user_idn_whitelist = list;
1004	}
1005
1006	QT_END_NAMESPACE
1007

source code of qtbase/src/corelib/io/qurlidna.cpp