Issue 1801 - Use URL objects to process URLs in the background page

lib/url.js

Index: lib/url.js
===================================================================
--- a/lib/url.js
+++ b/lib/url.js
@@ -45,3 +45,116 @@
 
   return URL;
 })();
+
+/**
+ * Gets the IDN-decoded hostname from a URL object.
+ *
+ * @param {URL} [url]
+ * @return {string}
+ */
+function getDecodedHostname(url)
+{
+  let hostname = url.hostname;
+
+  if (hostname.indexOf("xn--") == -1)
+    return hostname;
+
+  return punycode.toUnicode(hostname);
+}
+exports.getDecodedHostname = getDecodedHostname;
+
+/**
+ * Gets the IDN-decoded hostname from the URL of a frame.
+ * If the URL don't have host information (like "about:blank"
+ * and "data:" URLs) it falls back to the parent frame.
+ *
+ * @param {Frame} [frame]
+ * @return {string}
+ */
+function extractHostFromFrame(frame)
+{
+  for (; frame; frame = frame.parent)
+  {
+    let hostname = getDecodedHostname(frame.url);
+    if (hostname)
+      return hostname;
+  }
+
+  return "";
+}
+exports.extractHostFromFrame = extractHostFromFrame;
+
+/**
+ * Converts a URL object into a string. For HTTP(S) URLs the hash and
+ * auth crendetials are stripped, and the hostname gets IDN-decoded.
+ *
+ * @param {URL} [url]
+ * @return {string}
+ */
+function stringifyURL(url)
+{
+  let protocol = url.protocol;
+  if (protocol != "http:" && protocol != "https:")
+    return url.href;
+
+  let host = getDecodedHostname(url);
+  if (url.port)
+    host += ":" + url.port;
+  return protocol + "//" + host + url.pathname + url.search;
+}
+exports.stringifyURL = stringifyURL;
+
+function isDomain(hostname)
+{
+  // IPv4 address, also considering hexadecimal octets.
+  if (/^((0x[\da-f]+|\d+)(\.|$)){4}$/i.test(hostname))

[Wladimir Palant, 2015/02/11 13:45:45]

This won't accept "0x5bec7a38" - should be {1,4} I guess? Or maybe just keep the
number of octets arbitrary, for simplicity? Meaning:
/^((0x[\da-f]+|\d+)(\.|$))+$/i

[Sebastian Noack, 2015/02/11 17:07:06]

Even better; arbitrary and optional. So we also bail out if there is no
hostname, like for about:blank URLs.

+    return false;
+
+  // IPv6 address. Since there can't be colons in domains, we can
+  // just check whether there are any colons to exclude IPv6 addresses.
+  return hostname.indexOf(":") == -1;
+}
+
+function getBaseDomain(hostname)
+{
+  let bits = hostname.split(".");
+  let cutoff = bits.length - 2;
+
+  for (let i = 0; i < bits.length; i++)
+  {
+    let offset = publicSuffixes[bits.slice(i).join(".")];
+
+    if (typeof offset != "undefined")
+    {
+      cutoff = i - offset;
+      break;
+    }
+  }
+
+  if (cutoff <= 0)
+    return hostname;
+
+  return bits.slice(cutoff).join(".");
+}
+
+/**
+ * Checks whether the request's origin is different from the document's origin.
+ *
+ * @param {URL}    [url]          The request URL
+ * @param {string} [documentHost] The IDN-decoded hostname of the document
+ * @return {Boolean}
+ */
+function isThirdParty(url, documentHost)
+{
+  let requestHost = getDecodedHostname(url).replace(/\.+$/, "");
+  documentHost = documentHost.replace(/\.+$/, "");
+
+  if (requestHost == documentHost)
+    return false;
+
+  if (!isDomain(requestHost) || !isDomain(documentHost))
+    return true;
+
+  return getBaseDomain(requestHost) != getBaseDomain(documentHost);
+}
+exports.isThirdParty = isThirdParty;