[Import Maps] Do not allow prefix matching for non-special schemes

Reflecting
https://github.com/WICG/import-maps/pull/227

Bug: 848607, https://github.com/WICG/import-maps/issues/166
Change-Id: Ide80e105fc57dfa35a66051b241b699fa969fcec
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2491594
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#833322}

third_party/blink/renderer/core/script/import_map.cc

@@ -431,6 +431,15 @@ base::Optional<KURL> ImportMap::ResolveImportsMatch(
     return ResolveImportsMatchInternal(key, exact, debug_message);
   }
 
+  // <spec step="1.2">... either asURL is null, or asURL is special</spec>
+  if (parsed_specifier.GetType() == ParsedSpecifier::Type::kURL &&
+      !SchemeRegistry::IsSpecialScheme(parsed_specifier.GetUrl().Protocol())) {
+    *debug_message = "Import Map: \"" + key +
+                     "\" skips prefix match because of non-special URL scheme";
+
+    return base::nullopt;
+  }
+
   // Step 1.2.
   if (auto prefix_match = MatchPrefix(parsed_specifier, specifier_map)) {
     return ResolveImportsMatchInternal(key, *prefix_match, debug_message);

third_party/blink/renderer/platform/weborigin/scheme_registry.cc

@@ -320,6 +320,13 @@ bool SchemeRegistry::IsFetchScheme(const String& scheme) {
          scheme == "http" || scheme == "https";
 }
 
+// https://url.spec.whatwg.org/#special-scheme
+bool SchemeRegistry::IsSpecialScheme(const String& scheme) {
+  DCHECK_EQ(scheme, scheme.LowerASCII());
+  return scheme == "ftp" || scheme == "file" || scheme == "http" ||
+         scheme == "https" || scheme == "ws" || scheme == "wss";
+}
+
 void SchemeRegistry::RegisterURLSchemeAsFirstPartyWhenTopLevel(
     const String& scheme) {
   DCHECK_EQ(scheme, scheme.LowerASCII());

third_party/blink/renderer/platform/weborigin/scheme_registry.h

@@ -110,6 +110,9 @@ class PLATFORM_EXPORT SchemeRegistry {
   // https://fetch.spec.whatwg.org/#fetch-scheme
   static bool IsFetchScheme(const String& scheme);
 
+  // https://url.spec.whatwg.org/#special-scheme
+  static bool IsSpecialScheme(const String& scheme);
+
   // Schemes which override the first-/third-party checks on a Document.
   static void RegisterURLSchemeAsFirstPartyWhenTopLevel(const String& scheme);
   static void RemoveURLSchemeAsFirstPartyWhenTopLevel(const String& scheme);

third_party/blink/web_tests/external/wpt/import-maps/data-driven/resolving-internal.https-expected.txt

-This is a testharness.js-based test.
-PASS global setup
-PASS Test helper: fetching and sanity checking test JSON: resources/empty-import-map-internal.json
-PASS Test helper: fetching and sanity checking test JSON: resources/url-specifiers-schemes-internal.json
-PASS global cleanup
-PASS non-HTTPS fetch scheme absolute URLs: about:fetch-scheme
-PASS non-fetch scheme absolute URLs: about:fetch-scheme
-PASS non-fetch scheme absolute URLs: mailto:non-fetch-scheme
-PASS non-fetch scheme absolute URLs: import:non-fetch-scheme
-PASS non-fetch scheme absolute URLs: javascript:non-fetch-scheme
-PASS non-fetch scheme absolute URLs: wss:non-fetch-scheme
-FAIL URL-like specifiers: Non-special vs. special schemes: data:text/javascript,console.log('foo') assert_equals: expected "data:text/javascript,console.log('foo')" but got "https://example.com/lib/test-data/javascript,console.log('foo')"
-PASS URL-like specifiers: Non-special vs. special schemes: data:text/
-FAIL URL-like specifiers: Non-special vs. special schemes: about:text/foo assert_equals: expected "about:text/foo" but got "https://example.com/lib/test-about/foo"
-PASS URL-like specifiers: Non-special vs. special schemes: about:text/
-FAIL URL-like specifiers: Non-special vs. special schemes: blob:text/foo assert_equals: expected "blob:text/foo" but got "https://example.com/lib/test-blob/foo"
-PASS URL-like specifiers: Non-special vs. special schemes: blob:text/
-FAIL URL-like specifiers: Non-special vs. special schemes: blah:text/foo assert_equals: expected "blah:text/foo" but got "https://example.com/lib/test-blah/foo"
-PASS URL-like specifiers: Non-special vs. special schemes: blah:text/
-PASS URL-like specifiers: Non-special vs. special schemes: http:text/foo
-PASS URL-like specifiers: Non-special vs. special schemes: http:text/
-PASS URL-like specifiers: Non-special vs. special schemes: https:text/foo
-PASS URL-like specifiers: Non-special vs. special schemes: https:text/
-PASS URL-like specifiers: Non-special vs. special schemes: ftp:text/foo
-PASS URL-like specifiers: Non-special vs. special schemes: ftp:text/
-PASS URL-like specifiers: Non-special vs. special schemes: file:text/foo
-PASS URL-like specifiers: Non-special vs. special schemes: file:text/
-PASS URL-like specifiers: Non-special vs. special schemes: ws:text/foo
-PASS URL-like specifiers: Non-special vs. special schemes: ws:text/
-PASS URL-like specifiers: Non-special vs. special schemes: wss:text/foo
-PASS URL-like specifiers: Non-special vs. special schemes: wss:text/
-Harness: the test ran to completion.
-