AutoFill: Limit the size of form field data as a temporary solution to DOS'ing

the browser with extremely large field data. BUG=49332 TEST=none Review URL: http://codereview.chromium.org/2811058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53117 0039d316-1c4b-4281-b951-d872f2087c98
author: jhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-07-20 23:04:41 +0000
committer: jhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-07-20 23:04:41 +0000
commit: d9a203d819e0b902dbb20ef939f2b81c89469fed (patch)
tree: 56241aaa1c7d4ab7fe579adfe58c92463a5ec761
parent: e3987391a5e1768b03868737d7ce05b51d3ef630 (diff)
download: chromium_src-d9a203d819e0b902dbb20ef939f2b81c89469fed.zip
chromium_src-d9a203d819e0b902dbb20ef939f2b81c89469fed.tar.gz
chromium_src-d9a203d819e0b902dbb20ef939f2b81c89469fed.tar.bz2
1 files changed, 11 insertions, 0 deletions
diff --git a/chrome/renderer/form_manager.cc b/chrome/renderer/form_manager.cc
index f3309c98..0af0f4a 100644
--- a/chrome/renderer/form_manager.cc
+++ b/chrome/renderer/form_manager.cc
@@ -45,6 +45,9 @@ namespace {
 // it's not necessary.
 const size_t kRequiredAutoFillFields = 3;
 
+// The maximum length allowed for form data.
+const size_t kMaxDataLength = 1024;
+
 // This is a helper function for the FindChildText() function.
 // Returns the aggregated values of the descendants or siblings of |node| that
 // are non-empty text nodes.  This is a faster alternative to |innerText()| for
@@ -253,6 +256,14 @@ void FormManager::WebFormControlElementToFormField(
     WebSelectElement select_element = e.to<WebSelectElement>();
     value = select_element.value();
   }
+
+  // TODO(jhawkins): This is a temporary stop-gap measure designed to prevent
+  // a malicious site from DOS'ing the browser with extremely large profile
+  // data.  The correct solution is to parse this data asynchronously.
+  // See http://crbug.com/49332.
+  if (value.size() > kMaxDataLength)
+    value = value.substr(kMaxDataLength);
+
   field->set_value(value);
 }
author	jhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-07-20 23:04:41 +0000
committer	jhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-07-20 23:04:41 +0000
commit	d9a203d819e0b902dbb20ef939f2b81c89469fed (patch)
tree	56241aaa1c7d4ab7fe579adfe58c92463a5ec761
parent	e3987391a5e1768b03868737d7ce05b51d3ef630 (diff)
download	chromium_src-d9a203d819e0b902dbb20ef939f2b81c89469fed.zip chromium_src-d9a203d819e0b902dbb20ef939f2b81c89469fed.tar.gz chromium_src-d9a203d819e0b902dbb20ef939f2b81c89469fed.tar.bz2