diff options
author | jered@chromium.org <jered@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-30 16:49:21 +0000 |
---|---|---|
committer | jered@chromium.org <jered@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-30 16:49:21 +0000 |
commit | 9eb893bc77cfc02b47ea061e878e7104240c48ac (patch) | |
tree | 12c7bfcff54a78010237f1819493538a3818c098 | |
parent | 019794e472f3e8d914155938fbf5a935a0d184c8 (diff) | |
download | chromium_src-9eb893bc77cfc02b47ea061e878e7104240c48ac.zip chromium_src-9eb893bc77cfc02b47ea061e878e7104240c48ac.tar.gz chromium_src-9eb893bc77cfc02b47ea061e878e7104240c48ac.tar.bz2 |
Merge 200971 "Switch from a whitelist of OK schema to send to th..."
> Switch from a whitelist of OK schema to send to the page to a blacklist of bad schema, to fix queries like define:foo and site:wikipedia.org.
>
> BUG=240489
>
> Review URL: https://chromiumcodereview.appspot.com/14655025
TBR=dcblack@chromium.org
Review URL: https://codereview.chromium.org/16150006
git-svn-id: svn://svn.chromium.org/chrome/branches/1500/src@203163 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | chrome/renderer/searchbox/searchbox_extension.cc | 19 | ||||
-rw-r--r-- | chrome/renderer/searchbox/searchbox_extension_unittest.cc | 10 |
2 files changed, 14 insertions, 15 deletions
diff --git a/chrome/renderer/searchbox/searchbox_extension.cc b/chrome/renderer/searchbox/searchbox_extension.cc index 29b77a9..273c73f 100644 --- a/chrome/renderer/searchbox/searchbox_extension.cc +++ b/chrome/renderer/searchbox/searchbox_extension.cc @@ -242,16 +242,11 @@ bool IsSensitiveInput(const string16& query) { // IsQuerySuitableForSuggest function.) // First we check the scheme: if this looks like a URL with a scheme that is - // not http/https/ftp, we shouldn't send it. Sending things like file: and - // data: is a waste of time and a disclosure of potentially private, local - // data. Other "schemes" may actually be usernames, and we don't want to - // send passwords. If the scheme is OK, we still need to check other cases - // below. - if (!LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpScheme) && - !LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpsScheme) && - !LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFtpScheme)) { + // file, we shouldn't send it. Sending such things is a waste of time and a + // disclosure of potentially private, local data. If the scheme is OK, we + // still need to check other cases below. + if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFileScheme)) return true; - } // Don't send URLs with usernames, queries or refs. Some of these are // private, and the Suggest server is unlikely to have any useful results @@ -261,17 +256,15 @@ bool IsSensitiveInput(const string16& query) { // server is once again unlikely to have and useful results. if (!query_as_url.username().empty() || !query_as_url.port().empty() || - !query_as_url.query().empty() || !query_as_url.ref().empty()) { + !query_as_url.query().empty() || !query_as_url.ref().empty()) return true; - } // Don't send anything for https except the hostname. Hostnames are OK // because they are visible when the TCP connection is established, but the // specific path may reveal private information. if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpsScheme) && - !query_as_url.path().empty() && query_as_url.path() != "/") { + !query_as_url.path().empty() && query_as_url.path() != "/") return true; - } } return false; } diff --git a/chrome/renderer/searchbox/searchbox_extension_unittest.cc b/chrome/renderer/searchbox/searchbox_extension_unittest.cc index b2b0420..46371cd 100644 --- a/chrome/renderer/searchbox/searchbox_extension_unittest.cc +++ b/chrome/renderer/searchbox/searchbox_extension_unittest.cc @@ -17,12 +17,18 @@ TEST(SearchboxExtensionTest, RestrictedInput) { // An http URL. EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("http://www.example.com/foo/bar"))); - // Something with an odd scheme. + // Something with a sensitive file: scheme. EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("file://foo"))); - EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("asdf://bar"))); // Verify all caps isn't a workaround. EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("FILE://foo"))); + // A define: query or site: query should be fine. + EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("define:foo"))); + EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("site:example.com"))); + + // FTP is fine. + EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("ftp://bar"))); + // A url with a port is bad. EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("http://www.example.com:1000"))); EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("http://foo:1000"))); |