Apply CSP to chrome: and about: pages

Apply Content Security Policy to the chrome://credits page, and the other pages handled by browser_about_handler.cc while we're at it.  Move inline JS out of several html files.  Move top-level page generation to the about_handler.cc, with tracked_objects.cc/hisogram.cc generating markup fragments to be included.  This keeps this files agnostic to CSP issues.  Also fix an output encoding issue in the <title> of some pages.
Review URL: http://codereview.chromium.org/7215034

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90788 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 5 insertions, 45 deletions

diff --git a/base/metrics/histogram.cc b/base/metrics/histogram.cc
index 2441c51..dbd7278 100644
--- a/base/metrics/histogram.cc
+++ b/base/metrics/histogram.cc
@@ -1064,13 +1064,6 @@ void StatisticsRecorder::WriteHTMLGraph(const std::string& query,
                                         std::string* output) {
   if (!IsActive())
     return;
-  output->append("<html><head><title>About Histograms");
-  if (!query.empty())
-    output->append(" - " + query);
-  output->append("</title>"
-                 // We'd like the following no-cache... but it doesn't work.
-                 // "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">"
-                 "</head><body>");
 
   Histograms snapshot;
   GetSnapshot(query, &snapshot);
@@ -1080,7 +1073,6 @@ void StatisticsRecorder::WriteHTMLGraph(const std::string& query,
     (*it)->WriteHTMLGraph(output);
     output->append("<br><hr><br>");
   }
-  output->append("</body></html>");
 }
 
 // static
diff --git a/base/tracked_objects.cc b/base/tracked_objects.cc
index b5fc146..f7fd0c2 100644
--- a/base/tracked_objects.cc
+++ b/base/tracked_objects.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -131,44 +131,12 @@ ThreadData* ThreadData::current() {
   return registry;
 }
 
-// Do mininimal fixups for searching function names.
-static std::string UnescapeQuery(const std::string& query) {
-  std::string result;
-  for (size_t i = 0; i < query.size(); i++) {
-    char next = query[i];
-    if ('%' == next && i + 2 < query.size()) {
-      std::string hex = query.substr(i + 1, 2);
-      char replacement = '\0';
-      // Only bother with "<", ">", and " ".
-      if (LowerCaseEqualsASCII(hex, "3c"))
-        replacement ='<';
-      else if (LowerCaseEqualsASCII(hex, "3e"))
-        replacement = '>';
-      else if (hex == "20")
-        replacement = ' ';
-      if (replacement) {
-        next = replacement;
-        i += 2;
-      }
-    }
-    result.push_back(next);
-  }
-  return result;
-}
-
 // static
 void ThreadData::WriteHTML(const std::string& query, std::string* output) {
   if (!ThreadData::IsActive())
     return;  // Not yet initialized.
 
   DCHECK(ThreadData::current());
-
-  output->append("<html><head><title>About Tasks");
-  std::string escaped_query = UnescapeQuery(query);
-  if (!escaped_query.empty())
-    output->append(" - " + escaped_query);
-  output->append("</title></head><body><pre>");
-
   DataCollector collected_data;  // Gather data.
   collected_data.AddListOfLivingObjects();  // Add births that are still alive.
 
@@ -177,7 +145,7 @@ void ThreadData::WriteHTML(const std::string& query, std::string* output) {
 
   // Create filtering and sort comparison object.
   Comparator comparator;
-  comparator.ParseQuery(escaped_query);
+  comparator.ParseQuery(query);
 
   // Filter out acceptable (matching) instances.
   DataCollector::Collection match_array;
@@ -222,7 +190,6 @@ void ThreadData::WriteHTML(const std::string& query, std::string* output) {
     "If you wish to monitor Renderer events, be sure to run in --single-process"
     " mode.";
   output->append(help_string);
-  output->append("</body></html>");
 }
 
 // static
diff --git a/base/tracked_objects.h b/base/tracked_objects.h
index 561eaee..5954f16 100644
--- a/base/tracked_objects.h
+++ b/base/tracked_objects.h
@@ -424,7 +424,7 @@ class BASE_API Comparator {
   // Translate a keyword and restriction in URL path to a selector for sorting.
   void ParseKeyphrase(const std::string& key_phrase);
 
-  // Parse a query in an about:tasks URL to decide on sort ordering.
+  // Parse a query to decide on sort ordering.
   bool ParseQuery(const std::string& query);
 
   // Output a header line that can be used to indicated what items will be
@@ -480,7 +480,8 @@ class BASE_API ThreadData {
   // return null.
   static ThreadData* current();
 
-  // For a given about:tasks URL, develop resulting HTML, and append to output.
+  // For a given (unescaped) about:tasks query, develop resulting HTML, and
+  // append to output.
   static void WriteHTML(const std::string& query, std::string* output);
 
   // For a given accumulated array of results, use the comparator to sort and