Changes session service to not persist NavigationEntries that have

POST data. This is a security problem as POST data can contain passwords in plain text. BUG=1361980 TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2063 0039d316-1c4b-4281-b951-d872f2087c98
author: sky@google.com <sky@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-09-11 16:41:18 +0000
committer: sky@google.com <sky@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-09-11 16:41:18 +0000
commit: 1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e (patch)
tree: dd7646cf1753020a6a6c072ca43b2b75512e82ff /chrome/browser/session_service.cc
parent: 5ac1b2fdabf03b301afd93cbda9a58268a8c70ec (diff)
download: chromium_src-1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e.zip
chromium_src-1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e.tar.gz
chromium_src-1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e.tar.bz2
1 files changed, 13 insertions, 7 deletions
diff --git a/chrome/browser/session_service.cc b/chrome/browser/session_service.cc
index fe582d1..9784f8c 100644
--- a/chrome/browser/session_service.cc
+++ b/chrome/browser/session_service.cc
@@ -290,8 +290,7 @@ void SessionService::UpdateTabNavigation(const SessionID& window_id,
                                          const SessionID& tab_id,
                                          int index,
                                          const NavigationEntry& entry) {
-  if (!entry.display_url().is_valid() ||
-      !ShouldTrackChangesToWindow(window_id))
+  if (!ShouldTrackEntry(entry) || !ShouldTrackChangesToWindow(window_id))
     return;
 
   if (tab_to_available_range_.find(tab_id.id()) !=
@@ -901,10 +900,12 @@ void SessionService::BuildCommandsForTab(
     const NavigationEntry* entry = (i == pending_index) ?
         controller->GetPendingEntry() : controller->GetEntryAtIndex(i);
     DCHECK(entry);
-    commands->push_back(
-        CreateUpdateTabNavigationCommand(controller->session_id(),
-                                         i,
-                                         *entry));
+    if (ShouldTrackEntry(*entry)) {
+      commands->push_back(
+          CreateUpdateTabNavigationCommand(controller->session_id(),
+                                           i,
+                                           *entry));
+    }
   }
   commands->push_back(
       CreateSetSelectedNavigationIndexCommand(controller->session_id(),
@@ -1137,9 +1138,14 @@ bool SessionService::ShouldTrackChangesToWindow(const SessionID& window_id) {
   return windows_tracking_.find(window_id.id()) != windows_tracking_.end();
 }
 
+bool SessionService::ShouldTrackEntry(const NavigationEntry& entry) {
+  // Don't track entries that have post data. Post data may contain passwords
+  // and other sensitive data users don't want stored to disk.
+  return entry.display_url().is_valid() && !entry.has_post_data();
+}
+
 // InternalSavedSessionRequest ------------------------------------------------
 
 SessionService::InternalSavedSessionRequest::~InternalSavedSessionRequest() {
   STLDeleteElements(&commands);
 }
-
author	sky@google.com <sky@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-09-11 16:41:18 +0000
committer	sky@google.com <sky@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-09-11 16:41:18 +0000
commit	1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e (patch)
tree	dd7646cf1753020a6a6c072ca43b2b75512e82ff /chrome/browser/session_service.cc
parent	5ac1b2fdabf03b301afd93cbda9a58268a8c70ec (diff)
download	chromium_src-1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e.zip chromium_src-1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e.tar.gz chromium_src-1b2d1bb6e8acca107f19d7e7b26492ad5e033f3e.tar.bz2