diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-01 05:51:57 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-01 05:51:57 +0000 |
| commit | 2694360972967479c10a345f16f716ac850f78b3 (patch) | |
| tree | 425c9ddf63ee46bff90aade4bb9677573981fb69 /chrome/browser/tab_contents/navigation_entry.cc | |
| parent | ad627cde795ce0f294e37f8c83aa2d5101b43711 (diff) | |
| download | chromium_src-2694360972967479c10a345f16f716ac850f78b3.zip chromium_src-2694360972967479c10a345f16f716ac850f78b3.tar.gz chromium_src-2694360972967479c10a345f16f716ac850f78b3.tar.bz2 | |
Make the browser survive massive data: URIs, via various techniques:
1) Drop the URL limit from 10MB to 2MB. The browser survives without this,
but that final tweaks makes the whole data: URI attack fairly smooth (on my
admittedly powerful machine).
2) Elide the title string at kMaxTitleChars. We already have a hard title limit
but there was a path whereby the title is implied by the URL (e.g. file: and
data: etc).
3) For massive URLs, limit the length shown in URL bar. We need to support them,
because someone might redirect to a data: URI with e.g. an image in it.
However, attempting to show them would kill the browser. We can't elide them
because eliding URLs is a security risk (and would lead to correctness issues
with an edit/press enter cycle). So we show at least the origin (minus path) or
just the scheme for data: URIs
BUG=33952
TEST=NONE
Review URL: http://codereview.chromium.org/1569011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43319 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/tab_contents/navigation_entry.cc')
| -rw-r--r-- | chrome/browser/tab_contents/navigation_entry.cc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/chrome/browser/tab_contents/navigation_entry.cc b/chrome/browser/tab_contents/navigation_entry.cc index 2001dd4..cd42683 100644 --- a/chrome/browser/tab_contents/navigation_entry.cc +++ b/chrome/browser/tab_contents/navigation_entry.cc @@ -5,11 +5,13 @@ #include "chrome/browser/tab_contents/navigation_entry.h" #include "app/resource_bundle.h" +#include "base/string_util.h" #include "base/utf_string_conversions.h" #include "chrome/browser/pref_service.h" #include "chrome/browser/profile.h" #include "chrome/browser/renderer_host/site_instance.h" #include "chrome/browser/tab_contents/navigation_controller.h" +#include "chrome/common/chrome_constants.h" #include "chrome/common/pref_names.h" #include "chrome/common/url_constants.h" #include "grit/app_resources.h" @@ -91,12 +93,16 @@ const string16& NavigationEntry::GetTitleForDisplay( languages = navigation_controller->profile()->GetPrefs()->GetString( prefs::kAcceptLanguages); } + + std::wstring title; + std::wstring elided_title; if (!virtual_url_.is_empty()) { - cached_display_title_ = WideToUTF16Hack(net::FormatUrl( - virtual_url_, languages)); + title = net::FormatUrl(virtual_url_, languages); } else if (!url_.is_empty()) { - cached_display_title_ = WideToUTF16Hack(net::FormatUrl(url_, languages)); + title = net::FormatUrl(url_, languages); } + ElideString(title, chrome::kMaxTitleChars, &elided_title); + cached_display_title_ = WideToUTF16Hack(elided_title); return cached_display_title_; } |