Make the browser survive massive data: URIs, via various techniques:

1) Drop the URL limit from 10MB to 2MB. The browser survives without this,
but that final tweaks makes the whole data: URI attack fairly smooth (on my
admittedly powerful machine).
2) Elide the title string at kMaxTitleChars. We already have a hard title limit
but there was a path whereby the title is implied by the URL (e.g. file: and
data: etc).
3) For massive URLs, limit the length shown in URL bar. We need to support them,
because someone might redirect to a data: URI with e.g. an image in it.
However, attempting to show them would kill the browser. We can't elide them
because eliding URLs is a security risk (and would lead to correctness issues
with an edit/press enter cycle). So we show at least the origin (minus path) or
just the scheme for data: URIs


BUG=33952
TEST=NONE

Review URL: http://codereview.chromium.org/1569011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43319 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 0 deletions

diff --git a/chrome/common/chrome_constants.h b/chrome/common/chrome_constants.h
index 456cea0..604f351 100644
--- a/chrome/common/chrome_constants.h
+++ b/chrome/common/chrome_constants.h
@@ -74,7 +74,11 @@ extern const size_t kMaxTitleChars;
 // The maximum number of characters in the URL that we're willing to accept
 // in the browser process. It is set low enough to avoid damage to the browser
 // but high enough that a web site can abuse location.hash for a little storage.
+// We have different values for "max accepted" and "max displayed" because
+// a data: URI may be legitimately massive, but the full URI would kill all
+// known operating systems if you dropped it into a UI control.
 extern const size_t kMaxURLChars;
+extern const size_t kMaxURLDisplayChars;
 
 extern const bool kRecordModeEnabled;