diff options
author | dcblack@chromium.org <dcblack@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-18 08:49:16 +0000 |
---|---|---|
committer | dcblack@chromium.org <dcblack@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-18 08:49:16 +0000 |
commit | 385c5d5bd5f16e21d25be85400da85a3216fa293 (patch) | |
tree | 2c8d9ce2f2bbd25b9b64ff973eab57c30b822e7f /chrome/renderer | |
parent | d2c42b82ad2b5dca8a1870cbe2c03132d17a5e11 (diff) | |
download | chromium_src-385c5d5bd5f16e21d25be85400da85a3216fa293.zip chromium_src-385c5d5bd5f16e21d25be85400da85a3216fa293.tar.gz chromium_src-385c5d5bd5f16e21d25be85400da85a3216fa293.tar.bz2 |
Switch from a whitelist of OK schema to send to the page to a blacklist of bad schema, to fix queries like define:foo and site:wikipedia.org.
BUG=240489
Review URL: https://chromiumcodereview.appspot.com/14655025
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@200971 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
-rw-r--r-- | chrome/renderer/searchbox/searchbox_extension.cc | 19 | ||||
-rw-r--r-- | chrome/renderer/searchbox/searchbox_extension_unittest.cc | 10 |
2 files changed, 14 insertions, 15 deletions
diff --git a/chrome/renderer/searchbox/searchbox_extension.cc b/chrome/renderer/searchbox/searchbox_extension.cc index 93a1c737..3d963e1 100644 --- a/chrome/renderer/searchbox/searchbox_extension.cc +++ b/chrome/renderer/searchbox/searchbox_extension.cc @@ -249,16 +249,11 @@ bool IsSensitiveInput(const string16& query) { // IsQuerySuitableForSuggest function.) // First we check the scheme: if this looks like a URL with a scheme that is - // not http/https/ftp, we shouldn't send it. Sending things like file: and - // data: is a waste of time and a disclosure of potentially private, local - // data. Other "schemes" may actually be usernames, and we don't want to - // send passwords. If the scheme is OK, we still need to check other cases - // below. - if (!LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpScheme) && - !LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpsScheme) && - !LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFtpScheme)) { + // file, we shouldn't send it. Sending such things is a waste of time and a + // disclosure of potentially private, local data. If the scheme is OK, we + // still need to check other cases below. + if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFileScheme)) return true; - } // Don't send URLs with usernames, queries or refs. Some of these are // private, and the Suggest server is unlikely to have any useful results @@ -268,17 +263,15 @@ bool IsSensitiveInput(const string16& query) { // server is once again unlikely to have and useful results. if (!query_as_url.username().empty() || !query_as_url.port().empty() || - !query_as_url.query().empty() || !query_as_url.ref().empty()) { + !query_as_url.query().empty() || !query_as_url.ref().empty()) return true; - } // Don't send anything for https except the hostname. Hostnames are OK // because they are visible when the TCP connection is established, but the // specific path may reveal private information. if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpsScheme) && - !query_as_url.path().empty() && query_as_url.path() != "/") { + !query_as_url.path().empty() && query_as_url.path() != "/") return true; - } } return false; } diff --git a/chrome/renderer/searchbox/searchbox_extension_unittest.cc b/chrome/renderer/searchbox/searchbox_extension_unittest.cc index 0885444..ec83e36 100644 --- a/chrome/renderer/searchbox/searchbox_extension_unittest.cc +++ b/chrome/renderer/searchbox/searchbox_extension_unittest.cc @@ -19,12 +19,18 @@ TEST(SearchboxExtensionTest, RestrictedInput) { // An http URL. EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("http://www.example.com/foo/bar"))); - // Something with an odd scheme. + // Something with a sensitive file: scheme. EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("file://foo"))); - EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("asdf://bar"))); // Verify all caps isn't a workaround. EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("FILE://foo"))); + // A define: query or site: query should be fine. + EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("define:foo"))); + EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("site:example.com"))); + + // FTP is fine. + EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("ftp://bar"))); + // A url with a port is bad. EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("http://www.example.com:1000"))); EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("http://foo:1000"))); |