Switch from a whitelist of OK schema to send to the page to a blacklist of bad schema, to fix queries like define:foo and site:wikipedia.org.

BUG=240489

Review URL: https://chromiumcodereview.appspot.com/14655025

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@200971 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 14 insertions, 15 deletions

diff --git a/chrome/renderer/searchbox/searchbox_extension.cc b/chrome/renderer/searchbox/searchbox_extension.cc
index 93a1c737..3d963e1 100644
--- a/chrome/renderer/searchbox/searchbox_extension.cc
+++ b/chrome/renderer/searchbox/searchbox_extension.cc
@@ -249,16 +249,11 @@ bool IsSensitiveInput(const string16& query) {
     // IsQuerySuitableForSuggest function.)
 
     // First we check the scheme: if this looks like a URL with a scheme that is
-    // not http/https/ftp, we shouldn't send it.  Sending things like file: and
-    // data: is a waste of time and a disclosure of potentially private, local
-    // data.  Other "schemes" may actually be usernames, and we don't want to
-    // send passwords.  If the scheme is OK, we still need to check other cases
-    // below.
-    if (!LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpScheme) &&
-        !LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpsScheme) &&
-        !LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFtpScheme)) {
+    // file, we shouldn't send it.  Sending such things is a waste of time and a
+    // disclosure of potentially private, local data.  If the scheme is OK, we
+    // still need to check other cases below.
+    if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFileScheme))
       return true;
-    }
 
     // Don't send URLs with usernames, queries or refs.  Some of these are
     // private, and the Suggest server is unlikely to have any useful results
@@ -268,17 +263,15 @@ bool IsSensitiveInput(const string16& query) {
     // server is once again unlikely to have and useful results.
     if (!query_as_url.username().empty() ||
         !query_as_url.port().empty() ||
-        !query_as_url.query().empty() || !query_as_url.ref().empty()) {
+        !query_as_url.query().empty() || !query_as_url.ref().empty())
       return true;
-    }
 
     // Don't send anything for https except the hostname.  Hostnames are OK
     // because they are visible when the TCP connection is established, but the
     // specific path may reveal private information.
     if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kHttpsScheme) &&
-        !query_as_url.path().empty() && query_as_url.path() != "/") {
+        !query_as_url.path().empty() && query_as_url.path() != "/")
       return true;
-    }
   }
   return false;
 }
diff --git a/chrome/renderer/searchbox/searchbox_extension_unittest.cc b/chrome/renderer/searchbox/searchbox_extension_unittest.cc
index 0885444..ec83e36 100644
--- a/chrome/renderer/searchbox/searchbox_extension_unittest.cc
+++ b/chrome/renderer/searchbox/searchbox_extension_unittest.cc
@@ -19,12 +19,18 @@ TEST(SearchboxExtensionTest, RestrictedInput) {
   // An http URL.
   EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("http://www.example.com/foo/bar")));
 
-  // Something with an odd scheme.
+  // Something with a sensitive file: scheme.
   EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("file://foo")));
-  EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("asdf://bar")));
   // Verify all caps isn't a workaround.
   EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("FILE://foo")));
 
+  // A define: query or site: query should be fine.
+  EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("define:foo")));
+  EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("site:example.com")));
+
+  // FTP is fine.
+  EXPECT_FALSE(IsSensitiveInput(UTF8ToUTF16("ftp://bar")));
+
   // A url with a port is bad.
   EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("http://www.example.com:1000")));
   EXPECT_TRUE(IsSensitiveInput(UTF8ToUTF16("http://foo:1000")));