diff options
Diffstat (limited to 'chrome/browser/autocomplete')
| -rw-r--r-- | chrome/browser/autocomplete/autocomplete.cc | 5 | ||||
| -rw-r--r-- | chrome/browser/autocomplete/autocomplete.h | 5 | ||||
| -rw-r--r-- | chrome/browser/autocomplete/search_provider.cc | 52 | ||||
| -rw-r--r-- | chrome/browser/autocomplete/search_provider.h | 6 | 
4 files changed, 52 insertions, 16 deletions
| diff --git a/chrome/browser/autocomplete/autocomplete.cc b/chrome/browser/autocomplete/autocomplete.cc index 6e7dc97..42b6d81 100644 --- a/chrome/browser/autocomplete/autocomplete.cc +++ b/chrome/browser/autocomplete/autocomplete.cc @@ -39,8 +39,7 @@ AutocompleteInput::AutocompleteInput(const std::wstring& text,    if (TrimWhitespace(text, TRIM_ALL, &text_) & TRIM_TRAILING)      prevent_inline_autocomplete_ = true; -  url_parse::Parsed parts; -  type_ = Parse(text_, desired_tld, &parts, &scheme_); +  type_ = Parse(text_, desired_tld, &parts_, &scheme_);    if (type_ == INVALID)      return; @@ -220,6 +219,7 @@ bool AutocompleteInput::Equals(const AutocompleteInput& other) const {  void AutocompleteInput::Clear() {    text_.clear();    type_ = INVALID; +  parts_ = url_parse::Parsed();    scheme_.clear();    desired_tld_.clear();    prevent_inline_autocomplete_ = false; @@ -743,4 +743,3 @@ void AutocompleteController::AddHistoryContentsShortcut(    match.provider = history_contents_provider_;    result->AddMatch(match);  } - diff --git a/chrome/browser/autocomplete/autocomplete.h b/chrome/browser/autocomplete/autocomplete.h index 8102306..35fb790 100644 --- a/chrome/browser/autocomplete/autocomplete.h +++ b/chrome/browser/autocomplete/autocomplete.h @@ -193,9 +193,13 @@ class AutocompleteInput {    // Resets all internal variables to the null-constructed state.    void Clear(); +  // Returns parsed URL components. +  const url_parse::Parsed& parts() const { return parts_; } +   private:    std::wstring text_;    Type type_; +  url_parse::Parsed parts_;    std::wstring scheme_;    std::wstring desired_tld_;    bool prevent_inline_autocomplete_; @@ -777,4 +781,3 @@ struct AutocompleteLog {  };  #endif  // CHROME_BROWSER_AUTOCOMPLETE_AUTOCOMPLETE_H_ - diff --git a/chrome/browser/autocomplete/search_provider.cc b/chrome/browser/autocomplete/search_provider.cc index 857f322..e2be1a5 100644 --- a/chrome/browser/autocomplete/search_provider.cc +++ b/chrome/browser/autocomplete/search_provider.cc @@ -149,16 +149,7 @@ void SearchProvider::StartOrStopHistoryQuery(bool minimal_changes,  void SearchProvider::StartOrStopSuggestQuery(bool minimal_changes,                                               bool synchronous_only) { -  // Don't run Suggest when off the record, the engine doesn't support it, or -  // the user has disabled it.  Also don't query the server for URLs that aren't -  // http/https/ftp.  Sending things like file: and data: is both a waste of -  // time and a disclosure of potentially private, local data. -  if (profile_->IsOffTheRecord() || -      !default_provider_.suggestions_url() || -      !profile_->GetPrefs()->GetBoolean(prefs::kSearchSuggestEnabled) || -      ((input_.type() == AutocompleteInput::URL) && -       (input_.scheme() != L"http") && (input_.scheme() != L"https") && -       (input_.scheme() != L"ftp"))) { +  if (!IsQuerySuitableForSuggest()) {      StopSuggest();      return;    } @@ -186,6 +177,46 @@ void SearchProvider::StartOrStopSuggestQuery(bool minimal_changes,                 &SearchProvider::Run);  } +bool SearchProvider::IsQuerySuitableForSuggest() const { +  // Don't run Suggest when off the record, the engine doesn't support it, or +  // the user has disabled it. +  if (profile_->IsOffTheRecord() || +      !default_provider_.suggestions_url() || +      !profile_->GetPrefs()->GetBoolean(prefs::kSearchSuggestEnabled)) +    return false; + +  // If the input type is URL, we take extra care so that private data in URL +  // isn't sent to the server. +  if (input_.type() == AutocompleteInput::URL) { +    // Don't query the server for URLs that aren't http/https/ftp.  Sending +    // things like file: and data: is both a waste of time and a disclosure of +    // potentially private, local data. +    if ((input_.scheme() != L"http") && (input_.scheme() != L"https") && +        (input_.scheme() != L"ftp")) +      return false; + +    // Don't leak private data in URL +    const url_parse::Parsed& parts = input_.parts(); + +    // Don't send URLs with usernames, queries or refs.  Some of these are +    // private, and the Suggest server is unlikely to have any useful results +    // for any of them. +    // Password is optional and may be omitted.  Checking username is +    // sufficient. +    if (parts.username.is_nonempty() || parts.query.is_nonempty() || +        parts.ref.is_nonempty()) +      return false; +    // Don't send anything for https except hostname and port number. +    // Hostname and port number are OK because they are visible when TCP +    // connection is established and the Suggest server may provide some +    // useful completed URL. +    if (input_.scheme() == L"https" && parts.path.is_nonempty()) +      return false; +  } + +  return true; +} +  void SearchProvider::StopHistory() {    history_request_consumer_.CancelAllRequests();    history_request_pending_ = false; @@ -559,4 +590,3 @@ size_t SearchProvider::TrimHttpPrefix(std::wstring* url) {      url->erase(url->begin(), url->begin() + prefix_len);    return prefix_len;  } - diff --git a/chrome/browser/autocomplete/search_provider.h b/chrome/browser/autocomplete/search_provider.h index 4c509c5..57a723d 100644 --- a/chrome/browser/autocomplete/search_provider.h +++ b/chrome/browser/autocomplete/search_provider.h @@ -88,6 +88,11 @@ class SearchProvider : public AutocompleteProvider,    void StartOrStopHistoryQuery(bool minimal_changes, bool synchronous_only);    void StartOrStopSuggestQuery(bool minimal_changes, bool synchronous_only); +  // Returns true when the current query can be sent to the Suggest service. +  // This will be false e.g. when Suggest is disabled, the query contains +  // potentially private data, etc. +  bool IsQuerySuitableForSuggest() const; +    // Functions to stop the separate asynchronous subcomponents.    // NOTE: These functions do not update |done_|.  Callers must do so.    void StopHistory(); @@ -188,4 +193,3 @@ class SearchProvider : public AutocompleteProvider,  };  #endif  // CHROME_BROWSER_AUTOCOMPLETE_SEARCH_PROVIDER_H__ - | 
