Add a SafeSearch preference, policy and implementation.

chrome/browser/net/chrome_network_delegate.cc

Index: chrome/browser/net/chrome_network_delegate.cc
diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc
index 828fe6665fb9348faaa06f9ad9780ee62a6c5ed2..8eda2b81a9910bab53197a38a9dbc52c111474ff 100644
--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -4,9 +4,12 @@
 
 #include "chrome/browser/net/chrome_network_delegate.h"
 
+#include <vector>
+
 #include "base/logging.h"
 #include "base/base_paths.h"
 #include "base/path_service.h"
+#include "base/string_util.h"
 #include "chrome/browser/api/prefs/pref_member.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/cookie_settings.h"
@@ -17,6 +20,7 @@
 #include "chrome/browser/extensions/event_router_forwarder.h"
 #include "chrome/browser/extensions/extension_info_map.h"
 #include "chrome/browser/extensions/extension_process_manager.h"
+#include "chrome/browser/google/google_util.h"
 #include "chrome/browser/net/load_time_stats.h"
 #include "chrome/browser/performance_monitor/performance_monitor.h"
 #include "chrome/browser/prefs/pref_service.h"
@@ -87,6 +91,91 @@ void ForwardProxyErrors(net::URLRequest* request,
   }
 }
 
+// Gets called when the extensions finish work on the URL. If the extensions
+// did not do a redirect (so |new_url| is empty) then we enforce the
+// SafeSearch parameters. Otherwise we will get called again after the
+// redirect and we enforce SafeSearch then.
+void ForceGoogleSafeSearchCallbackWrapper(
+    const net::CompletionCallback& callback,
+    net::URLRequest* request,
+    GURL* new_url,
+    int rv) {
+  if (rv == net::OK && new_url->is_empty())
+    ChromeNetworkDelegate::ForceGoogleSafeSearch(request, new_url);
+  callback.Run(rv);
+}
+
+enum SafeSearchCheckState {
+  KEEP_SEARCHING = 0,
+  ADD_PARAMETER,
+  PARAMETER_PRESENT,
+};
+
+// Checks a parameter to see if it is present in the query. |parameter| is the
+// current parameter which is being checked; |parameter_to_find| is the
+// parameter we are looking for; |keep_element| returns whether we want to keep
+// |parameter| in the list of parameters. The return value shows the action
+// that needs to be taken.
+SafeSearchCheckState CheckForParameter(const std::string& parameter,
+                                       const std::string& parameter_to_find,
+                                       bool* keep_element) {
+  DCHECK(parameter_to_find.find("=") != std::string::npos);
+  // prefix for "safe=off" is "safe=".
+  std::string parameter_prefix = parameter_to_find.substr(
+      0, parameter_to_find.find("=") + 1);
+  if (parameter.length() >= parameter_prefix.length()) {
+    if (parameter == parameter_to_find)

[Bernhard Bauer, 2012/10/22 09:50:18]

You could do this check right at the beginning, no?

[Sergiu, 2012/10/30 01:08:11]

Done.

+      return PARAMETER_PRESENT;
+    // Found the parameter but not the correct value, remove it.
+    if (parameter.substr(0, parameter_prefix.length()) == parameter_prefix) {

[Bernhard Bauer, 2012/10/22 09:50:18]

You could write this as `base::StartsWith(parameter, parameter_prefix, false)`.

[Sergiu, 2012/10/30 01:08:11]

Done.

+      *keep_element = false;
+      return ADD_PARAMETER;
+    }
+  }
+  return KEEP_SEARCHING;
+}
+
+// Examines a query to see if it should be modified to contain the SafeSearch
+// parameters. |query| is the string to examine and |new_query| is the output
+// string which should be set such that SafeSearch is on. If the proper
+// options are already set for SafeSearch then |new_query| will be equal
+// to |query|.
+void ExamineQueryForSafeSearch(const std::string& query,
+                               std::string* new_query) {

[Bernhard Bauer, 2012/10/22 09:50:18]

Do you need to return the value by outparam?

[Sergiu, 2012/10/30 01:08:11]

Returned a string object now.

+  std::vector<std::string> new_parameters;
+  SafeSearchCheckState safe_check = KEEP_SEARCHING;
+  SafeSearchCheckState ssui_check = KEEP_SEARCHING;
+  std::string safe_parameter = chrome::kSafeSearchSafeParameter;
+  std::string ssui_parameter = chrome::kSafeSearchSsuiParameter;
+
+  std::vector<std::string> parameters;
+  Tokenize(query, std::string("&"), &parameters);

[Bernhard Bauer, 2012/10/22 09:50:18]

I think the explicit constructor isn't necessary.

Also, you could use base::SplitString()? It might me ever so slightly faster (as
it doesn't have to search for the first of multiple separators).

[Sergiu, 2012/10/30 01:08:11]

Done.

+
+  std::vector<std::string>::reverse_iterator rit;
+  for (rit = parameters.rbegin(); rit < parameters.rend(); ++rit) {
+    bool keep_current_parameter = true;
+    if (safe_check == KEEP_SEARCHING) {
+      safe_check = CheckForParameter(*rit, safe_parameter,
+                                     &keep_current_parameter);

[Joao da Silva, 2012/10/22 21:14:20]

The ChecForParameter() function and the enum values are a bit more complicated
than they have to be. Why not just 1) always remove the matching parameters and
2) always append the desired values at the end? So this loop's body becomes (in
forward traversal order):

if (!ParameterMatches(*it, safe_parameter) && !ParameterMatches(*it,
ssui_parameter))
  new_parameters.push_back(*it);

and after the loop:

new_parameters.push_back(safe_parameter);
new_parameters.push_back(ssui_parameter);

This handles duplicate parameters, and will only reorder the parameter order if
they are already present. Is that a problem?

[Sergiu, 2012/10/30 01:08:11]

No, it makes total sense.. the initial idea was to alter the query as less as
possible but since I'm already doing that it's a better idea to keep everything
simple. Fixed.

+    }
+    if (ssui_check == KEEP_SEARCHING) {
+      ssui_check = CheckForParameter(*rit, ssui_parameter,
+                                     &keep_current_parameter);
+    }
+    if (keep_current_parameter) {
+      // Iterating in reverse so make sure that we add it in the correct
+      // position.
+      new_parameters.insert(new_parameters.begin(), *rit);

[Joao da Silva, 2012/10/22 21:14:20]

Why not iterate forward (not reverse) and push_back here?

[Sergiu, 2012/10/30 01:08:11]

Done.

+    }
+  }
+
+  if (safe_check != PARAMETER_PRESENT)
+    new_parameters.insert(new_parameters.end(), safe_parameter);

[Bernhard Bauer, 2012/10/22 09:50:18]

I think you can just do push_back().

[Sergiu, 2012/10/30 01:08:11]

Done.

+  if (ssui_check != PARAMETER_PRESENT)
+    new_parameters.insert(new_parameters.end(), ssui_parameter);
+  *new_query = JoinString(new_parameters, std::string("&"));
+}
+
 enum RequestStatus { REQUEST_STARTED, REQUEST_DONE };
 
 // Notifies the ExtensionProcessManager that a request has started or stopped
@@ -146,6 +235,7 @@ ChromeNetworkDelegate::ChromeNetworkDelegate(
     CookieSettings* cookie_settings,
     BooleanPrefMember* enable_referrers,
     BooleanPrefMember* enable_do_not_track,
+    BooleanPrefMember* force_google_safesearch,
     chrome_browser_net::LoadTimeStats* load_time_stats)
     : event_router_(event_router),
       profile_(profile),
@@ -153,6 +243,7 @@ ChromeNetworkDelegate::ChromeNetworkDelegate(
       extension_info_map_(extension_info_map),
       enable_referrers_(enable_referrers),
       enable_do_not_track_(enable_do_not_track),
+      force_google_safesearch_(force_google_safesearch),
       url_blacklist_manager_(url_blacklist_manager),
       managed_mode_url_filter_(managed_mode_url_filter),
       load_time_stats_(load_time_stats) {
@@ -172,6 +263,7 @@ void ChromeNetworkDelegate::NeverThrottleRequests() {
 void ChromeNetworkDelegate::InitializePrefsOnUIThread(
     BooleanPrefMember* enable_referrers,
     BooleanPrefMember* enable_do_not_track,
+    BooleanPrefMember* force_google_safesearch,
     PrefService* pref_service) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   enable_referrers->Init(prefs::kEnableReferrers, pref_service, NULL);
@@ -180,6 +272,10 @@ void ChromeNetworkDelegate::InitializePrefsOnUIThread(
     enable_do_not_track->Init(prefs::kEnableDoNotTrack, pref_service, NULL);
     enable_do_not_track->MoveToThread(BrowserThread::IO);
   }
+  if (force_google_safesearch) {
+    force_google_safesearch->Init(prefs::kForceSafeSearch, pref_service, NULL);
+    force_google_safesearch->MoveToThread(BrowserThread::IO);
+  }
 }
 
 // static
@@ -187,6 +283,28 @@ void ChromeNetworkDelegate::AllowAccessToAllFiles() {
   g_allow_file_access_ = true;
 }
 
+// static
+void ChromeNetworkDelegate::ForceGoogleSafeSearch(net::URLRequest* request,

[Joao da Silva, 2012/10/22 21:14:20]

It's not clear to me why this is a static method of the delegate, while the
other functions are in the anonymous namespace. Can't this be there too?

[Sergiu, 2012/10/30 01:08:11]

Initially I touched some stuff in the delegate but that has changed and not I've
moved this in the anonymous space as well.

+                                                  GURL* new_url) {
+  // Force SafeSearch.
+  const bool is_search_url = google_util::IsGoogleSearchUrl(
+      request->url().spec());
+  const bool is_homepage_url = google_util::IsGoogleHomePageUrl(
+      request->url().spec());
+  if (is_search_url || is_homepage_url) {
+    std::string query = request->url().query();
+    std::string new_query;
+
+    ExamineQueryForSafeSearch(query, &new_query);
+    if (query == new_query)
+      return;
+
+    GURL::Replacements replacements;
+    replacements.SetQueryStr(new_query);
+    *new_url = request->url().ReplaceComponents(replacements);
+  }
+}
+
 int ChromeNetworkDelegate::OnBeforeURLRequest(
     net::URLRequest* request,
     const net::CompletionCallback& callback,
@@ -220,8 +338,26 @@ int ChromeNetworkDelegate::OnBeforeURLRequest(
     request->set_referrer(std::string());
   if (enable_do_not_track_ && enable_do_not_track_->GetValue())
     request->SetExtraRequestHeaderByName(kDNTHeader, "1", true /* override */);
-  return ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(
-      profile_, extension_info_map_.get(), request, callback, new_url);
+
+  bool force_safesearch = force_google_safesearch_ &&
+                          force_google_safesearch_->GetValue();
+
+  net::CompletionCallback wrapped_callback = callback;
+  if (force_safesearch) {
+    wrapped_callback = base::Bind(&ForceGoogleSafeSearchCallbackWrapper,
+                                  callback,
+                                  base::Unretained(request),
+                                  base::Unretained(new_url));
+  }
+
+  int rv = ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(
+      profile_, extension_info_map_.get(), request, wrapped_callback,
+      new_url);
+
+  if (force_safesearch && rv == net::OK && new_url->is_empty())
+    ForceGoogleSafeSearch(request, new_url);
+
+  return rv;
 }
 
 int ChromeNetworkDelegate::OnBeforeSendHeaders(