Chromium Code Reviews Chromium Code Reviews
Issue 2823042:
Implement IsSearchProviderInstalled and a test for it. (Closed)
| Index: chrome/browser/tab_contents/tab_contents.cc |
| diff --git a/chrome/browser/tab_contents/tab_contents.cc b/chrome/browser/tab_contents/tab_contents.cc |
| index 5457a0d9073636fc8608bbcc85d47135e6d86e3d..387cc869eab995235d2b151ca7cea0ddf4b04e69 100644 |
| --- a/chrome/browser/tab_contents/tab_contents.cc |
| +++ b/chrome/browser/tab_contents/tab_contents.cc |
| @@ -2711,6 +2711,59 @@ void TabContents::PageHasOSDD(RenderViewHost* render_view_host, |
| autodetected); |
| } |
| +// Indicates if the two inputs have the same security origin. |
| +// |requested_origin| should only be a security origin (no path, etc.). |
| +// It is ok if |template_url| is NULL. |
| +static bool IsSameOrigin(const GURL& requested_origin, |
| + const TemplateURL* template_url) { |
| + DCHECK(requested_origin == requested_origin.GetOrigin()); |
| + return template_url && requested_origin == |
| + TemplateURLModel::GenerateSearchURL(template_url).GetOrigin(); |
| +} |
| + |
| +ViewHostMsg_GetSearchProviderInstallState_Params |
| + TabContents::GetSearchProviderInstallState(const GURL& requested_host) { |
| + // Get the last committed entry since that is the page executing the |
| + // javascript as opposed to a page being navigated to. We don't want |
| + // to trust the page to tell us the url to avoid using potentially |
| + // compromised information. |
| + NavigationEntry* entry = controller_.GetLastCommittedEntry(); |
| + GURL page_origin = entry ? entry->virtual_url().GetOrigin() : GURL::EmptyGURL(); |
|
sky
2010/07/15 23:24:49
> 80, also, use GURL() here instead of EmptyGURL()
|
| + GURL requested_origin = requested_host.GetOrigin(); |
| + // Do the security check before any others to avoid information leaks. |
| + if (page_origin != requested_origin) |
| + return ViewHostMsg_GetSearchProviderInstallState_Params::Denied(); |
| + |
| + // In incognito mode, no search information is exposed. (This check must be |
| + // done after the security check or else a web site can detect that the |
| + // user is in incognito mode just by doing a cross origin request.) |
| + if (profile()->IsOffTheRecord()) |
| + return ViewHostMsg_GetSearchProviderInstallState_Params::NotInstalled(); |
| + |
| + |
|
sky
2010/07/15 23:24:49
nit: nuke this line.
|
| + TemplateURLModel* url_model = profile()->GetTemplateURLModel(); |
| + if (!url_model) |
| + return ViewHostMsg_GetSearchProviderInstallState_Params::NotInstalled(); |
| + if (!url_model->loaded()) |
| + url_model->Load(); |
| + |
| + // First check to see if the url is the default search provider. |
| + if (IsSameOrigin(requested_origin, url_model->GetDefaultSearchProvider())) |
| + return ViewHostMsg_GetSearchProviderInstallState_Params::InstalledAsDefault(); |
|
sky
2010/07/15 23:24:49
> 80
|
| + |
| + // Is the url any search provider? |
| + std::vector<const TemplateURL*> urls = url_model->GetTemplateURLs(); |
| + for (std::vector<const TemplateURL*>::iterator i = urls.begin(); |
| + i != urls.end(); ++i) { |
| + const TemplateURL* template_url = (*i); |
| + if (IsSameOrigin(requested_origin, template_url)) { |
| + return ViewHostMsg_GetSearchProviderInstallState_Params:: |
| + InstallButNotDefault(); |
| + } |
| + } |
| + return ViewHostMsg_GetSearchProviderInstallState_Params::NotInstalled(); |
| +} |
| + |
| GURL TabContents::GetAlternateErrorPageURL() const { |
| GURL url; |
| // Disable alternate error pages when in OffTheRecord/Incognito mode. |
