Strip invalid characters (line breaks, tabs), javascript:schemes from the copied text before pasting

chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.h"
 
 #include <gdk/gdkkeysyms.h>
 #include <gtk/gtk.h>
 
 #include <algorithm>
@@ skipping 860 matching lines @@
 int OmniboxViewGtk::OnPerformDrop(
     const views::DropTargetEvent& event) {
   string16 text;
   const ui::OSExchangeData& data = event.data();
   if (data.HasURL()) {
     GURL url;
     string16 title;
     if (data.GetURLAndTitle(&url, &title))
       text = UTF8ToUTF16(url.spec());
   } else {
     string16 data_string;

[Peter Kasting, 2011/11/21 21:23:43]

Nit: This whole block can be collapsed to just:

data.GetString(&text);

...since OnPerformDropImpl() does the whitespace collapsing already.

[SanjoyPal, 2011/11/22 07:02:14]

Done.

     if (data.GetString(&data_string))
       text = CollapseWhitespace(data_string, true);
   }
 
   if (!text.empty() && OnPerformDropImpl(text))
     return CopyOrLinkDragOperation(event.source_operations());
 
   return ui::DragDropTypes::DRAG_NONE;
 }
 #endif  // defined(TOOLKIT_VIEWS)
@@ skipping 545 matching lines @@
   gtk_widget_set_sensitive(search_engine_menuitem,
       command_updater_->IsCommandEnabled(IDC_EDIT_SEARCH_ENGINES));
   gtk_widget_show(search_engine_menuitem);
 
   // We need to update the paste and go controller before we know what text
   // to show. We could do this all asynchronously, but it would be elaborate
   // because we'd have to account for multiple menus showing, getting called
   // back after shutdown, and similar issues.
   GtkClipboard* x_clipboard = gtk_clipboard_get(GDK_SELECTION_CLIPBOARD);
   gchar* text = gtk_clipboard_wait_for_text(x_clipboard);
-  string16 text_wstr = UTF8ToUTF16(text ? text : "");
+  string16 sanitized_text(text ?
+      CollapseWhitespace(StripJavascriptSchemas(UTF8ToUTF16(text)), true) :

[Peter Kasting, 2011/11/21 21:23:43]

Why did you reverse the order of the calls here?  The previous patch had them
correct.

[SanjoyPal, 2011/11/22 07:02:14]

Done.

+      string16());
   g_free(text);
 
   // Paste and Go menu item.
   GtkWidget* paste_go_menuitem = gtk_menu_item_new_with_mnemonic(
       gfx::ConvertAcceleratorsFromWindowsStyle(
           l10n_util::GetStringUTF8(model_->is_paste_and_search() ?
               IDS_PASTE_AND_SEARCH : IDS_PASTE_AND_GO)).c_str());
   gtk_menu_shell_append(GTK_MENU_SHELL(menu), paste_go_menuitem);
   g_signal_connect(paste_go_menuitem, "activate",
                    G_CALLBACK(HandlePasteAndGoThunk), this);
   gtk_widget_set_sensitive(paste_go_menuitem,
-                           model_->CanPasteAndGo(text_wstr));
+                           model_->CanPasteAndGo(sanitized_text));

[Peter Kasting, 2011/11/21 21:23:43]

Why did you move this call back down here since the last patch?  It needed to
happen above the is_paste_and_search() call.

[SanjoyPal, 2011/11/22 07:02:14]

Done.

   gtk_widget_show(paste_go_menuitem);
 
   g_signal_connect(menu, "deactivate",
                    G_CALLBACK(HandlePopupMenuDeactivateThunk), this);
 }
 
 void OmniboxViewGtk::HandleEditSearchEngines(GtkWidget* sender) {
   command_updater_->ExecuteCommand(IDC_EDIT_SEARCH_ENGINES);
 }
 
@@ skipping 178 matching lines @@
 
   const gchar* p = text;
   while (*p && (p - text) < len) {
     gunichar c = g_utf8_get_char(p);
     const gchar* next = g_utf8_next_char(p);
 
     // 0x200B is Zero Width Space, which is inserted just before the instant
     // anchor for working around the GtkTextView's misalignment bug.
     // This character might be captured and inserted into the content by undo
     // manager, so we need to filter it out here.
     if (c != L'\n' && c != L'\r' && c != L'\t' && c != 0x200B)

[Peter Kasting, 2011/11/21 21:23:43]

Seems like we should remove the first three checks from here and instead add
after the while loop:

  if (model_.is_pasting())
    filtered_text = CollapseWhitespace(filtered_text, true);

Then to autocomplete_edit.h, right after on_paste() is declared, add:

  bool is_pasting() const { return paste_state_ == PASTING; }

(You should double-check that this block is hit during a paste operation and
does not trigger when pressing single keys.)

[SanjoyPal, 2011/11/22 07:02:14]

It was hitting when pressing single keys.
Done.

       filtered_text.append(p, next);
 
     p = next;
   }
 
-  if (filtered_text.length()) {
+  const std::string sanitized_text =
+      UTF16ToUTF8(StripJavascriptSchemas(UTF8ToUTF16(filtered_text)));
+  if (sanitized_text.length()) {

[Peter Kasting, 2011/11/21 21:23:43]

Nit: Change to using !empty()

[SanjoyPal, 2011/11/22 07:02:14]

Done.

     // Avoid inserting the text after the instant anchor.
     ValidateTextBufferIter(location);
 
     // Call the default handler to insert filtered text.
     GtkTextBufferClass* klass = GTK_TEXT_BUFFER_GET_CLASS(buffer);
-    klass->insert_text(buffer, location, filtered_text.data(),
-                       static_cast<gint>(filtered_text.length()));
+    klass->insert_text(buffer, location, sanitized_text.data(),
+                       static_cast<gint>(sanitized_text.length()));
   }
 
   // Stop propagating the signal emission to prevent the default handler from
   // being called again.
   static guint signal_id = g_signal_lookup("insert-text", GTK_TYPE_TEXT_BUFFER);
   g_signal_stop_emission(buffer, signal_id, 0);
 }
 
 void OmniboxViewGtk::HandleBackSpace(GtkWidget* sender) {
   // Checks if it's currently in keyword search mode.
@@ skipping 106 matching lines @@
                            0);
 
     if (!copy && gtk_text_view_get_editable(GTK_TEXT_VIEW(text_view_)))
       gtk_text_buffer_delete_selection(text_buffer_, true, true);
   }
 
   OwnPrimarySelection(UTF16ToUTF8(text));
 }
 
 bool OmniboxViewGtk::OnPerformDropImpl(const string16& text) {
   if (model_->CanPasteAndGo(CollapseWhitespace(text, true))) {

[Peter Kasting, 2011/11/21 21:23:43]

Nit: This needs a StripJavaScriptSchemas() call inserted so that we block
dragging javascript: URLs onto the omnibox.

[SanjoyPal, 2011/11/22 07:02:14]

Done.

     model_->PasteAndGo();
     return true;
   }
 
   return false;
 }
 
 gfx::Font OmniboxViewGtk::GetFont() {
 #if defined(TOOLKIT_VIEWS)
   bool use_gtk = false;
@@ skipping 585 matching lines @@
 
   // Make all the children of the widget visible. NOTE: this won't display
   // anything, it just toggles the visible flag.
   gtk_widget_show_all(omnibox_view->GetNativeView());
   // Hide the widget. NativeViewHostGtk will make it visible again as necessary.
   gtk_widget_hide(omnibox_view->GetNativeView());
 
   return omnibox_view;
 }
 #endif