Strip invalid characters (line breaks, tabs), javascript:schemes from the copied text before pasting

chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.h"
 
 #include <gdk/gdkkeysyms.h>
 #include <gtk/gtk.h>
 
 #include <algorithm>
@@ skipping 49 matching lines @@
 
 const gchar* kOmniboxViewGtkKey = "__OMNIBOX_VIEW_GTK__";
 
 const char kTextBaseColor[] = "#808080";
 const char kSecureSchemeColor[] = "#079500";
 const char kSecurityErrorSchemeColor[] = "#a20000";
 
 const double kStrikethroughStrokeRed = 162.0 / 256.0;
 const double kStrikethroughStrokeWidth = 2.0;
 
+// static
+const char16 kInvalidChars[] = {
+  '\n', '\r', '\t',
+  0x200B,  // Zero Width Space
+  0
+};
+
 size_t GetUTF8Offset(const string16& text, size_t text_offset) {
   return UTF16ToUTF8(text.substr(0, text_offset)).size();
 }
 
 // A helper method for determining a valid drag operation given the allowed
 // operation.  We prefer copy over link.
 int CopyOrLinkDragOperation(int drag_operation) {
   if (drag_operation & ui::DragDropTypes::DRAG_COPY)
     return ui::DragDropTypes::DRAG_COPY;
   if (drag_operation & ui::DragDropTypes::DRAG_LINK)
@@ skipping 791 matching lines @@
 int OmniboxViewGtk::OnPerformDrop(
     const views::DropTargetEvent& event) {
   string16 text;
   const ui::OSExchangeData& data = event.data();
   if (data.HasURL()) {
     GURL url;
     string16 title;
     if (data.GetURLAndTitle(&url, &title))
       text = UTF8ToUTF16(url.spec());
   } else {
-    string16 data_string;
-    if (data.GetString(&data_string))
-      text = CollapseWhitespace(data_string, true);
+    data.GetString(&text);
   }
 
   if (!text.empty() && OnPerformDropImpl(text))
     return CopyOrLinkDragOperation(event.source_operations());
 
   return ui::DragDropTypes::DRAG_NONE;
 }
 #endif  // defined(TOOLKIT_VIEWS)
 
 void OmniboxViewGtk::Observe(int type,
@@ skipping 543 matching lines @@
   gtk_widget_set_sensitive(search_engine_menuitem,
       command_updater_->IsCommandEnabled(IDC_EDIT_SEARCH_ENGINES));
   gtk_widget_show(search_engine_menuitem);
 
   // We need to update the paste and go controller before we know what text
   // to show. We could do this all asynchronously, but it would be elaborate
   // because we'd have to account for multiple menus showing, getting called
   // back after shutdown, and similar issues.
   GtkClipboard* x_clipboard = gtk_clipboard_get(GDK_SELECTION_CLIPBOARD);
   gchar* text = gtk_clipboard_wait_for_text(x_clipboard);
-  string16 text_wstr = UTF8ToUTF16(text ? text : "");
+  string16 sanitized_text(text ?
+      StripJavascriptSchemas(CollapseWhitespace(UTF8ToUTF16(text), true)) :
+      string16());
   g_free(text);
 
-  // Paste and Go menu item.
+  // Paste and Go menu item. Note that CanPasteAndGo() needs to be called
+  // before is_paste_and_search() in order to set up the paste-and-go state.
+  bool can_paste_and_go = model_->CanPasteAndGo(sanitized_text);
   GtkWidget* paste_go_menuitem = gtk_menu_item_new_with_mnemonic(
       gfx::ConvertAcceleratorsFromWindowsStyle(
           l10n_util::GetStringUTF8(model_->is_paste_and_search() ?
               IDS_PASTE_AND_SEARCH : IDS_PASTE_AND_GO)).c_str());
   gtk_menu_shell_append(GTK_MENU_SHELL(menu), paste_go_menuitem);
   g_signal_connect(paste_go_menuitem, "activate",
                    G_CALLBACK(HandlePasteAndGoThunk), this);
-  gtk_widget_set_sensitive(paste_go_menuitem,
-                           model_->CanPasteAndGo(text_wstr));
+  gtk_widget_set_sensitive(paste_go_menuitem, can_paste_and_go);
   gtk_widget_show(paste_go_menuitem);
 
   g_signal_connect(menu, "deactivate",
                    G_CALLBACK(HandlePopupMenuDeactivateThunk), this);
 }
 
 void OmniboxViewGtk::HandleEditSearchEngines(GtkWidget* sender) {
   command_updater_->ExecuteCommand(IDC_EDIT_SEARCH_ENGINES);
 }
 
@@ skipping 155 matching lines @@
   GtkTargetList* copy_targets =
       gtk_text_buffer_get_copy_target_list(text_buffer_);
   gtk_target_list_remove(copy_targets, atom);
   dragged_text_.clear();
 }
 
 void OmniboxViewGtk::HandleInsertText(GtkTextBuffer* buffer,
                                       GtkTextIter* location,
                                       const gchar* text,
                                       gint len) {
-  std::string filtered_text;
+  string16 filtered_text;
   filtered_text.reserve(len);
 
   // Filter out new line and tab characters.
   // |text| is guaranteed to be a valid UTF-8 string, so we don't need to
   // validate it here.
   //
   // If there was only a single character, then it might be generated by a key
   // event. In this case, we save the single character to help our
   // "key-press-event" signal handler distinguish if an Enter key event is
   // handled by IME or not.
   if (len == 1 && (text[0] == '\n' || text[0] == '\r'))
     enter_was_inserted_ = true;
 
-  const gchar* p = text;
-  while (*p && (p - text) < len) {
-    gunichar c = g_utf8_get_char(p);
-    const gchar* next = g_utf8_next_char(p);
+  filtered_text = UTF8ToUTF16(text);
+  RemoveChars(filtered_text, kInvalidChars, &filtered_text);
 
-    // 0x200B is Zero Width Space, which is inserted just before the instant
-    // anchor for working around the GtkTextView's misalignment bug.
-    // This character might be captured and inserted into the content by undo
-    // manager, so we need to filter it out here.
-    if (c != L'\n' && c != L'\r' && c != L'\t' && c != 0x200B)
-      filtered_text.append(p, next);
+  if (model_->is_pasting())
+    filtered_text = StripJavascriptSchemas(filtered_text);
 
-    p = next;
-  }
-
-  if (filtered_text.length()) {
+  if (!filtered_text.empty()) {
     // Avoid inserting the text after the instant anchor.
     ValidateTextBufferIter(location);
 
     // Call the default handler to insert filtered text.
     GtkTextBufferClass* klass = GTK_TEXT_BUFFER_GET_CLASS(buffer);
-    klass->insert_text(buffer, location, filtered_text.data(),
-                       static_cast<gint>(filtered_text.length()));
+    std::string utf8_text = UTF16ToUTF8(filtered_text);
+    klass->insert_text(buffer, location, utf8_text.data(),
+                       static_cast<gint>(utf8_text.length()));
   }
 
   // Stop propagating the signal emission to prevent the default handler from
   // being called again.
   static guint signal_id = g_signal_lookup("insert-text", GTK_TYPE_TEXT_BUFFER);
   g_signal_stop_emission(buffer, signal_id, 0);
 }
 
 void OmniboxViewGtk::HandleBackSpace(GtkWidget* sender) {
   // Checks if it's currently in keyword search mode.
@@ skipping 106 matching lines @@
                            0);
 
     if (!copy && gtk_text_view_get_editable(GTK_TEXT_VIEW(text_view_)))
       gtk_text_buffer_delete_selection(text_buffer_, true, true);
   }
 
   OwnPrimarySelection(UTF16ToUTF8(text));
 }
 
 bool OmniboxViewGtk::OnPerformDropImpl(const string16& text) {
-  if (model_->CanPasteAndGo(CollapseWhitespace(text, true))) {
+  if (model_->CanPasteAndGo(StripJavascriptSchemas(
+      CollapseWhitespace(text, true)))) {
     model_->PasteAndGo();
     return true;
   }
 
   return false;
 }
 
 gfx::Font OmniboxViewGtk::GetFont() {
 #if defined(TOOLKIT_VIEWS)
   bool use_gtk = false;
@@ skipping 585 matching lines @@
 
   // Make all the children of the widget visible. NOTE: this won't display
   // anything, it just toggles the visible flag.
   gtk_widget_show_all(omnibox_view->GetNativeView());
   // Hide the widget. NativeViewHostGtk will make it visible again as necessary.
   gtk_widget_hide(omnibox_view->GetNativeView());
 
   return omnibox_view;
 }
 #endif