Strip invalid characters (line breaks, tabs), javascript:schemes from the copied text before pasting

chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.cc

Index: chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.cc
===================================================================
--- chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.cc	(revision 110898)
+++ chrome/browser/ui/gtk/omnibox/omnibox_view_gtk.cc	(working copy)
@@ -878,9 +878,7 @@
     if (data.GetURLAndTitle(&url, &title))
       text = UTF8ToUTF16(url.spec());
   } else {
-    string16 data_string;
-    if (data.GetString(&data_string))
-      text = CollapseWhitespace(data_string, true);
+    data.GetString(&text);
   }
 
   if (!text.empty() && OnPerformDropImpl(text))
@@ -1444,10 +1442,13 @@
   // back after shutdown, and similar issues.
   GtkClipboard* x_clipboard = gtk_clipboard_get(GDK_SELECTION_CLIPBOARD);
   gchar* text = gtk_clipboard_wait_for_text(x_clipboard);
-  string16 text_wstr = UTF8ToUTF16(text ? text : "");
+  string16 sanitized_text(text ?
+      StripJavascriptSchemas(CollapseWhitespace(UTF8ToUTF16(text), true)) :
+      string16());
   g_free(text);
 
   // Paste and Go menu item.

[Peter Kasting, 2011/11/23 19:02:11]

Nit: To prevent future problems, maybe we should add "Note that CanPasteAndGo()
needs to be called before is_paste_and_search() in order to set up the
paste-and-go state."

[SanjoyPal, 2011/11/24 07:36:10]

Done.

+  bool can_paste_and_go = model_->CanPasteAndGo(sanitized_text);
   GtkWidget* paste_go_menuitem = gtk_menu_item_new_with_mnemonic(
       gfx::ConvertAcceleratorsFromWindowsStyle(
           l10n_util::GetStringUTF8(model_->is_paste_and_search() ?
@@ -1455,8 +1456,7 @@
   gtk_menu_shell_append(GTK_MENU_SHELL(menu), paste_go_menuitem);
   g_signal_connect(paste_go_menuitem, "activate",
                    G_CALLBACK(HandlePasteAndGoThunk), this);
-  gtk_widget_set_sensitive(paste_go_menuitem,
-                           model_->CanPasteAndGo(text_wstr));
+  gtk_widget_set_sensitive(paste_go_menuitem, can_paste_and_go);
   gtk_widget_show(paste_go_menuitem);
 
   g_signal_connect(menu, "deactivate",
@@ -1632,7 +1632,7 @@
                                       GtkTextIter* location,
                                       const gchar* text,
                                       gint len) {
-  std::string filtered_text;
+  string16 filtered_text;
   filtered_text.reserve(len);
 
   // Filter out new line and tab characters.
@@ -1655,20 +1655,28 @@
     // anchor for working around the GtkTextView's misalignment bug.
     // This character might be captured and inserted into the content by undo
     // manager, so we need to filter it out here.
-    if (c != L'\n' && c != L'\r' && c != L'\t' && c != 0x200B)
+    if (c != 0x200B)
       filtered_text.append(p, next);

[Peter Kasting, 2011/11/23 19:02:11]

What asvitkine said about using WriteUnicodeCharacter().

Note that if you do this, you can eliminate |next| above and convert this
while() loop to a simple for() loop:

  for (const gchar* p = text; *p && ((p - text) < len);
       p = g_utf8_next_char(p)) {
    ...

[SanjoyPal, 2011/11/24 07:36:10]

Note that WriteUnicodeCharacter() was not exposed, i had to export it.
Done.

 
     p = next;
   }
 
-  if (filtered_text.length()) {
+  string16 sanitized_text;

[Peter Kasting, 2011/11/23 19:02:11]

Nit: Simpler:

  if (model_->is_pasting()) {
    filtered_text =
        StripJavascriptSchemas(CollapseWhitespace(filtered_text, true));
  }

...and use |filtered_text| directly below.

[SanjoyPal, 2011/11/24 07:36:10]

Done.

+  if (model_->is_pasting())
+    sanitized_text = StripJavascriptSchemas(
+        CollapseWhitespace(filtered_text, true));
+  else
+    sanitized_text = filtered_text;
+
+  if (!sanitized_text.empty()) {
     // Avoid inserting the text after the instant anchor.
     ValidateTextBufferIter(location);
 
     // Call the default handler to insert filtered text.
     GtkTextBufferClass* klass = GTK_TEXT_BUFFER_GET_CLASS(buffer);
-    klass->insert_text(buffer, location, filtered_text.data(),
-                       static_cast<gint>(filtered_text.length()));
+    std::string utf8_text = UTF16ToUTF8(sanitized_text);
+    klass->insert_text(buffer, location, utf8_text.data(),
+                       static_cast<gint>(utf8_text.length()));
   }
 
   // Stop propagating the signal emission to prevent the default handler from
@@ -1795,7 +1803,8 @@
 }
 
 bool OmniboxViewGtk::OnPerformDropImpl(const string16& text) {
-  if (model_->CanPasteAndGo(CollapseWhitespace(text, true))) {
+  if (model_->CanPasteAndGo(StripJavascriptSchemas
+      (CollapseWhitespace(text, true)))) {

[Peter Kasting, 2011/11/23 19:02:11]

Nit: Put '(' on previous line.

[SanjoyPal, 2011/11/24 07:36:10]

Done.

     model_->PasteAndGo();
     return true;
   }