Instant Extended: Add prominent search term support

chrome/browser/ui/toolbar/toolbar_model_impl.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
 
 #include "base/command_line.h"
 #include "base/prefs/pref_service.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/autocomplete/autocomplete_classifier.h"
@@ skipping 23 matching lines @@
 #include "net/cert/x509_certificate.h"
 #include "ui/base/l10n/l10n_util.h"
 
 using content::NavigationController;
 using content::NavigationEntry;
 using content::SSLStatus;
 using content::WebContents;
 
 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
     : delegate_(delegate),
-      input_in_progress_(false) {
+      input_in_progress_(false),
+      supports_extraction_of_url_like_search_terms_(false) {
 }
 
 ToolbarModelImpl::~ToolbarModelImpl() {
 }
 
 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
       content::WebContents* web_contents) {
   if (!web_contents)
     return NONE;
 
@@ skipping 25 matching lines @@
     default:
       NOTREACHED();
       return NONE;
   }
 }
 
 // ToolbarModelImpl Implementation.
 string16 ToolbarModelImpl::GetText(
     bool display_search_urls_as_search_terms) const {
   if (display_search_urls_as_search_terms) {
-    string16 search_terms = GetSearchTerms();
-    if (!search_terms.empty())
+    string16 search_terms(
+        chrome::GetSearchTerms(delegate_->GetActiveWebContents()));
+    if (GetSearchTermsTypeInternal(search_terms) != NO_SEARCH_TERMS)
       return search_terms;
   }
   std::string languages;  // Empty if we don't have a |navigation_controller|.
   Profile* profile = GetProfile();
   if (profile)
     languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages);
 
   GURL url(GetURL());
   if (url.spec().length() > content::kMaxURLDisplayChars)
     url = url.IsStandard() ? url.GetOrigin() : GURL(url.scheme() + ":");
   // Note that we can't unescape spaces here, because if the user copies this
   // and pastes it into another program, that program may think the URL ends at
   // the space.
   return AutocompleteInput::FormattedStringWithEquivalentMeaning(
       url, net::FormatUrl(url, languages, net::kFormatUrlOmitAll,
                           net::UnescapeRule::NORMAL, NULL, NULL, NULL));
 }
 
 string16 ToolbarModelImpl::GetCorpusNameForMobile() const {
-  if (!WouldReplaceSearchURLWithSearchTerms())
+  if (GetSearchTermsType() == NO_SEARCH_TERMS)
     return string16();
   GURL url(GetURL());
   // If there is a query in the url fragment look for the corpus name there,
   // otherwise look for the corpus name in the query parameters.
   const std::string& query_str(google_util::HasGoogleSearchQueryParam(
       url.ref()) ? url.ref() : url.query());
   url_parse::Component query(0, query_str.length()), key, value;
   const char kChipKey[] = "sboxchip";
   while (url_parse::ExtractQueryKeyValue(query_str.c_str(), &query, &key,
                                          &value)) {
@@ skipping 10 matching lines @@
   const NavigationController* navigation_controller = GetNavigationController();
   if (navigation_controller) {
     const NavigationEntry* entry = navigation_controller->GetVisibleEntry();
     if (entry)
       return ShouldDisplayURL() ? entry->GetVirtualURL() : GURL();
   }
 
   return GURL(chrome::kAboutBlankURL);
 }
 
-bool ToolbarModelImpl::WouldReplaceSearchURLWithSearchTerms() const {
-  return !GetSearchTerms().empty();
+ToolbarModel::SearchTermsType ToolbarModelImpl::GetSearchTermsType() const {
+  return GetSearchTermsTypeInternal(
+      chrome::GetSearchTerms(delegate_->GetActiveWebContents()));
+}
+
+void ToolbarModelImpl::SetSupportsExtractionOfURLLikeSearchTerms(bool value) {
+  supports_extraction_of_url_like_search_terms_ = value;
 }
 
 bool ToolbarModelImpl::ShouldDisplayURL() const {
   // Note: The order here is important.
   // - The WebUI test must come before the extension scheme test because there
   //   can be WebUIs that have extension schemes (e.g. the bookmark manager). In
   //   that case, we should prefer what the WebUI instance says.
   // - The view-source test must come before the NTP test because of the case
   //   of view-source:chrome://newtab, which should display its URL despite what
   //   chrome://newtab says.
@@ skipping 22 matching lines @@
 }
 
 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevel() const {
   if (input_in_progress_)  // When editing, assume no security style.
     return NONE;
 
   return GetSecurityLevelForWebContents(delegate_->GetActiveWebContents());
 }
 
 int ToolbarModelImpl::GetIcon() const {
-  if (WouldReplaceSearchURLWithSearchTerms())
+  SearchTermsType search_terms_type = GetSearchTermsType();
+  SecurityLevel security_level = GetSecurityLevel();
+  bool is_secure = security_level == EV_SECURE || security_level == SECURE;
+  if (search_terms_type == NORMAL_SEARCH_TERMS ||
+      (search_terms_type == URL_LIKE_SEARCH_TERMS && is_secure))
     return IDR_OMNIBOX_SEARCH;
+
   static int icon_ids[NUM_SECURITY_LEVELS] = {
     IDR_LOCATION_BAR_HTTP,
     IDR_OMNIBOX_HTTPS_VALID,
     IDR_OMNIBOX_HTTPS_VALID,
     IDR_OMNIBOX_HTTPS_WARNING,
     IDR_OMNIBOX_HTTPS_INVALID,
   };
   DCHECK(arraysize(icon_ids) == NUM_SECURITY_LEVELS);
-  return icon_ids[GetSecurityLevel()];
+  return icon_ids[security_level];
 }
 
 string16 ToolbarModelImpl::GetEVCertName() const {
   DCHECK_EQ(GetSecurityLevel(), EV_SECURE);
   scoped_refptr<net::X509Certificate> cert;
   // Note: Navigation controller and active entry are guaranteed non-NULL or
   // the security level would be NONE.
   content::CertStore::GetInstance()->RetrieveCert(
       GetNavigationController()->GetVisibleEntry()->GetSSL().cert_id, &cert);
   return GetEVCertName(*cert);
@@ skipping 30 matching lines @@
   return current_tab ? &current_tab->GetController() : NULL;
 }
 
 Profile* ToolbarModelImpl::GetProfile() const {
   NavigationController* navigation_controller = GetNavigationController();
   return navigation_controller ?
       Profile::FromBrowserContext(navigation_controller->GetBrowserContext()) :
       NULL;
 }
 
-string16 ToolbarModelImpl::GetSearchTerms() const {
-  const WebContents* contents = delegate_->GetActiveWebContents();
-  string16 search_terms = chrome::GetSearchTerms(contents);
+ToolbarModel::SearchTermsType ToolbarModelImpl::GetSearchTermsTypeInternal(
+    const string16& search_terms) const {
+  if (search_terms.empty())
+    return NO_SEARCH_TERMS;
 
-  // Don't extract search terms that the omnibox would treat as a navigation.
-  // This might confuse users into believing that the search terms were the
-  // URL of the current page, and could cause problems if users hit enter in
-  // the omnibox expecting to reload the page.
-  if (!search_terms.empty()) {
-    AutocompleteMatch match;
-    Profile* profile =
-        Profile::FromBrowserContext(contents->GetBrowserContext());
-    AutocompleteClassifierFactory::GetForProfile(profile)->Classify(
-        search_terms, false, false, &match, NULL);
-    if (!AutocompleteMatch::IsSearchType(match.type))
-      search_terms.clear();
-  }
+  AutocompleteMatch match;
+  AutocompleteClassifierFactory::GetForProfile(Profile::FromBrowserContext(
+      delegate_->GetActiveWebContents()->GetBrowserContext()))->Classify(
+          search_terms, false, false, &match, NULL);
+  // TODO(sail): Remove this once server side mixed content problems are fixed.
+  // For now treat mixed content similar to url shaped queries.

[Peter Kasting, 2013/04/25 22:48:39]

I don't think this TODO is correct, because I think the issue is not the current
presence of mixed content but a backstop against possible future exploits that
inject mixed content into a Google Search page.

If I'm right, a better comment might be:

If the current page is not being displayed securely (e.g. due to mixed content
errors), force any extracted search terms to be considered as "URL-like".  This
will cause callers to display a more obvious indicator that the terms are a
search query.  This aims to mitigate an attack scenario where attackers inject
content into a search result page to make it look like e.g. Paypal and also
navigate the URL to that of a search for "Paypal" -- hopefully, showing an
obvious indicator that this is a search will decrease the chances of users
falling for the phishing attempt.

[sail, 2013/04/25 23:39:16]

Done.

+  ToolbarModel::SecurityLevel security_level = GetSecurityLevel();
+  if (AutocompleteMatch::IsSearchType(match.type) &&
+      ((security_level == SECURE) || (security_level == EV_SECURE)))
+    return NORMAL_SEARCH_TERMS;
 
-  return search_terms;
+  return supports_extraction_of_url_like_search_terms_?
+      URL_LIKE_SEARCH_TERMS : NO_SEARCH_TERMS;
 }