Chromium Code Reviews Chromium Code Reviews
Issue 2015433003:
Implement MediaMetadata artwork in content (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "content/common/media/media_metadata_sanitizer.h" | |
| 6 | |
| 7 #include <algorithm> | |
| 8 #include <string> | |
| 9 | |
| 10 namespace content { | |
| 11 | |
| 12 namespace { | |
| 13 | |
| 14 // Maximum length for all the strings inside the MediaMetadata when it is sent | |
| 15 // over IPC. The renderer process should truncate the strings before sending | |
| 16 // the MediaMetadata and the browser process must do the same when receiving | |
| 17 // it. | |
| 18 const size_t kMaxIPCStringLength = 4 * 1024; | |
| 19 | |
| 20 // Maximum length of artwork src. | |
| 21 const size_t kMaxArtworkSrcLength = 64 * 1024; | |
|
dcheng
2016/07/05 02:36:55
FWIW, there's also a kMaxURLChars (which is 2MB).
Zhiqiang Zhang (Slow)
2016/07/05 15:30:30
Let's use kMaxURLChars.
| |
| 22 | |
| 23 // Maximum type length of Artwork, which conforms to RFC 4288 | |
| 24 // (https://tools.ietf.org/html/rfc4288). | |
| 25 const size_t kMaxArtworkTypeLength = 2 * 127 + 1; | |
| 26 | |
| 27 // Maximum number of artwork images inside the MediaMetadata. | |
| 28 const size_t kMaxNumberOfArtworkImages = 10; | |
| 29 | |
| 30 // Maximum of sizes in an artwork image. | |
| 31 const size_t kMaxNumberOfArtworkSizes = 10; | |
| 32 | |
| 33 bool CheckArtworkSrcSanity(const GURL& src) { | |
| 34 if (!src.is_valid() || !src.IsStandard()) | |
|
dcheng
2016/07/05 02:36:55
The standard scheme check seems redundant in conju
Zhiqiang Zhang (Slow)
2016/07/05 15:30:30
Done.
| |
| 35 return false; | |
| 36 if (!src.SchemeIsHTTPOrHTTPS() && src.scheme() != url::kDataScheme) | |
|
Zhiqiang Zhang (Slow)
2016/07/01 21:05:34
palmer@, actually I found that WebContents::Downlo
| |
| 37 return false; | |
| 38 if (src.spec().size() > kMaxArtworkSrcLength) | |
| 39 return false; | |
| 40 | |
| 41 return true; | |
| 42 } | |
| 43 | |
| 44 bool CheckArtworkSanity(const MediaMetadata::Artwork& artwork) { | |
| 45 if (!CheckArtworkSrcSanity(artwork.src)) | |
| 46 return false; | |
| 47 if (artwork.type.is_null()) | |
| 48 return false; | |
| 49 if (artwork.type.string().size() > kMaxArtworkTypeLength) | |
| 50 return false; | |
| 51 if (artwork.sizes.size() > kMaxNumberOfArtworkSizes) | |
| 52 return false; | |
| 53 | |
| 54 return true; | |
| 55 } | |
| 56 | |
| 57 // Sanitize artwork. The method should not be called if |artwork.src| is bad. | |
| 58 MediaMetadata::Artwork SanitizeArtwork(const MediaMetadata::Artwork& artwork) { | |
| 59 MediaMetadata::Artwork sanitized_artwork; | |
| 60 | |
| 61 sanitized_artwork.src = artwork.src; | |
| 62 sanitized_artwork.type = artwork.type.is_null() ? | |
| 63 base::NullableString16() : | |
| 64 base::NullableString16( | |
| 65 artwork.type.string().substr(0, kMaxArtworkTypeLength), false); | |
| 66 for (const auto& size : artwork.sizes()) { | |
| 67 sanitized_artwork.sizes.push_back(artwork.sizes[i]); | |
| 68 if (sanitized_artwork.sizes.size() > kMaxNumberOfArtworkSizes) | |
| 69 break; | |
| 70 } | |
| 71 | |
| 72 return sanitized_artwork; | |
| 73 } | |
| 74 | |
| 75 } // anonymous namespace | |
| 76 | |
| 77 bool MediaMetadataSanitizer::CheckSanity(const MediaMetadata& metadata) { | |
| 78 if (metadata.title.size() > kMaxIPCStringLength) | |
| 79 return false; | |
| 80 if (metadata.artist.size() > kMaxIPCStringLength) | |
| 81 return false; | |
| 82 if (metadata.album.size() > kMaxIPCStringLength) | |
| 83 return false; | |
| 84 if (metadata.artwork.size() > kMaxNumberOfArtworkImages) | |
| 85 return false; | |
| 86 | |
| 87 for (const auto& artwork : metadata.artwork) { | |
| 88 if (CheckArtworkSanity(artwork)) | |
| 89 return false; | |
| 90 } | |
| 91 | |
| 92 return true; | |
| 93 } | |
| 94 | |
| 95 MediaMetadata MediaMetadataSanitizer::Sanitize(const MediaMetadata& metadata) { | |
| 96 MediaMetadata sanitized_metadata; | |
| 97 | |
| 98 sanitized_metadata.title = metadata.title.substr(0, kMaxIPCStringLength); | |
| 99 sanitized_metadata.artist = metadata.artist.substr(0, kMaxIPCStringLength); | |
| 100 sanitized_metadata.album = metadata.album.substr(0, kMaxIPCStringLength); | |
| 101 | |
| 102 for (const auto& artwork : metadata.artwork) { | |
| 103 if (!CheckArtworkSrcSanity(artwork.src)) | |
|
dcheng
2016/07/05 02:36:55
CheckArtworkSanity already does this check.
Zhiqiang Zhang (Slow)
2016/07/05 15:30:30
This check is needed here.
If artwork has a good
| |
| 104 continue; | |
| 105 | |
| 106 sanitized_metadata.artwork.push_back( | |
| 107 CheckArtworkSanity(artwork) ? artwork : SanitizeArtwork(artwork)); | |
| 108 | |
| 109 if (sanitized_metadata.artwork.size() > kMaxNumberOfArtworkImages) | |
|
dcheng
2016/07/05 02:36:55
This check should be ==: otherwise, you can create
Zhiqiang Zhang (Slow)
2016/07/05 15:30:30
Done.
| |
| 110 break; | |
| 111 } | |
| 112 | |
| 113 return sanitized_metadata; | |
| 114 } | |
| 115 | |
| 116 } // namespace content | |
| OLD | NEW |
