Limit depth of parsing of dictionaries returned by JS evaluation.

ios/web/web_state/ui/web_view_js_utils.mm

Index: ios/web/web_state/ui/web_view_js_utils.mm
diff --git a/ios/web/web_state/ui/web_view_js_utils.mm b/ios/web/web_state/ui/web_view_js_utils.mm
index 77817a1f0176d12abcd8c32d0ba8760a0764672f..56f1f57134dba9bb762cf9c1aa81e0c967432be2 100644
--- a/ios/web/web_state/ui/web_view_js_utils.mm
+++ b/ios/web/web_state/ui/web_view_js_utils.mm
@@ -8,6 +8,7 @@
 #import <WebKit/WebKit.h>
 
 #include "base/logging.h"
+#include "base/mac/foundation_util.h"
 #include "base/mac/scoped_nsobject.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/sys_string_conversions.h"
@@ -16,12 +17,20 @@
 namespace web {
 
 NSString* const kJSEvaluationErrorDomain = @"JSEvaluationError";
+int const kMaximumParsingRecursionDepth = 6;
 
-std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result) {
+std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result,

[Eugene But (OOO till 7-30), 2016/09/12 16:12:00]

Could you please move this function to anonymous namespace and add comments.

[jif, 2016/09/13 09:41:09]

Done.

+                                                     int max_depth) {
   if (!wk_result)
     return nullptr;
 
   std::unique_ptr<base::Value> result;
+
+  if (max_depth < 0) {

[Eugene But (OOO till 7-30), 2016/09/12 16:12:00]

NIT: Should this be |max_depth <= 0| ?

Otherwise recursion depth can be 7

[jif, 2016/09/13 09:41:09]

I briefly looked at the definition of "depth", and it looks like the root node
of a tree has a depth of 0.

This means that if |max_depth| is 0, |ValueResultFromWKResult| should at least
parse the root node. This would not be the case with "max_depth <= 0", and is
why is chose "max_depth < 0".

Does that make sense?

[Eugene But (OOO till 7-30), 2016/09/13 15:52:55]

Sure.

+    DLOG(WARNING) << "JS maximum recursion depth exceeded.";
+    return result;
+  }
+
   CFTypeID result_type = CFGetTypeID(wk_result);
   if (result_type == CFStringGetTypeID()) {
     result.reset(new base::StringValue(base::SysNSStringToUTF16(wk_result)));
@@ -40,10 +49,15 @@ std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result) {
     std::unique_ptr<base::DictionaryValue> dictionary =
         base::MakeUnique<base::DictionaryValue>();
     for (id key in wk_result) {
-      DCHECK([key respondsToSelector:@selector(UTF8String)]);
-      const std::string& path([key UTF8String]);
-      dictionary->Set(path,
-                      ValueResultFromWKResult([wk_result objectForKey:key]));
+      NSString* objCString = base::mac::ObjCCast<NSString>(key);

[Eugene But (OOO till 7-30), 2016/09/12 16:12:00]

s/objCString/obj_c_string

[jif, 2016/09/13 09:41:09]

Done.

+      if (objCString) {

[Eugene But (OOO till 7-30), 2016/09/12 16:12:00]

Do you need this check? base::SysNSStringToUTF8 handles nil inputs just fine
returning empty strings.

[jif, 2016/09/13 09:41:09]

Ah, thanks!
Done.

+        const std::string path = base::SysNSStringToUTF8(objCString);
+        std::unique_ptr<base::Value> value = ValueResultFromWKResult(
+            [wk_result objectForKey:objCString], max_depth - 1);
+        if (value) {
+          dictionary->Set(path, std::move(value));
+        }
+      }
     }
     result = std::move(dictionary);
   } else {
@@ -52,6 +66,10 @@ std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result) {
   return result;
 }
 
+std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result) {
+  return ValueResultFromWKResult(wk_result, kMaximumParsingRecursionDepth);
+}
+
 void ExecuteJavaScript(WKWebView* web_view,
                        NSString* script,
                        JavaScriptResultBlock completion_handler) {