OLD | NEW |
(Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "modules/mediasession/MediaMetadataSanitizer.h" |
| 6 |
| 7 #include "modules/mediasession/MediaArtwork.h" |
| 8 #include "modules/mediasession/MediaMetadata.h" |
| 9 #include "public/platform/WebIconSizesParser.h" |
| 10 #include "public/platform/WebSize.h" |
| 11 #include "url/url_constants.h" |
| 12 |
| 13 namespace blink { |
| 14 |
| 15 namespace { |
| 16 |
| 17 // Constants used by the sanitizer, must be consistent with |
| 18 // content::MediaMetdataSanitizer. |
| 19 |
| 20 // Maximum length of all strings inside MediaMetadata when it is sent over mojo. |
| 21 const size_t kMaxStringLength = 4 * 1024; |
| 22 |
| 23 // Maximum type length of MediaArtwork, which conforms to RFC 4288 |
| 24 // (https://tools.ietf.org/html/rfc4288). |
| 25 const size_t kMaxArtworkTypeLength = 2 * 127 + 1; |
| 26 |
| 27 // Maximum number of artwork images inside the MediaMetadata. |
| 28 const size_t kMaxNumberOfArtworkImages = 10; |
| 29 |
| 30 // Maximum of sizes in an artwork image. |
| 31 const size_t kMaxNumberOfArtworkSizes = 10; |
| 32 |
| 33 bool checkArtworkSrcSanity(const KURL& src) { |
| 34 if (!src.isValid()) |
| 35 return false; |
| 36 if (!src.protocolIs(url::kHttpScheme) && !src.protocolIs(url::kHttpsScheme) && |
| 37 !src.protocolIs(url::kDataScheme)) { |
| 38 return false; |
| 39 } |
| 40 DCHECK(src.getString().is8Bit()); |
| 41 if (src.getString().length() > url::kMaxURLChars) |
| 42 return false; |
| 43 return true; |
| 44 } |
| 45 |
| 46 blink::mojom::blink::MediaImagePtr sanitizeArtworkAndConvertToMojo( |
| 47 const MediaArtwork* artwork) { |
| 48 DCHECK(artwork); |
| 49 |
| 50 blink::mojom::blink::MediaImagePtr mojoImage; |
| 51 |
| 52 KURL url = KURL(ParsedURLString, artwork->src()); |
| 53 if (!checkArtworkSrcSanity(url)) |
| 54 return mojoImage; |
| 55 |
| 56 mojoImage = blink::mojom::blink::MediaImage::New(); |
| 57 mojoImage->src = url; |
| 58 mojoImage->type = artwork->type().left(kMaxArtworkTypeLength); |
| 59 for (const auto& webSize : |
| 60 WebIconSizesParser::parseIconSizes(artwork->sizes())) { |
| 61 mojoImage->sizes.append(webSize); |
| 62 if (mojoImage->sizes.size() == kMaxNumberOfArtworkSizes) |
| 63 break; |
| 64 } |
| 65 return mojoImage; |
| 66 } |
| 67 |
| 68 } // anonymous namespace |
| 69 |
| 70 blink::mojom::blink::MediaMetadataPtr |
| 71 MediaMetadataSanitizer::sanitizeAndConvertToMojo( |
| 72 const MediaMetadata* metadata) { |
| 73 blink::mojom::blink::MediaMetadataPtr mojoMetadata; |
| 74 if (!metadata) |
| 75 return mojoMetadata; |
| 76 |
| 77 mojoMetadata = blink::mojom::blink::MediaMetadata::New(); |
| 78 |
| 79 mojoMetadata->title = metadata->title().left(kMaxStringLength); |
| 80 mojoMetadata->artist = metadata->artist().left(kMaxStringLength); |
| 81 mojoMetadata->album = metadata->album().left(kMaxStringLength); |
| 82 |
| 83 for (const auto artwork : metadata->artwork()) { |
| 84 blink::mojom::blink::MediaImagePtr mojoImage = |
| 85 sanitizeArtworkAndConvertToMojo(artwork.get()); |
| 86 if (!mojoImage.is_null()) |
| 87 mojoMetadata->artwork.append(std::move(mojoImage)); |
| 88 if (mojoMetadata->artwork.size() == kMaxNumberOfArtworkImages) |
| 89 break; |
| 90 } |
| 91 return mojoMetadata; |
| 92 } |
| 93 |
| 94 } // namespace blink |
OLD | NEW |