OLD | NEW |
(Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/ui/app_list/search/common/webservice_search_provider.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "base/callback.h" |
| 10 #include "base/strings/string_util.h" |
| 11 #include "chrome/browser/search/search.h" |
| 12 #include "chrome/common/url_constants.h" |
| 13 #include "url/gurl.h" |
| 14 |
| 15 namespace app_list { |
| 16 |
| 17 namespace { |
| 18 |
| 19 const int kWebserviceQueryThrottleIntrevalInMs = 100; |
| 20 const size_t kMinimumQueryLength = 3u; |
| 21 |
| 22 } // namespace |
| 23 |
| 24 WebserviceSearchProvider::WebserviceSearchProvider(Profile* profile) |
| 25 : profile_(profile), use_throttling_(true) {} |
| 26 |
| 27 WebserviceSearchProvider::~WebserviceSearchProvider() {} |
| 28 |
| 29 void WebserviceSearchProvider::StartThrottledQuery( |
| 30 const base::Closure& start_query) { |
| 31 base::TimeDelta interval = |
| 32 base::TimeDelta::FromMilliseconds(kWebserviceQueryThrottleIntrevalInMs); |
| 33 if (!use_throttling_ || base::Time::Now() - last_keytyped_ > interval) { |
| 34 query_throttler_.Stop(); |
| 35 start_query.Run(); |
| 36 } else { |
| 37 query_throttler_.Start(FROM_HERE, interval, start_query); |
| 38 } |
| 39 last_keytyped_ = base::Time::Now(); |
| 40 } |
| 41 |
| 42 bool WebserviceSearchProvider::IsValidQuery(const string16& query) { |
| 43 // If |query| contains sensitive data, bail out and do not create the place |
| 44 // holder "search-web-store" result. |
| 45 if (IsSensitiveInput(query) || |
| 46 (query.size() < kMinimumQueryLength) || |
| 47 !chrome::IsSuggestPrefEnabled(profile_)) { |
| 48 return false; |
| 49 } |
| 50 |
| 51 return true; |
| 52 } |
| 53 |
| 54 |
| 55 // Returns whether or not the user's input string, |query|, might contain any |
| 56 // sensitive information, based purely on its value and not where it came from. |
| 57 bool WebserviceSearchProvider::IsSensitiveInput(const string16& query) { |
| 58 const GURL query_as_url(query); |
| 59 if (!query_as_url.is_valid()) |
| 60 return false; |
| 61 |
| 62 // The input can be interpreted as a URL. Check to see if it is potentially |
| 63 // sensitive. (Code shamelessly copied from search_provider.cc's |
| 64 // IsQuerySuitableForSuggest function.) |
| 65 |
| 66 // First we check the scheme: if this looks like a URL with a scheme that is |
| 67 // file, we shouldn't send it. Sending such things is a waste of time and a |
| 68 // disclosure of potentially private, local data. If the scheme is OK, we |
| 69 // still need to check other cases below. |
| 70 if (LowerCaseEqualsASCII(query_as_url.scheme(), chrome::kFileScheme)) |
| 71 return true; |
| 72 |
| 73 // Don't send URLs with usernames, queries or refs. Some of these are |
| 74 // private, and the Suggest server is unlikely to have any useful results |
| 75 // for any of them. Also don't send URLs with ports, as we may initially |
| 76 // think that a username + password is a host + port (and we don't want to |
| 77 // send usernames/passwords), and even if the port really is a port, the |
| 78 // server is once again unlikely to have and useful results. |
| 79 if (!query_as_url.username().empty() || |
| 80 !query_as_url.port().empty() || |
| 81 !query_as_url.query().empty() || |
| 82 !query_as_url.ref().empty()) { |
| 83 return true; |
| 84 } |
| 85 |
| 86 // Don't send anything for https except the hostname. Hostnames are OK |
| 87 // because they are visible when the TCP connection is established, but the |
| 88 // specific path may reveal private information. |
| 89 if (LowerCaseEqualsASCII(query_as_url.scheme(), content::kHttpsScheme) && |
| 90 !query_as_url.path().empty() && query_as_url.path() != "/") { |
| 91 return true; |
| 92 } |
| 93 |
| 94 return false; |
| 95 } |
| 96 |
| 97 } // namespace app_list |
OLD | NEW |