Do not parse JSON in the browser.

chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.chrome.browser.payments;
 
 import android.app.Activity;
 import android.graphics.Bitmap;
 import android.os.Handler;
 import android.text.TextUtils;
 
-import org.json.JSONException;
-import org.json.JSONObject;
-
 import org.chromium.base.Callback;
 import org.chromium.base.Log;
 import org.chromium.base.VisibleForTesting;
 import org.chromium.base.metrics.RecordHistogram;
 import org.chromium.chrome.R;
 import org.chromium.chrome.browser.ChromeActivity;
 import org.chromium.chrome.browser.ChromeFeatureList;
 import org.chromium.chrome.browser.autofill.PersonalDataManager;
 import org.chromium.chrome.browser.autofill.PersonalDataManager.AutofillProfile;
 import org.chromium.chrome.browser.favicon.FaviconHelper;
 import org.chromium.chrome.browser.payments.ui.Completable;
 import org.chromium.chrome.browser.payments.ui.LineItem;
 import org.chromium.chrome.browser.payments.ui.PaymentInformation;
 import org.chromium.chrome.browser.payments.ui.PaymentOption;
 import org.chromium.chrome.browser.payments.ui.PaymentRequestUI;
 import org.chromium.chrome.browser.payments.ui.SectionInformation;
 import org.chromium.chrome.browser.payments.ui.ShoppingCart;
 import org.chromium.chrome.browser.profiles.Profile;
 import org.chromium.chrome.browser.tab.Tab;
 import org.chromium.chrome.browser.tabmodel.EmptyTabModelObserver;
 import org.chromium.chrome.browser.tabmodel.EmptyTabModelSelectorObserver;
 import org.chromium.chrome.browser.tabmodel.TabModel;
 import org.chromium.chrome.browser.tabmodel.TabModel.TabSelectionType;
 import org.chromium.chrome.browser.tabmodel.TabModelObserver;
 import org.chromium.chrome.browser.tabmodel.TabModelSelectorObserver;
-import org.chromium.components.safejson.JsonSanitizer;
 import org.chromium.components.url_formatter.UrlFormatter;
 import org.chromium.content_public.browser.WebContents;
 import org.chromium.mojo.system.MojoException;
 import org.chromium.payments.mojom.PaymentComplete;
 import org.chromium.payments.mojom.PaymentDetails;
 import org.chromium.payments.mojom.PaymentErrorReason;
 import org.chromium.payments.mojom.PaymentItem;
 import org.chromium.payments.mojom.PaymentMethodData;
 import org.chromium.payments.mojom.PaymentOptions;
 import org.chromium.payments.mojom.PaymentRequest;
 import org.chromium.payments.mojom.PaymentRequestClient;
 import org.chromium.payments.mojom.PaymentResponse;
 import org.chromium.payments.mojom.PaymentShippingOption;
 import org.chromium.payments.mojom.PaymentShippingType;
 
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
@@ skipping 105 matching lines @@
      * price string. This data is passed to the UI.
      */
     private ShoppingCart mUiShoppingCart;
 
     /**
      * The UI model for the shipping options. Includes the label and sublabel for each shipping
      * option. Also keeps track of the selected shipping option. This data is passed to the UI.
      */
     private SectionInformation mUiShippingOptions;
 
-    private Map<String, JSONObject> mMethodData;
+    private Map<String, PaymentMethodData> mMethodData;
     private SectionInformation mShippingAddressesSection;
     private SectionInformation mContactSection;
     private List<PaymentApp> mPendingApps;
     private List<PaymentInstrument> mPendingInstruments;
     private List<PaymentInstrument> mPendingAutofillInstruments;
     private SectionInformation mPaymentMethodsSection;
     private PaymentRequestUI mUI;
     private Callback<PaymentInformation> mPaymentInformationCallback;
     private boolean mPaymentAppRunning;
     private boolean mMerchantSupportsAutofillPaymentInstruments;
@@ skipping 221 matching lines @@
 
         // Catch any time the user switches tabs.  Because the dialog is modal, a user shouldn't be
         // allowed to switch tabs, which can happen if the user receives an external Intent.
         mContext.getTabModelSelector().addObserver(mSelectorObserver);
         mContext.getCurrentTabModel().addObserver(mTabModelObserver);
 
         mUI.show();
         recordSuccessFunnelHistograms("Shown");
     }
 
-    private static Map<String, JSONObject> getValidatedMethodData(
+    private static Map<String, PaymentMethodData> getValidatedMethodData(
             PaymentMethodData[] methodData, CardEditor paymentMethodsCollector) {
         // Payment methodData are required.
         if (methodData == null || methodData.length == 0) return null;
-        Map<String, JSONObject> result = new HashMap<>();
+        Map<String, PaymentMethodData> result = new HashMap<>();
         for (int i = 0; i < methodData.length; i++) {
-            JSONObject data = null;
-            if (!TextUtils.isEmpty(methodData[i].stringifiedData)) {
-                try {
-                    data = new JSONObject(JsonSanitizer.sanitize(methodData[i].stringifiedData));
-                } catch (JSONException | IOException | IllegalStateException e) {
-                    // Payment method specific data should be a JSON object.
-                    // According to the payment request spec[1], for each method data,
-                    // if the data field is supplied but is not a JSON-serializable object,
-                    // then should throw a TypeError. So, we should return null here even if
-                    // only one is bad.
-                    // [1] https://w3c.github.io/browser-payment-api/
-                    return null;
-                }
-            }
-
             String[] methods = methodData[i].supportedMethods;
 
             // Payment methods are required.
             if (methods == null || methods.length == 0) return null;
 
             for (int j = 0; j < methods.length; j++) {
                 // Payment methods should be non-empty.
                 if (TextUtils.isEmpty(methods[j])) return null;
-                result.put(methods[j], data);
+                result.put(methods[j], methodData[i]);
             }
 
             paymentMethodsCollector.addAcceptedPaymentMethodsIfRecognized(methods);
         }
         return result;
     }
 
     /** Queries the installed payment apps for their instruments that merchant supports. */
     private void getMatchingPaymentInstruments() {
         mPendingApps = new ArrayList<>(mApps);
         mPendingInstruments = new ArrayList<>();
         mPendingAutofillInstruments = new ArrayList<>();
 
-        Map<PaymentApp, Map<String, JSONObject>> queryApps = new HashMap<>();
+        Map<PaymentApp, Map<String, PaymentMethodData>> queryApps = new HashMap<>();
         for (int i = 0; i < mApps.size(); i++) {
             PaymentApp app = mApps.get(i);
-            Map<String, JSONObject> appMethods =
+            Map<String, PaymentMethodData> appMethods =
                     filterMerchantMethodData(mMethodData, app.getAppMethodNames());
             if (appMethods == null) {
                 mPendingApps.remove(app);
             } else {
                 mArePaymentMethodsSupported = true;
                 mMerchantSupportsAutofillPaymentInstruments |= app instanceof AutofillPaymentApp;
                 queryApps.put(app, appMethods);
             }
         }
 
         // Query instruments after mMerchantSupportsAutofillPaymentInstruments has been initialized,
         // so a fast response from a non-autofill payment app at the front of the app list does not
         // cause NOT_SUPPORTED payment rejection.
-        for (Map.Entry<PaymentApp, Map<String, JSONObject>> q : queryApps.entrySet()) {
+        for (Map.Entry<PaymentApp, Map<String, PaymentMethodData>> q : queryApps.entrySet()) {
             q.getKey().getInstruments(q.getValue(), this);
         }
     }
 
     /** Filter out merchant method data that's not relevant to a payment app. Can return null. */
-    private static Map<String, JSONObject> filterMerchantMethodData(
-            Map<String, JSONObject> merchantMethodData, Set<String> appMethods) {
-        Map<String, JSONObject> result = null;
+    private static Map<String, PaymentMethodData> filterMerchantMethodData(
+            Map<String, PaymentMethodData> merchantMethodData, Set<String> appMethods) {
+        Map<String, PaymentMethodData> result = null;
         for (String method : appMethods) {
             if (merchantMethodData.containsKey(method)) {
                 if (result == null) result = new HashMap<>();
                 result.put(method, merchantMethodData.get(method));
             }
         }
         return result;
     }
 
     /**
@@ skipping 663 matching lines @@
                 "PaymentRequest.CheckoutFunnel.Aborted", abortReason,
                 PaymentRequestMetrics.ABORT_REASON_MAX);
 
         if (abortReason == PaymentRequestMetrics.ABORT_REASON_ABORTED_BY_USER) {
             mJourneyLogger.recordJourneyStatsHistograms("UserAborted");
         } else {
             mJourneyLogger.recordJourneyStatsHistograms("OtherAborted");
         }
     }
 }