[IndexedDB] Integrating failures and corruption with transaction

content/browser/indexed_db/indexed_db_factory_impl.cc

Index: content/browser/indexed_db/indexed_db_factory_impl.cc
diff --git a/content/browser/indexed_db/indexed_db_factory_impl.cc b/content/browser/indexed_db/indexed_db_factory_impl.cc
index 88d2dab42d61ff3c170b3e61c137a3ee67572207..f25989dcfa1326f4a3ccdd6a467d431ed6aa1bfe 100644
--- a/content/browser/indexed_db/indexed_db_factory_impl.cc
+++ b/content/browser/indexed_db/indexed_db_factory_impl.cc
@@ -10,6 +10,7 @@
 #include <vector>
 
 #include "base/logging.h"
+#include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "content/browser/indexed_db/indexed_db_backing_store.h"
@@ -312,8 +313,14 @@ void IndexedDBFactoryImpl::HandleBackingStoreCorruption(
   Origin saved_origin(origin);
   DCHECK(context_);
   base::FilePath path_base = context_->data_path();
-  IndexedDBBackingStore::RecordCorruptionInfo(
-      path_base, saved_origin, base::UTF16ToUTF8(error.message()));
+
+  // The message may contain the database path, which may be considered
+  // sensitive data, and those strings are passed to the extension, so strip it.
+  std::string sanitized_message = base::UTF16ToUTF8(error.message());
+  base::ReplaceSubstringsAfterOffset(&sanitized_message, 0u,
+                                     path_base.AsUTF8Unsafe(), "...");
+  IndexedDBBackingStore::RecordCorruptionInfo(path_base, saved_origin,
+                                              sanitized_message);
   HandleBackingStoreFailure(saved_origin);
   // Note: DestroyBackingStore only deletes LevelDB files, leaving all others,
   //       so our corruption info file will remain.