| Index: chrome/browser/autocomplete/search_provider.cc
|
| ===================================================================
|
| --- chrome/browser/autocomplete/search_provider.cc (revision 2179)
|
| +++ chrome/browser/autocomplete/search_provider.cc (working copy)
|
| @@ -173,16 +173,7 @@
|
|
|
| void SearchProvider::StartOrStopSuggestQuery(bool minimal_changes,
|
| bool synchronous_only) {
|
| - // Don't run Suggest when off the record, the engine doesn't support it, or
|
| - // the user has disabled it. Also don't query the server for URLs that aren't
|
| - // http/https/ftp. Sending things like file: and data: is both a waste of
|
| - // time and a disclosure of potentially private, local data.
|
| - if (profile_->IsOffTheRecord() ||
|
| - !default_provider_.suggestions_url() ||
|
| - !profile_->GetPrefs()->GetBoolean(prefs::kSearchSuggestEnabled) ||
|
| - ((input_.type() == AutocompleteInput::URL) &&
|
| - (input_.scheme() != L"http") && (input_.scheme() != L"https") &&
|
| - (input_.scheme() != L"ftp"))) {
|
| + if (!IsQuerySuitableForSuggest()) {
|
| StopSuggest();
|
| return;
|
| }
|
| @@ -207,6 +198,46 @@
|
| MessageLoop::current()->timer_manager()->ResetTimer(timer_.get());
|
| }
|
|
|
| +bool SearchProvider::IsQuerySuitableForSuggest() const {
|
| + // Don't run Suggest when off the record, the engine doesn't support it, or
|
| + // the user has disabled it.
|
| + if (profile_->IsOffTheRecord() ||
|
| + !default_provider_.suggestions_url() ||
|
| + !profile_->GetPrefs()->GetBoolean(prefs::kSearchSuggestEnabled))
|
| + return false;
|
| +
|
| + // If the input type is URL, we take extra care so that private data in URL
|
| + // isn't sent to the server.
|
| + if (input_.type() == AutocompleteInput::URL) {
|
| + // Don't query the server for URLs that aren't http/https/ftp. Sending
|
| + // things like file: and data: is both a waste of time and a disclosure of
|
| + // potentially private, local data.
|
| + if ((input_.scheme() != L"http") && (input_.scheme() != L"https") &&
|
| + (input_.scheme() != L"ftp"))
|
| + return false;
|
| +
|
| + // Don't leak private data in URL
|
| + const url_parse::Parsed& parts = input_.parts();
|
| +
|
| + // Don't send URLs with usernames, queries or refs. Some of these are
|
| + // private, and the Suggest server is unlikely to have any useful results
|
| + // for any of them.
|
| + // Password is optional and may be omitted. Checking username is
|
| + // sufficient.
|
| + if (parts.username.is_nonempty() || parts.query.is_nonempty() ||
|
| + parts.ref.is_nonempty())
|
| + return false;
|
| + // Don't send anything for https except hostname and port number.
|
| + // Hostname and port number are OK because they are visible when TCP
|
| + // connection is established and the Suggest server may provide some
|
| + // useful completed URL.
|
| + if (input_.scheme() == L"https" && parts.path.is_nonempty())
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| +}
|
| +
|
| void SearchProvider::StopHistory() {
|
| history_request_consumer_.CancelAllRequests();
|
| history_request_pending_ = false;
|
|
|
Chromium Code Reviews
Issue 3047:
Merge r1978 to Beta to stop sending queries with username info,... (Closed)
Base URL: svn://chrome-svn/chrome/branches/chrome_official_branch/src/