[Autofill] Sanitize all data that comes in over IPC.

components/autofill/core/common/autofill_data_sanitizer.h

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_AUTOFILL_CORE_COMMON_AUTOFILL_DATA_SANITIZER_H_
+#define COMPONENTS_AUTOFILL_CORE_COMMON_AUTOFILL_DATA_SANITIZER_H_
+
+#include <string>
+#include <vector>
+
+#include "base/strings/string16.h"
+
+class GURL;
+
+namespace autofill {
+
+struct FormData;
+struct FormFieldData;
+struct PasswordFormFillData;
+
+// Constants to enforce data size caps, so as to avoid sending overly large

[palmer, 2013/12/20 19:53:36]

As used, I think these are more to immediately reject overlarge messages once
sent. Although if you (want to) use them for both purposes, the comment could
say both.

I come from the anti-comment camp, though, so do what you like. :)

[Ilya Sherman, 2013/12/20 23:54:52]

Done.

+// messages over IPC:
+
+// The maximum string size supported by Autofill.
+extern const size_t kMaxDataLength;
+
+// The maximum list size supported by Autofill.
+extern const size_t kMaxListSize;
+
+// Functions to verify whether the objects passed to them satisfy basic sanity
+// checks, including being capped to the maximums defined by the constants
+// above.
+bool IsSanitizedString(const std::string& str);
+bool IsSanitizedString16(const base::string16& str);
+bool IsSanitizedGURL(const GURL& url);
+bool IsSanitizedFormFieldData(const FormFieldData& field);
+bool IsSanitizedFormData(const FormData& form);
+bool IsSanitizedPasswordFormFillData(const PasswordFormFillData& form);
+bool IsSanitizedString16Vector(const std::vector<base::string16>& v);
+bool IsSanitizedFormDataVector(const std::vector<FormData>& v);
+
+}  // namespace autofill
+
+#endif  // COMPONENTS_AUTOFILL_CORE_COMMON_AUTOFILL_DATA_SANITIZER_H_