| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/autofill/core/common/autofill_data_validation.h" |
| 6 |
| 7 #include "components/autofill/core/common/form_data.h" |
| 8 #include "components/autofill/core/common/form_field_data.h" |
| 9 #include "components/autofill/core/common/password_form_fill_data.h" |
| 10 #include "url/gurl.h" |
| 11 |
| 12 namespace autofill { |
| 13 |
| 14 const size_t kMaxDataLength = 1024; |
| 15 |
| 16 // Allow enough space for all countries (roughly 300 distinct values) and all |
| 17 // timezones (roughly 400 distinct values), plus some extra wiggle room. |
| 18 const size_t kMaxListSize = 512; |
| 19 |
| 20 bool IsValidString(const std::string& str) { |
| 21 return str.size() <= kMaxDataLength; |
| 22 } |
| 23 |
| 24 bool IsValidString16(const base::string16& str) { |
| 25 return str.size() <= kMaxDataLength; |
| 26 } |
| 27 |
| 28 bool IsValidGURL(const GURL& url) { |
| 29 return url.is_empty() || url.is_valid(); |
| 30 } |
| 31 |
| 32 bool IsValidFormFieldData(const FormFieldData& field) { |
| 33 return |
| 34 IsValidString16(field.label) && |
| 35 IsValidString16(field.name) && |
| 36 IsValidString16(field.value) && |
| 37 IsValidString(field.form_control_type) && |
| 38 IsValidString(field.autocomplete_attribute) && |
| 39 IsValidString16Vector(field.option_values) && |
| 40 IsValidString16Vector(field.option_contents); |
| 41 } |
| 42 |
| 43 bool IsValidFormData(const FormData& form) { |
| 44 if (!IsValidString16(form.name) || |
| 45 !IsValidString16(form.method) || |
| 46 !IsValidGURL(form.origin) || |
| 47 !IsValidGURL(form.action)) |
| 48 return false; |
| 49 |
| 50 if (form.fields.size() > kMaxListSize) |
| 51 return false; |
| 52 |
| 53 for (std::vector<FormFieldData>::const_iterator it = form.fields.begin(); |
| 54 it != form.fields.end(); ++it) { |
| 55 if (!IsValidFormFieldData(*it)) |
| 56 return false; |
| 57 } |
| 58 |
| 59 return true; |
| 60 } |
| 61 |
| 62 bool IsValidPasswordFormFillData(const PasswordFormFillData& form) { |
| 63 if (!IsValidFormData(form.basic_data) || |
| 64 !IsValidString(form.preferred_realm)) |
| 65 return false; |
| 66 |
| 67 for (PasswordFormFillData::LoginCollection::const_iterator it = |
| 68 form.additional_logins.begin(); |
| 69 it != form.additional_logins.end(); ++it) { |
| 70 if (!IsValidString16(it->first) || |
| 71 !IsValidString16(it->second.password) || |
| 72 !IsValidString(it->second.realm)) |
| 73 return false; |
| 74 } |
| 75 |
| 76 for (PasswordFormFillData::UsernamesCollection::const_iterator it = |
| 77 form.other_possible_usernames.begin(); |
| 78 it != form.other_possible_usernames.end(); ++it) { |
| 79 if (!IsValidString16(it->first.username) || |
| 80 !IsValidString16(it->first.password) || |
| 81 !IsValidString(it->first.realm) || |
| 82 !IsValidString16Vector(it->second)) |
| 83 return false; |
| 84 } |
| 85 |
| 86 return true; |
| 87 } |
| 88 |
| 89 bool IsValidString16Vector(const std::vector<base::string16>& v) { |
| 90 if (v.size() > kMaxListSize) |
| 91 return false; |
| 92 |
| 93 for (std::vector<base::string16>::const_iterator it = v.begin(); |
| 94 it != v.end(); ++it) { |
| 95 if (!IsValidString16(*it)) |
| 96 return false; |
| 97 } |
| 98 |
| 99 return true; |
| 100 } |
| 101 |
| 102 bool IsValidFormDataVector(const std::vector<FormData>& v) { |
| 103 if (v.size() > kMaxListSize) |
| 104 return false; |
| 105 |
| 106 for (std::vector<FormData>::const_iterator it = v.begin(); it != v.end(); |
| 107 ++it) { |
| 108 if (!IsValidFormData(*it)) |
| 109 return false; |
| 110 } |
| 111 |
| 112 return true; |
| 113 } |
| 114 |
| 115 } // namespace autofill |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 98753005:
[Autofill] Sanitize all data that comes in over IPC. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src