Google Git
Sign in
chromium / chromium / src / 7fb3ea73f2dedcfdf1e65278203c5cd97463ebfb
commit7fb3ea73f2dedcfdf1e65278203c5cd97463ebfb[log] [tgz]
authorSamuel Huang <huangs@chromium.org>Thu May 08 19:22:22 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu May 08 19:22:22 2025
treec628bd1ec0d5c2ccb76e193e49c444f1cd6d23af
parent85a1e41b50cb8d7ee6b610722b33f76d6f1bf4b6 [diff]
[MVT Customization] Improve Name and URL input validation.

This CL introduces additional validation to the Name and URL inputs for
Clank MVT Customization (context menu and "Edit / Add shortcut" dialog):
* Limit Name length to 50 characters.
  * Enforced by EditText limit and truncation (on "Pin this shortcut"
    and fallback-to-URL when empty Name field is given).
* Limit URL length to 2083 characters (matching traditional IE limit).
  * Much less than UrlConstants.MAX_URL_CHARS = 2 MiB.
  * Enforced by EditText limit and rejection (since truncating a URL
    is unsound).
  * Rejection: Includes hiding "Pin this shortcut" on Top Sites Tiles.
* Limit URL scheme with an allowlist.
  * Currently: http, https, ftp, file, chrome, chrome-native.
    * Note that e.g., chrome://flags or chrome-native://recent-tabs are
      allowed!
  * Specifically, block "javascript:" URLs to avoid potential exploits.

Details:
* SuggestionsConfig: Define MAX_CUSTOM_TILES_{NAME,URL}_LENGTH.
* TileUtils:
  * Add formatCustomTileName() for fallback-to-URL and truncation.
  * Add isValidCustomTileName() and isValidCustomTileUrl().
* Name truncation is applied at:
  * CustomTileModificationDelegateImpl.convert() for
    "Pin this shortcut".
  * CustomTileEditMediator.onSave() for "Edit / Add shortcut" submit.
* Limiting Name and URL lengths:
  * CustomTileEditView.onFinishInflate(): Programmatically enforce
    (instead of changing dialog XML) so SuggestionsConfig constants can
    be used.
  * CustomTileModificationDelegateImpl.
    {add,assign}CustomLinkAndUpdateOnSuccess(): Reject for both Name and
    URL (assumes any Name truncation is done by caller).
  * ContextMenuManager.shouldShowItem(): Test whether a Top Sites Tile's
    URL passes isValidCustomTileUrl(), and shows / hides
    "Pin this shortcut" item only if pass.

Testing:
* Add TileUtilsUnitTest with 3 tests.

Bug: 416506288, 388782412
Change-Id: Ia0d3e37461a0028a178d88d7d8adfcb567befc5c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6525307
Commit-Queue: Samuel Huang <huangs@chromium.org>
Reviewed-by: Calder Kitagawa <ckitagawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1457764}
8 files changed
tree: c628bd1ec0d5c2ccb76e193e49c444f1cd6d23af
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. crypto/
  16. dbus/
  17. device/
  18. docs/
  19. extensions/
  20. fuchsia_web/
  21. gin/
  22. google_apis/
  23. gpu/
  24. headless/
  25. infra/
  26. ios/
  27. ipc/
  28. media/
  29. mojo/
  30. native_client_sdk/
  31. net/
  32. pdf/
  33. ppapi/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. services/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. testing/
  44. third_party/
  45. tools/
  46. ui/
  47. url/
  48. webkit/
  49. clank
  50. internal
  51. ios_internal
  52. native_client
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .git-blame-ignore-revs
  59. .gitallowed
  60. .gitattributes
  61. .gitignore
  62. .gitmodules
  63. .gn
  64. .mailmap
  65. .rustfmt.toml
  66. .vpython3
  67. .yapfignore
  68. ATL_OWNERS
  69. AUTHORS
  70. BUILD.gn
  71. CODE_OF_CONDUCT.md
  72. codereview.settings
  73. CPPLINT.cfg
  74. CRYPTO_OWNERS
  75. DEPS
  76. DIR_METADATA
  77. LICENSE
  78. LICENSE.chromium_os
  79. OWNERS
  80. PRESUBMIT.py
  81. PRESUBMIT_test.py
  82. PRESUBMIT_test_mocks.py
  83. README.md
  84. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.