Google Git
Sign in
chromium / experimental / chromium / src / 42bdd7f3bc1dd61a4b49b763a96e72deeee01165 / . / content / common / media / media_metadata_sanitizer.cc
blob: af2428a475e91c49b8ee071d9c9e9cc25928be3e [file] [log] [blame]
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/common/media/media_metadata_sanitizer.h"
#include <algorithm>
#include <string>
#include "content/public/common/media_metadata.h"
namespace content {
namespace {
// Maximum length for all the strings inside the MediaMetadata when it is sent
// over IPC. The renderer process should truncate the strings before sending
// the MediaMetadata and the browser process must do the same when receiving
// it.
const size_t kMaxIPCStringLength = 4 * 1024;
// Maximum type length of Artwork, which conforms to RFC 4288
// (https://tools.ietf.org/html/rfc4288).
const size_t kMaxArtworkTypeLength = 2 * 127 + 1;
// Maximum number of artwork images inside the MediaMetadata.
const size_t kMaxNumberOfArtworkImages = 10;
// Maximum of sizes in an artwork image.
const size_t kMaxNumberOfArtworkSizes = 10;
bool CheckArtworkSrcSanity(const GURL& src) {
if (!src.is_valid())
return false;
if (!src.SchemeIsHTTPOrHTTPS() && !src.SchemeIs(url::kDataScheme))
return false;
if (src.spec().size() > url::kMaxURLChars)
return false;
return true;
}
bool CheckArtworkSanity(const MediaMetadata::Artwork& artwork) {
if (!CheckArtworkSrcSanity(artwork.src))
return false;
if (artwork.type.is_null())
return false;
if (artwork.type.string().size() > kMaxArtworkTypeLength)
return false;
if (artwork.sizes.size() > kMaxNumberOfArtworkSizes)
return false;
return true;
}
// Sanitize artwork. The method should not be called if |artwork.src| is bad.
MediaMetadata::Artwork SanitizeArtwork(const MediaMetadata::Artwork& artwork) {
MediaMetadata::Artwork sanitized_artwork;
sanitized_artwork.src = artwork.src;
sanitized_artwork.type = artwork.type.is_null() ?
base::NullableString16() :
base::NullableString16(
artwork.type.string().substr(0, kMaxArtworkTypeLength), false);
for (const auto& size : artwork.sizes) {
sanitized_artwork.sizes.push_back(size);
if (sanitized_artwork.sizes.size() == kMaxNumberOfArtworkSizes)
break;
}
return sanitized_artwork;
}
} // anonymous namespace
bool MediaMetadataSanitizer::CheckSanity(const MediaMetadata& metadata) {
if (metadata.title.size() > kMaxIPCStringLength)
return false;
if (metadata.artist.size() > kMaxIPCStringLength)
return false;
if (metadata.album.size() > kMaxIPCStringLength)
return false;
if (metadata.artwork.size() > kMaxNumberOfArtworkImages)
return false;
for (const auto& artwork : metadata.artwork) {
if (!CheckArtworkSanity(artwork))
return false;
}
return true;
}
MediaMetadata MediaMetadataSanitizer::Sanitize(const MediaMetadata& metadata) {
MediaMetadata sanitized_metadata;
sanitized_metadata.title = metadata.title.substr(0, kMaxIPCStringLength);
sanitized_metadata.artist = metadata.artist.substr(0, kMaxIPCStringLength);
sanitized_metadata.album = metadata.album.substr(0, kMaxIPCStringLength);
for (const auto& artwork : metadata.artwork) {
if (!CheckArtworkSrcSanity(artwork.src))
continue;
sanitized_metadata.artwork.push_back(
CheckArtworkSanity(artwork) ? artwork : SanitizeArtwork(artwork));
if (sanitized_metadata.artwork.size() == kMaxNumberOfArtworkImages)
break;
}
return sanitized_metadata;
}
} // namespace content