commit | 56762260ca8ef62578fa4718b7d47711f7e120dc | [log] [tgz] |
---|---|---|
author | Dominick Ng <dominickn@chromium.org> | Thu Nov 16 00:44:57 2017 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Nov 16 00:44:57 2017 |
tree | 818f8fba4aa5e46de6569f18bb4a53a19e25a02e | |
parent | 97f0aa016d0cea7a55994c1a81391b3f3213d873 [diff] |
Elide the permission bubble title from the head of the string. Long URLs can be used to spoof other origins in the permission bubble title. This CL customises the title to be elided from the head, which ensures that the maximal amount of the URL host is displayed in the case where the URL is too long and causes the string to overflow. Implementing the ellision means that the title cannot be multiline (where elision is not well supported). Note that in English, the window title is a string "$ORIGIN wants to", so the non-origin component will not be elided. In other languages, the non-origin component may appear fully or partly before the origin (e.g. in Filipino, "Gusto ng $ORIGIN na"), so it may be elided there if the URL is sufficiently long. This is not optimal, but the URLs that are sufficiently long to trigger the elision are probably malicious, and displaying the most relevant component of the URL is most important for security purposes. BUG=774438 Change-Id: I75c2364b10bf69bf337c7f4970481bf1809f6aae Reviewed-on: https://chromium-review.googlesource.com/768312 Reviewed-by: Ben Wells <benwells@chromium.org> Reviewed-by: Lucas Garron <lgarron@chromium.org> Reviewed-by: Matt Giuca <mgiuca@chromium.org> Commit-Queue: Dominick Ng <dominickn@chromium.org> Cr-Commit-Position: refs/heads/master@{#516921}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .