Google Git
Sign in
chromium / chromium / src / 56762260ca8ef62578fa4718b7d47711f7e120dc
commit56762260ca8ef62578fa4718b7d47711f7e120dc[log] [tgz]
authorDominick Ng <dominickn@chromium.org>Thu Nov 16 00:44:57 2017
committerCommit Bot <commit-bot@chromium.org>Thu Nov 16 00:44:57 2017
tree818f8fba4aa5e46de6569f18bb4a53a19e25a02e
parent97f0aa016d0cea7a55994c1a81391b3f3213d873 [diff]
Elide the permission bubble title from the head of the string.

Long URLs can be used to spoof other origins in the permission bubble
title. This CL customises the title to be elided from the head, which
ensures that the maximal amount of the URL host is displayed in the case
where the URL is too long and causes the string to overflow.

Implementing the ellision means that the title cannot be multiline
(where elision is not well supported). Note that in English, the
window title is a string "$ORIGIN wants to", so the non-origin
component will not be elided. In other languages, the non-origin
component may appear fully or partly before the origin (e.g. in
Filipino, "Gusto ng $ORIGIN na"), so it may be elided there if the
URL is sufficiently long. This is not optimal, but the URLs that are
sufficiently long to trigger the elision are probably malicious, and
displaying the most relevant component of the URL is most important
for security purposes.

BUG=774438

Change-Id: I75c2364b10bf69bf337c7f4970481bf1809f6aae
Reviewed-on: https://chromium-review.googlesource.com/768312
Reviewed-by: Ben Wells <benwells@chromium.org>
Reviewed-by: Lucas Garron <lgarron@chromium.org>
Reviewed-by: Matt Giuca <mgiuca@chromium.org>
Commit-Queue: Dominick Ng <dominickn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#516921}
1 file changed
tree: 818f8fba4aa5e46de6569f18bb4a53a19e25a02e
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. build/
  7. build_overrides/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. mash/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. .clang-format
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .vpython
  59. AUTHORS
  60. BUILD.gn
  61. CODE_OF_CONDUCT.md
  62. codereview.settings
  63. DEPS
  64. ENG_REVIEW_OWNERS
  65. LICENSE
  66. LICENSE.chromium_os
  67. OWNERS
  68. PRESUBMIT.py
  69. PRESUBMIT_test.py
  70. PRESUBMIT_test_mocks.py
  71. README.md
  72. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .