Follow URL display guidelines in DisplayMediaAccessHandler

We should not use title in any of notification or request texts because it can easily be injected. We should use URL instead and follow the guidelines to simplify. Bug: 326740 Change-Id: Ib9d6ea0c996883a206a2cb016c505b8280ad6cc9 Reviewed-on: https://chromium-review.googlesource.com/c/1324911Reviewed-by: Christopher Thompson <cthomp@chromium.org> Reviewed-by: Weiyong Yao <braveyao@chromium.org> Commit-Queue: Emircan Uysaler <emircan@chromium.org> Cr-Commit-Position: refs/heads/master@{#607663}

Follow URL display guidelines in DisplayMediaAccessHandler
We should not use title in any of notification or request texts because it can easily be injected. We should use URL instead and follow the guidelines to simplify. Bug: 326740 Change-Id: Ib9d6ea0c996883a206a2cb016c505b8280ad6cc9 Reviewed-on: https://chromium-review.googlesource.com/c/1324911Reviewed-by: Christopher Thompson <cthomp@chromium.org> Reviewed-by: Weiyong Yao <braveyao@chromium.org> Commit-Queue: Emircan Uysaler <emircan@chromium.org> Cr-Commit-Position: refs/heads/master@{#607663}
2094eb4c · Emircan Uysaler · Commit Bot · be34ad2a · 2094eb4c
Commit 2094eb4c authored Nov 13, 2018 by Emircan Uysaler Committed by Commit Bot Nov 13, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

chrome/browser/media/webrtc/display_media_access_handler.cc chrome/browser/media/webrtc/display_media_access_handler.cc +9 -4

No files found.
--- a/chrome/browser/media/webrtc/display_media_access_handler.cc
+++ b/chrome/browser/media/webrtc/display_media_access_handler.cc
@@ -15,6 +15,7 @@
 #include "chrome/browser/media/webrtc/desktop_media_picker_factory_impl.h"
 #include "chrome/browser/media/webrtc/native_desktop_media_list.h"
 #include "chrome/browser/media/webrtc/tab_desktop_media_list.h"
+#include "components/url_formatter/elide_url.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/desktop_capture.h"
 #include "content/public/browser/notification_service.h"
@@ -138,8 +139,9 @@ void DisplayMediaAccessHandler::ProcessQueuedAccessRequest(
  gfx::NativeWindow parent_window = web_contents->GetTopLevelNativeWindow();
  picker_params.context = parent_window;
  picker_params.parent = parent_window;
-  picker_params.app_name = base::ASCIIToUTF16(
-      web_contents->GetVisibleURL().GetWithEmptyPath().spec());
+  picker_params.app_name = url_formatter::FormatUrlForSecurityDisplay(
+      web_contents->GetLastCommittedURL(),
+      url_formatter::SchemeDisplay::OMIT_CRYPTOGRAPHIC);
  picker_params.target_name = picker_params.app_name;
  picker_params.request_audio = false;
  pending_request.picker->Show(picker_params, std::move(source_lists),
@@ -171,11 +173,14 @@ void DisplayMediaAccessHandler::OnPickerDialogResults(
    request_result = content::MEDIA_DEVICE_PERMISSION_DENIED;
  } else {
    request_result = content::MEDIA_DEVICE_OK;
+    const auto& visible_url = url_formatter::FormatUrlForSecurityDisplay(
+        web_contents->GetLastCommittedURL(),
+        url_formatter::SchemeDisplay::OMIT_CRYPTOGRAPHIC);
    ui = GetDevicesForDesktopCapture(
        web_contents, &devices, media_id, content::MEDIA_DISPLAY_VIDEO_CAPTURE,
        content::MEDIA_NO_SERVICE, false /* capture_audio */,
-        false /* disable_local_echo */, display_notification_,
-        web_contents->GetTitle(), web_contents->GetTitle());
+        false /* disable_local_echo */, display_notification_, visible_url,
+        visible_url);
  }

  std::move(pending_request.callback)