Desks: Limit the desk names to a max of 300 chars

This limits users from entering text either by typing
or by pasting text that is beyond a max of 300-char length.

BUG=1067418
TEST=Manually, added a new test.

Change-Id: I3e4e5d9cba52be98fef3486c0fa5297ad9afb324
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2129229Reviewed-by: Jun Mukai <mukai@chromium.org>
Reviewed-by: James Cook <jamescook@chromium.org>
Commit-Queue: Ahmed Fakhry <afakhry@chromium.org>
Cr-Commit-Position: refs/heads/master@{#756328}

ash/wm/desks/desk_mini_view.cc

@@ -284,8 +284,22 @@ void DeskMiniView::ContentsChanged(views::Textfield* sender,
   if (!desk_)
     return;
 
+  // Avoid copying new_contents if we don't need to trim it below.
+  const base::string16* new_text = &new_contents;
+
+  // To avoid potential security and memory issues, we don't allow desk names to
+  // have an unbounded length. Therefore we trim if needed at kMaxLength UTF-16
+  // boundary. Note that we don't care about code point boundaries in this case.
+  base::string16 trimmed_new_contents;
+  if (new_contents.size() > DeskNameView::kMaxLength) {
+    trimmed_new_contents = new_contents;
+    trimmed_new_contents.resize(DeskNameView::kMaxLength);
+    new_text = &trimmed_new_contents;
+    desk_name_view_->SetText(trimmed_new_contents);
+  }
+
   desk_->SetName(
-      base::CollapseWhitespace(new_contents,
+      base::CollapseWhitespace(*new_text,
                                /*trim_sequences_with_line_breaks=*/false),
       /*set_by_user=*/true);
 }

ash/wm/desks/desk_name_view.cc

@@ -51,6 +51,9 @@ DeskNameView::DeskNameView() {
 
 DeskNameView::~DeskNameView() = default;
 
+// static
+constexpr size_t DeskNameView::kMaxLength;
+
 // static
 void DeskNameView::CommitChanges(views::Widget* widget) {
   DCHECK(IsDesksBarWidget(widget));

ash/wm/desks/desk_name_view.h

@@ -5,6 +5,7 @@
 #ifndef ASH_WM_DESKS_DESK_NAME_VIEW_H_
 #define ASH_WM_DESKS_DESK_NAME_VIEW_H_
 
+#include "ash/ash_export.h"
 #include "ash/wm/overview/overview_highlight_controller.h"
 #include "ash/wm/wm_highlight_item_border.h"
 #include "ui/views/controls/textfield/textfield.h"
@@ -15,7 +16,7 @@ namespace ash {
 // corresponding desk. When it's not focused, it looks like a normal label. It
 // can be highlighted and activated by the OverviewHighlightController, and it
 // provides an API to elide long desk names.
-class DeskNameView
+class ASH_EXPORT DeskNameView
     : public views::Textfield,
       public OverviewHighlightController::OverviewHighlightableView {
  public:
@@ -24,6 +25,9 @@ class DeskNameView
   DeskNameView& operator=(const DeskNameView&) = delete;
   ~DeskNameView() override;
 
+  // The max number of characters (UTF-16) allowed for desks' names.
+  static constexpr size_t kMaxLength = 300;
+
   // Commits an on-going desk name change (if any) by bluring the focus away
   // from any view on |widget|, where |widget| should be the desks bar widget.
   static void CommitChanges(views::Widget* widget);

ash/wm/desks/desks_unittests.cc

@@ -61,6 +61,8 @@
 #include "ui/aura/client/aura_constants.h"
 #include "ui/aura/client/window_parenting_client.h"
 #include "ui/aura/test/test_window_delegate.h"
+#include "ui/base/clipboard/clipboard_buffer.h"
+#include "ui/base/clipboard/scoped_clipboard_writer.h"
 #include "ui/base/ui_base_types.h"
 #include "ui/chromeos/events/event_rewriter_chromeos.h"
 #include "ui/compositor/scoped_animation_duration_scale_mode.h"
@@ -1876,6 +1878,47 @@ TEST_F(DesksEditableNamesTest, EventsThatCommitChanges) {
   ASSERT_TRUE(Shell::Get()->overview_controller()->InOverviewSession());
 }
 
+TEST_F(DesksEditableNamesTest, MaxLength) {
+  ASSERT_EQ(2u, controller()->desks().size());
+  auto* overview_controller = Shell::Get()->overview_controller();
+  ASSERT_TRUE(overview_controller->InOverviewSession());
+
+  ClickOnDeskNameViewAtIndex(0);
+  // Select all and delete.
+  SendKey(ui::VKEY_A, ui::EF_CONTROL_DOWN);
+  SendKey(ui::VKEY_BACK);
+
+  // Simulate user is typing text beyond the max length.
+  base::string16 expected_desk_name(DeskNameView::kMaxLength, L'a');
+  for (size_t i = 0; i < DeskNameView::kMaxLength + 10; ++i)
+    SendKey(ui::VKEY_A);
+  SendKey(ui::VKEY_RETURN);
+
+  // Desk name has been trimmed.
+  auto* desk_1 = controller()->desks()[0].get();
+  EXPECT_EQ(DeskNameView::kMaxLength, desk_1->name().size());
+  EXPECT_EQ(expected_desk_name, desk_1->name());
+  EXPECT_TRUE(desk_1->is_name_set_by_user());
+
+  // Test that pasting a large amount of text is trimmed at the max length.
+  base::string16 clipboard_text(DeskNameView::kMaxLength + 10, L'b');
+  expected_desk_name = base::string16(DeskNameView::kMaxLength, L'b');
+  EXPECT_GT(clipboard_text.size(), DeskNameView::kMaxLength);
+  ui::ScopedClipboardWriter(ui::ClipboardBuffer::kCopyPaste)
+      .WriteText(clipboard_text);
+
+  ClickOnDeskNameViewAtIndex(0);
+  // Select all and delete.
+  SendKey(ui::VKEY_A, ui::EF_CONTROL_DOWN);
+  SendKey(ui::VKEY_BACK);
+
+  // Paste text.
+  SendKey(ui::VKEY_V, ui::EF_CONTROL_DOWN);
+  SendKey(ui::VKEY_RETURN);
+  EXPECT_EQ(DeskNameView::kMaxLength, desk_1->name().size());
+  EXPECT_EQ(expected_desk_name, desk_1->name());
+}
+
 class TabletModeDesksTest : public DesksTest {
  public:
   TabletModeDesksTest() = default;