[merge to m54] Prevent interpretating userinfo as url scheme when editing bookmarks
Chrome's Edit Bookmark dialog formats urls for display such that a
url of http://javascript:scripttext@host.com is later converted to a
javascript url scheme, allowing persistence of a script injection
attack within the user's bookmarks.
This fix prevents such misinterpretations by always showing the
scheme when a userinfo component is present within the url.
BUG=639126
Review-Url: https://codereview.chromium.org/2368593002
Cr-Commit-Position: refs/heads/master@{#422467}
(cherry picked from commit fa34e547d6ee25ea0692436ba7462ed0a0ef45f4)
Review URL: https://codereview.chromium.org/2411473002 .
Cr-Commit-Position: refs/branch-heads/2840@{#708}
Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607}
4 files changed