Percent-encode illegal characters in Android page info popup URL

chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java

Index: chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java b/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java
index 6b6d07a3fa6620310bc2b4716e1851141934c4e4..dd04647f6cc1399915e6bac02e86c65b7e848eed 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java
@@ -9,6 +9,7 @@ import android.content.Context;
 import android.content.DialogInterface;
 import android.graphics.Color;
 import android.graphics.drawable.ColorDrawable;
+import android.net.Uri;
 import android.text.Layout;
 import android.text.Spannable;
 import android.text.SpannableStringBuilder;
@@ -164,6 +165,10 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList
 
     private static final int MAX_TABLET_DIALOG_WIDTH_DP = 400;
 
+    private static final char FIRST_UNICODE_WHITESPACE = '\u2000';
+    private static final char FINAL_UNICODE_WHITESPACE = '\u200F';
+    private static final char UNICODE_NBSP = '\u00A0';
+
     private final Context mContext;
     private final Profile mProfile;
     private final WebContents mWebContents;
@@ -289,7 +294,8 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList
         }
         mSecurityLevel = ToolbarModel.getSecurityLevelForWebContents(mWebContents);
 
-        SpannableStringBuilder urlBuilder = new SpannableStringBuilder(mFullUrl);
+        String displayUrl = encodeSuspiciousUrl(mFullUrl);
+        SpannableStringBuilder urlBuilder = new SpannableStringBuilder(displayUrl);
         OmniboxUrlEmphasizer.emphasizeUrl(urlBuilder, mContext.getResources(), mProfile,
                 mSecurityLevel, mIsInternalPage, true);
         mUrlTitle.setText(urlBuilder);
@@ -300,6 +306,25 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList
     }
 
     /**
+     * Percent-encodes suspicious Unicode whitespace characters in a URL.
+     * This only affects the fragment, as all other URL components will already be encoded.
+     */
+    public static String encodeSuspiciousUrl(String urlStr) {

[Ted C, 2015/03/25 19:55:38]

This name to me implies that the URL is suspicious.

Maybe just prepareUrlForDisplay or something.

[tsergeant, 2015/03/25 23:44:47]

Done.

+        StringBuilder urlBuilder = new StringBuilder();
+        for (int i = 0; i < urlStr.length(); i++) {
+            char fragmentChar = urlStr.charAt(i);

[Matt Giuca, 2015/03/25 03:23:24]

nit: Rename fragmentChar to something else (maybe just 'c'), since this is not
just the fragment.

[tsergeant, 2015/03/25 23:44:47]

Done.

+            if ((fragmentChar >= FIRST_UNICODE_WHITESPACE
+                        && fragmentChar <= FINAL_UNICODE_WHITESPACE)
+                    || fragmentChar == ' '
+                    || fragmentChar == UNICODE_NBSP)

[Ted C, 2015/03/25 19:55:38]

braces are required in java unless the statement and conditional can all fit on
a single line.

[tsergeant, 2015/03/25 23:44:47]

Done.

+                urlBuilder.append(Uri.encode(Character.toString(fragmentChar)));
+            else
+                urlBuilder.append(fragmentChar);
+        }
+        return urlBuilder.toString();
+    }
+
+    /**
      * Sets the visibility of the lower area of the dialog (containing the permissions and 'Site
      * Settings' button).
      *