| Index: net/base/escape.h
|
| diff --git a/net/base/escape.h b/net/base/escape.h
|
| index c4abe1469a86de71cd4fe3dd5a7a32ed38b3a5ab..9c500b098965eb0bb9cac57b4e8fba44b64d1ae1 100644
|
| --- a/net/base/escape.h
|
| +++ b/net/base/escape.h
|
| @@ -92,13 +92,14 @@ class UnescapeRule {
|
| // interpreting as a URL and want to do as much unescaping as possible.
|
| URL_SPECIAL_CHARS = 4,
|
|
|
| - // Unescapes control characters such as %01. This INCLUDES NULLs. This is
|
| - // used for rare cases such as data: URL decoding where the result is binary
|
| - // data. This flag also unescapes BiDi control characters.
|
| + // Unescapes characters that can be used in spoofing attempts (such as LOCK)
|
| + // and control characters (such as BiDi control characters and %01). This
|
| + // INCLUDES NULLs. This is used for rare cases such as data: URL decoding
|
| + // where the result is binary data.
|
| //
|
| - // DO NOT use CONTROL_CHARS if the URL is going to be displayed in the UI
|
| - // for security reasons.
|
| - CONTROL_CHARS = 8,
|
| + // DO NOT use SPOOFING_AND_CONTROL_CHARS if the URL is going to be displayed
|
| + // in the UI for security reasons.
|
| + SPOOFING_AND_CONTROL_CHARS = 8,
|
|
|
| // URL queries use "+" for space. This flag controls that replacement.
|
| REPLACE_PLUS_WITH_SPACE = 16,
|
|
|
Chromium Code Reviews
Issue 1180393003:
Added characters that look like padlocks to URL unescaping blacklist. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master