Index: net/base/escape.h |
diff --git a/net/base/escape.h b/net/base/escape.h |
index c4abe1469a86de71cd4fe3dd5a7a32ed38b3a5ab..0ff10ed2d539e513e13c90b86aa539a5577fc8ed 100644 |
--- a/net/base/escape.h |
+++ b/net/base/escape.h |
@@ -94,7 +94,8 @@ class UnescapeRule { |
// Unescapes control characters such as %01. This INCLUDES NULLs. This is |
// used for rare cases such as data: URL decoding where the result is binary |
- // data. This flag also unescapes BiDi control characters. |
+ // data. This flag also unescapes BiDi control characters and spoofable |
+ // characters (such as LOCK). |
Peter Kasting
2015/06/22 07:35:22
Nit: This might call out the spoofable part more:
Matt Giuca
2015/06/23 04:14:10
OK, I'm getting that you want me to rename this ;)
Peter Kasting
2015/06/23 04:35:53
The whole point of this function is to prepare a U
Matt Giuca
2015/06/23 06:21:24
No it isn't, it's used about equally for the two p
Peter Kasting
2015/06/23 06:55:15
How I think of it: That second case _is_ preparing
|
// |
// DO NOT use CONTROL_CHARS if the URL is going to be displayed in the UI |
// for security reasons. |