Don't refer browser-initiated navigations to web-safe URLs to delegate.

extensions/browser/guest_view/web_view/web_view_guest.cc

Index: extensions/browser/guest_view/web_view/web_view_guest.cc
diff --git a/extensions/browser/guest_view/web_view/web_view_guest.cc b/extensions/browser/guest_view/web_view/web_view_guest.cc
index 1ee9252e392997ae23c48fd33d4073ef38bcbff1..30a4b0f7aecb3d03fb3327dc148f2e85774fbf55 100644
--- a/extensions/browser/guest_view/web_view/web_view_guest.cc
+++ b/extensions/browser/guest_view/web_view/web_view_guest.cc
@@ -1223,7 +1223,11 @@ content::WebContents* WebViewGuest::OpenURLFromTab(
   //     Chrome Apps and WebUI. This is a browser initiated request and so
   //     we pass it along to the embedder's WebContentsDelegate to get the
   //     browser to perform the action for the <webview>.
-  if (!params.is_renderer_initiated) {
+  // However, browser-initiated navigations (e.g. from extensions) to web-safe
+  // urls should not be referred to the delegate, which may block them.

[Charlie Reis, 2015/07/17 00:05:15]

I feel like this code is getting very difficult to follow or reason about. 
After spending some time refreshing myself on
https://codereview.chromium.org/890183002, I think I've concluded that this
change is safe, since it takes the exception we added (for allowing chrome://
URLs in context menus) and only makes it narrower.  It's pretty hard to conclude
that from reading this whole comment block, so I have a suggested revision
below:

"Most navigations should be handled by WebViewGuest::LoadURLWithParams, which
takes care of blocking chrome:// URLs and other web-unsafe schemes. 
(NavigateGuest and CreateNewGuestWebViewWindow also go through
LoadURLWithParams.)

We make an exception here for context menu items, since the Language Settings
item uses a browser-initiated navigation to a chrome:// URL.  These can be
passed to the embedder's WebContentsDelegate so that the browser performs the
action for the <webview>."

[wjmaclean, 2015/07/17 01:29:46]

Yes, that was my conclusion, though I didn't think to describe it in those
terms.
Sure, this seems reasonable ... done.

+  if (!params.is_renderer_initiated &&
+      !content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme(
+          params.url.scheme())) {
     if (!owner_web_contents()->GetDelegate())
       return nullptr;
     return owner_web_contents()->GetDelegate()->OpenURLFromTab(