Don't focus the location bar in a phishy situation.

content/browser/web_contents/web_contents_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/web_contents/web_contents_impl.h"
 
 #include <stddef.h>
 
 #include <cmath>
 #include <utility>
@@ skipping 2916 matching lines @@
   // Resume blocked requests for both the RenderViewHost and RenderFrameHost.
   // TODO(brettw): It seems bogus to reach into here and initialize the host.
   if (is_resume_pending_) {
     is_resume_pending_ = false;
     GetRenderViewHost()->GetWidget()->Init();
     GetMainFrame()->Init();
   }
 }
 
 bool WebContentsImpl::FocusLocationBarByDefault() {
-  NavigationEntry* entry = controller_.GetVisibleEntry();
-  if (entry && entry->GetURL() == GURL(url::kAboutBlankURL))
+  // When the browser is started with about:blank as the startup URL, focus
+  // the location bar (which will also select its contents) so people can
+  // simply begin typing to navigate elsewhere.
+  //
+  // We need to be careful not to trigger this for anything other than the
+  // startup navigation. In particular, if we allow an attacker to open a
+  // popup to about:blank, then navigate, focusing the Omnibox will cause the
+  // end of the new URL to be scrolled into view instead of the start,
+  // allowing the attacker to spoof other URLs. The conditions checked here
+  // are all aimed at ensuring no such attacker-controlled navigation can
+  // trigger this.
+  //
+  // Note that we check the pending entry instead of the visible one; for the
+  // startup URL case these are the same, but for the attacker-controlled
+  // navigation case the visible entry is the committed "about:blank" URL and
+  // the pending entry is the problematic navigation elsewhere.

[groby-ooo-7-16, 2016/03/07 20:00:37]

Thank you, thank you, thank you!

Future Rachel is immensely grateful for this comment! (Because 6 months hence,
I'll have no idea why this is here otherwise :)

+  NavigationEntryImpl* entry = controller_.GetPendingEntry();
+  if (controller_.IsInitialNavigation() && entry &&
+      !entry->is_renderer_initiated() &&
+      entry->GetURL() == GURL(url::kAboutBlankURL)) {
     return true;
+  }
   return delegate_ && delegate_->ShouldFocusLocationBarByDefault(this);
 }
 
 void WebContentsImpl::SetFocusToLocationBar(bool select_all) {
   if (delegate_)
     delegate_->SetFocusToLocationBar(select_all);
 }
 
 void WebContentsImpl::DidStartNavigation(NavigationHandle* navigation_handle) {
   FOR_EACH_OBSERVER(WebContentsObserver, observers_,
@@ skipping 1872 matching lines @@
   else
     WasHidden();
 }
 
 void WebContentsImpl::SetJavaScriptDialogManagerForTesting(
     JavaScriptDialogManager* dialog_manager) {
   dialog_manager_ = dialog_manager;
 }
 
 }  // namespace content