Update FormatOriginForSecurityDisplay() comments

components/url_formatter/elide_url.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file defines utility functions for eliding URLs.
 
 #ifndef COMPONENTS_URL_FORMATTER_ELIDE_URL_H_
 #define COMPONENTS_URL_FORMATTER_ELIDE_URL_H_
 
 #include <string>
@@ skipping 66 matching lines @@
 // plenty of indication as to whether the origin is secure elsewhere in the UX.
 // For example, in Chrome's Origin Info Bubble, there are icons and strings
 // indicating origin (non-)security. But in the HTTP Basic Auth prompt (for
 // example), the scheme may be the only indicator.
 base::string16 FormatUrlForSecurityDisplay(
     const GURL& origin,
     const SchemeDisplay scheme_display = SchemeDisplay::SHOW);
 
 // This is a convenience function for formatting a url::Origin in a concise and
 // human-friendly way, to help users make security-related decisions.
+//
+// Internationalized domain names (IDN) may be presented in Unicode if
+// they're regarded safe.

[palmer, 2016/06/16 22:20:00]

Maybe say what "safe" means in this context. Also, the implementation of this
function doesn't seem to make any direct decisions about IDN safety.

[juncai, 2016/06/16 22:36:50]

Right. This paragraph is removed.

+//
+// - Omits the port if it is 0 or the default for the scheme.
+//
+// Do not use this for origins which will be parsed or sent to other
+// applications.
+//
+// Generally, prefer SchemeDisplay::SHOW to omitting the scheme unless there is
+// plenty of indication as to whether the origin is secure elsewhere in the UX.
 base::string16 FormatOriginForSecurityDisplay(
     const url::Origin& origin,
     const SchemeDisplay scheme_display = SchemeDisplay::SHOW);
 
 }  // namespace url_formatter
 
 #endif  // COMPONENTS_URL_FORMATTER_ELIDE_URL_H_