Ignore Javascript urls dropped on tabs (Mac version)

chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm

Index: chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm
diff --git a/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm b/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm
index f52d2b9526d9caf3ff25cfc48aa8a7c2b647416c..e50e8b6ce9d73fd946ac385b75348dc96260f8e0 100644
--- a/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm
+++ b/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm
@@ -1150,10 +1150,13 @@ class NotificationBridge : public AppMenuIconController::Delegate {
   GURL url(url_formatter::FixupURL(
       base::SysNSStringToUTF8([urls objectAtIndex:0]), std::string()));
 
+  // Security: Sanitize text to prevent self-XSS

[Avi (use Gerrit), 2016/09/16 18:31:09]

Comments are full sentences; end them with a full-stop.

Also, why "self-XSS" here and "self-xss" above? Pick one and use it everywhere.

[elawrence, 2016/09/16 19:02:16]

Done.

   if (url.SchemeIs(url::kJavaScriptScheme)) {
     browser_->window()->GetLocationBar()->GetOmniboxView()->SetUserText(
           OmniboxView::StripJavascriptSchemas(base::UTF8ToUTF16(url.spec())));
+    return;
   }
+
   OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB,
                        ui::PAGE_TRANSITION_TYPED, false);
   browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params);
@@ -1172,6 +1175,11 @@ class NotificationBridge : public AppMenuIconController::Delegate {
       metrics::OmniboxEventProto::BLANK, &match, NULL);
   GURL url(match.destination_url);
 
+  // Security: Block JavaScript to prevent self-XSS

[Avi (use Gerrit), 2016/09/16 18:31:09]

ditto.

[elawrence, 2016/09/16 19:02:16]

Done.

+  if (url.SchemeIs(url::kJavaScriptScheme)) {
+    return;
+  }
+
   OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB,
                        ui::PAGE_TRANSITION_TYPED, false);
   browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params);