[merge to m54] Prevent interpretating userinfo as url scheme when editing bookmarks

[merge to m54] Prevent interpretating userinfo as url scheme when editing bookmarks

Chrome's Edit Bookmark dialog formats urls for display such that a
url of http://javascript:scripttext@host.com is later converted to a
javascript url scheme, allowing persistence of a script injection
attack within the user's bookmarks.

This fix prevents such misinterpretations by always showing the
scheme when a userinfo component is present within the url.

BUG=639126
Review-Url: https://codereview.chromium.org/2368593002
Cr-Commit-Position: refs/heads/master@{#422467}
(cherry picked from commit fa34e547d6ee25ea0692436ba7462ed0a0ef45f4)

Committed: https://chromium.googlesource.com/chromium/src/+/2775e31152857adc2bb9775b03212d1356541b4b

[awhalley, 2016-10-10 21:52:51]

Description was changed from

==========
[merge to m54] Prevent interpretating userinfo as url scheme when editing
bookmarks

Chrome's Edit Bookmark dialog formats urls for display such that a
url of http://javascript:scripttext@host.com is later converted to a
javascript url scheme, allowing persistence of a script injection
attack within the user's bookmarks.

This fix prevents such misinterpretations by always showing the
scheme when a userinfo component is present within the url.

BUG=639126

Review-Url: https://codereview.chromium.org/2368593002
Cr-Commit-Position: refs/heads/master@{#422467}
(cherry picked from commit fa34e547d6ee25ea0692436ba7462ed0a0ef45f4)
==========

to

==========
[merge to m54] Prevent interpretating userinfo as url scheme when editing
bookmarks

Chrome's Edit Bookmark dialog formats urls for display such that a
url of http://javascript:scripttext@host.com is later converted to a
javascript url scheme, allowing persistence of a script injection
attack within the user's bookmarks.

This fix prevents such misinterpretations by always showing the
scheme when a userinfo component is present within the url.

BUG=639126

Review-Url: https://codereview.chromium.org/2368593002
Cr-Commit-Position: refs/heads/master@{#422467}
(cherry picked from commit fa34e547d6ee25ea0692436ba7462ed0a0ef45f4)

Committed:
https://chromium.googlesource.com/chromium/src/+/2775e31152857adc2bb9775b0321...
==========

[awhalley, 2016-10-10 21:52:52]

Committed patchset #1 (id:1) manually as
2775e31152857adc2bb9775b03212d1356541b4b.