Remove about:srcdoc url conversion.

content/browser/renderer_host/render_process_host_impl.cc

Index: content/browser/renderer_host/render_process_host_impl.cc
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
index c8cbea2370ade26c37a59d63bc45b09ecf01a971..cb6402307b2030656c96568e606001106ad7f1d1 100644
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -2357,7 +2357,10 @@ void RenderProcessHostImpl::FilterURL(RenderProcessHost* rph,
   if (url->SchemeIs(url::kAboutScheme)) {
     // The renderer treats all URLs in the about: scheme as being about:blank.
     // Canonicalize about: URLs to about:blank.
-    *url = GURL(url::kAboutBlankURL);
+    // An exception is made for about:srcdoc.
+    if (*url != kAboutSrcDocURL)
+      *url = GURL(url::kAboutBlankURL);
+    return;

[Charlie Reis, 2016/11/16 18:20:22]

Was this return added for ChildPolicySecurityPolicyImpl::CanRequestURL rejecting
about:srcdoc?  I think that brings up a good point.

First, we should update CanRequestURL to allow about:srcdoc the same way it
allows about:blank.  Otherwise its other callers might get the wrong answer
(e.g., if the srcdoc page tries to make an XmlHttpRequest).

Second, Nick points out that such a change would make this whole block
unnecessary.  CanRequestURL will return true for about:blank and about:srcdoc,
and false for all other about: URLs, causing us to rewrite them to about:blank
on line 2371 below.  That seems like a nice cleanup to me, keeping the logic in
fewer places.

[arthursonzogni, 2016/11/17 17:04:58]

Yes it was.
To be honest, I initially tried what you suggest when I saw that the "return"
was needed here.
The problem is that we can't just remove this block of code because comparison
to about:blank made in CanRequestURL is not case-sensitive. Mixing not
case-sensitive and case-sensitive test are not a good idea. Comparison to
about:blank are case-sensitive everywhere except here.

For instance, if the user click on <a href="about:BLANK"></a>, it will cause a
browser crash because of this inconsistency. 

FYI the specification doesn't says that the about:xxxx URL are not
case-sensitive. So:
GURL("about:blank") != GURL(about:BLANK)
even if hostname are not case-sensitive.
GURL("www.chromium.org/xX") == GURL("www.CHROMIUM.org/xX")

I think we could make CanRequestURL and CanCommitURL case-sensitive. What do you
think?

[Charlie Reis, 2016/11/22 01:01:20]

Yes, I think that makes sense, assuming we don't expect the renderer to allow an
about:BlAnK commit, etc.  That would make it consistent with all the other
checks.

   }
 
   if (!policy->CanRequestURL(rph->GetID(), *url)) {