Remove about:srcdoc url conversion.

content/browser/child_process_security_policy_impl.cc

Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index f1aa1c74d71df72530020a7be37b54ab32fee7f7..a0ee91ac9440d5ff174fe2c1f69f04768faf8304 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -626,8 +626,8 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
     return false;  // Can't request invalid URLs.
 
   if (IsPseudoScheme(url.scheme())) {
-    // Every child process can request <about:blank>.
-    if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL))
+    // Every child process can request <about:blank> and <about:srcdoc>

[Charlie Reis, 2016/11/23 08:25:21]

nit: End with period.

[arthursonzogni, 2016/11/23 14:39:26]

Done.

+    if (url == url::kAboutBlankURL || url == content::kAboutSrcDocURL)
       return true;
     // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
     // requestable by any child process.  Also, this case covers
@@ -666,7 +666,7 @@ bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
 
   // Of all the pseudo schemes, only about:blank is allowed to commit.

[Charlie Reis, 2016/11/23 08:25:20]

Do we need to allow about:srcdoc here, or will that never get this far?

[arthursonzogni, 2016/11/23 14:39:26]

Good question!

CanCommitURL is called inside several function in 
* /content/browser/child_process_security_policy_impl.cc
* /content/browser/blob_storage/blob_dispatcher_host.cc

Where it can't be called with <about:srcdoc>:
* In CanRequestURL: Never called because of the early return.
* In CanCommitURL: Called only with blob: and file: scheme.
* In HasPermissionsForFileSystemFile: called only with file: scheme.
* In OnRegisterPublicBlobURL: called only with blob: scheme.

Where it is called with <about:srcdoc>
* In CanSetAsOriginHeader -> I think the correct behaviour is that it
  must returns false. It is the case if CanCommitURL(<about:srcdoc>)
  returns false too.

Thus, if we don't touch anything, the global behavior is preserved
(and is correct according to me). The only problem is that the meaning
of CanCommitURL is not respected because <about:srcdoc> can actually be
committed. Do you think CanCommitURL(<about:srcdoc>) should be true?

[Charlie Reis, 2016/11/23 18:03:37]

Glad to hear.

In the abstract, yes, about:srcdoc can commit, so it's a little odd for this to
return false in that case.  Sounds like that would only matter in future
possible uses for CanCommitURL, though, and we have test coverage that should
catch the problem if it does start to matter.  Thus, I'm ok either way for this
CL.

[Charlie Reis, 2016/11/24 00:17:00]

Nick brings up the point that it's probably saner for CanCommitURL to return
true for about:srcdoc if we can, even if it happens to work in most cases.

   if (IsPseudoScheme(url.scheme()))
-    return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL);
+    return url == url::kAboutBlankURL;
 
   // Blob and filesystem URLs require special treatment; validate the inner
   // origin they embed.