Don't sanitize errors if the protocol is "data:"

third_party/WebKit/LayoutTests/http/tests/security/script-dataurl-not-sanitized.html

Index: third_party/WebKit/LayoutTests/http/tests/security/script-dataurl-not-sanitized.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/script-dataurl-not-sanitized.html b/third_party/WebKit/LayoutTests/http/tests/security/script-dataurl-not-sanitized.html
new file mode 100644
index 0000000000000000000000000000000000000000..a6d58b186b2e440d29c12d13b9d4c0815fd5df52
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/script-dataurl-not-sanitized.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>

[Mike West, 2017/02/14 07:19:07]

It looks like there's an existing test in
https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/external/....
Why don't we update that test a bit to test more of the error event (and to
change the misleading "same-origin" comment) and unskip it in TestExpectations
rather than adding a new test?

[andypaicu2, 2017/02/14 09:09:22]

Done

+<title>Data URLs error messages are not sanitized</title>
+<script src="../resources/testharness.js"></script>
+<script src="../resources/testharnessreport.js"></script>
+<div id="log"></div>
+<script>
+async_test(function(t) {
+  window.onerror = t.step_func_done(function(msg, url, line, col, error) {
+    assert_not_equals(msg, 'Script error.');
+    assert_equals(url, "data:application/javascript,throw 'This%20is%20an%20error%20message'");
+    assert_not_equals(line, 0);
+    assert_not_equals(col, 0);
+    assert_not_equals(error, null);
+  });
+}, "Data URLs error messages are not sanitized");
+</script>
+<script src="data:application/javascript,throw 'This%20is%20an%20error%20message'"></script>