DescriptionImprove canonicalization of mailto url path components
The canonicalization of the path component of mailto urls is too lax, leading to
information disclosure and possible command injection attacks against mail
clients. To fix this, we will percent-encode more characters in the path
component of mailto urls, matching other browsers.
BUG=711020
TEST=url_unittests
Review-Url: https://codereview.chromium.org/2817213002
Cr-Commit-Position: refs/heads/master@{#465046}
Committed: https://chromium.googlesource.com/chromium/src/+/484ff36cdcb8dcf5efa999a471d1d509c0a8a5f2
Patch Set 1 #Patch Set 2 : Simplify comment #
Messages
Total messages: 11 (6 generated)
|