Improve canonicalization of mailto url path components

Improve canonicalization of mailto url path components

The canonicalization of the path component of mailto urls is too lax, leading to
information disclosure and possible command injection attacks against mail
clients. To fix this, we will percent-encode more characters in the path
component of mailto urls, matching other browsers.

BUG=711020
TEST=url_unittests

Review-Url: https://codereview.chromium.org/2817213002
Cr-Commit-Position: refs/heads/master@{#465046}
Committed: https://chromium.googlesource.com/chromium/src/+/484ff36cdcb8dcf5efa999a471d1d509c0a8a5f2

[elawrence, 2017-04-14 16:03:29]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-14 16:03:47]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[elawrence, 2017-04-14 16:13:26]

elawrence@chromium.org changed reviewers:
+ brettw@chromium.org

[elawrence, 2017-04-14 16:13:26]

PTAL?

[brettw, 2017-04-17 19:29:34]

lgtm

[elawrence, 2017-04-17 21:29:05]

The CQ bit was checked by elawrence@chromium.org

[commit-bot: I haz the power, 2017-04-17 21:29:32]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-17 22:39:52]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1492464545385230,
"parent_rev": "dbfea6ff41a33e73312113c90f055ce7ac35ba1d", "commit_rev":
"484ff36cdcb8dcf5efa999a471d1d509c0a8a5f2"}

[commit-bot: I haz the power, 2017-04-17 22:40:11]

Description was changed from

==========
Improve canonicalization of mailto url path components

The canonicalization of the path component of mailto urls is too lax, leading to
information disclosure and possible command injection attacks against mail
clients. To fix this, we will percent-encode more characters in the path
component of mailto urls, matching other browsers.

BUG=711020
TEST=url_unittests
==========

to

==========
Improve canonicalization of mailto url path components

The canonicalization of the path component of mailto urls is too lax, leading to
information disclosure and possible command injection attacks against mail
clients. To fix this, we will percent-encode more characters in the path
component of mailto urls, matching other browsers.

BUG=711020
TEST=url_unittests

Review-Url: https://codereview.chromium.org/2817213002
Cr-Commit-Position: refs/heads/master@{#465046}
Committed:
https://chromium.googlesource.com/chromium/src/+/484ff36cdcb8dcf5efa999a471d1...
==========

[commit-bot: I haz the power, 2017-04-17 22:40:12]

Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/chromium/src/+/484ff36cdcb8dcf5efa999a471d1...

[alexmos, 2017-04-17 23:42:14]

A revert of this CL (patchset #2 id:20001) has been created in
https://codereview.chromium.org/2823883005/ by alexmos@chromium.org.

The reason for reverting is: appears to be breaking fast/url/mailto.html on at
least the Mac bots: 
https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac10.10/build...
https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac10.12/build...
https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac10.9/builds...

diffs:
-PASS canonicalize('mailto:addr1, addr2') is 'mailto:addr1, addr2' 
+FAIL canonicalize('mailto:addr1, addr2') should be mailto:addr1, addr2. Was
mailto:addr1,%20addr2. 
.