Reland of 'Improve canonicalization of mailto url path components'

Reland of 'Improve canonicalization of mailto url path components'

The canonicalization of the path component of mailto urls is too lax,
leading to information disclosure and possible command injection attacks
against mail clients. To fix this, we percent-encode more characters in
the path component of mailto urls, matching other Firefox/IE/Edge.

The original land of this patch (via 2817213002) omitted an update to
layout tests.

BUG=711020
TEST=url_unittests,run-webkit-tests fast/url

Review-Url: https://codereview.chromium.org/2820373002
Cr-Commit-Position: refs/heads/master@{#465357}
Committed: https://chromium.googlesource.com/chromium/src/+/d75485096f20f4ba7365106c46200b18c0fcc848

[elawrence, 2017-04-18 14:56:13]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-18 14:56:28]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-18 16:44:59]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-18 16:45:00]

Dry run: This issue passed the CQ dry run.

[elawrence, 2017-04-18 19:44:47]

elawrence@chromium.org changed reviewers:
+ brettw@chromium.org

[elawrence, 2017-04-18 19:44:47]

Apologies for the re-rereview request. The original change failed to land
because it broke a layout test. 

The only difference in this new CL is that it updates the layout test to match
the new behavior. I've confirmed that the layout tests now pass.

PTAL?

[brettw, 2017-04-18 20:34:42]

lgtm

[elawrence, 2017-04-18 20:39:25]

The CQ bit was checked by elawrence@chromium.org

[commit-bot: I haz the power, 2017-04-18 20:39:52]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-18 20:44:23]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1492547965961930, "parent_rev":
"cbf212b54620d1c1cb11ea1072fd698dd47ba26b", "commit_rev":
"d75485096f20f4ba7365106c46200b18c0fcc848"}

[commit-bot: I haz the power, 2017-04-18 20:44:35]

Description was changed from

==========
Reland of 'Improve canonicalization of mailto url path components'

The canonicalization of the path component of mailto urls is too lax,
leading to information disclosure and possible command injection attacks
against mail clients. To fix this, we percent-encode more characters in
the path component of mailto urls, matching other Firefox/IE/Edge.

The original land of this patch (via 2817213002) omitted an update to
layout tests.

BUG=711020
TEST=url_unittests,run-webkit-tests fast/url
==========

to

==========
Reland of 'Improve canonicalization of mailto url path components'

The canonicalization of the path component of mailto urls is too lax,
leading to information disclosure and possible command injection attacks
against mail clients. To fix this, we percent-encode more characters in
the path component of mailto urls, matching other Firefox/IE/Edge.

The original land of this patch (via 2817213002) omitted an update to
layout tests.

BUG=711020
TEST=url_unittests,run-webkit-tests fast/url

Review-Url: https://codereview.chromium.org/2820373002
Cr-Commit-Position: refs/heads/master@{#465357}
Committed:
https://chromium.googlesource.com/chromium/src/+/d75485096f20f4ba7365106c4620...
==========

[commit-bot: I haz the power, 2017-04-18 20:44:36]

Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/d75485096f20f4ba7365106c4620...