DescriptionM59 Merge of 'Improve canonicalization of mailto url path components'
The canonicalization of the path component of mailto urls is too lax,
leading to information disclosure and possible command injection attacks
against mail clients. To fix this, we percent-encode more characters in
the path component of mailto urls, matching other Firefox/IE/Edge.
The original land of this patch (via 2817213002) omitted an update to
layout tests.
BUG=711020
TEST=url_unittests,run-webkit-tests fast/url
Review-Url: https://codereview.chromium.org/2820373002
Cr-Commit-Position: refs/heads/master@{#465357}
(cherry picked from commit d75485096f20f4ba7365106c46200b18c0fcc848)
Review-Url: https://codereview.chromium.org/2833983005 .
Cr-Commit-Position: refs/branch-heads/3071@{#128}
Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641}
Committed: https://chromium.googlesource.com/chromium/src/+/18bf33f85e323bf4bf93f3db3c42e542dd9cb9f2
Patch Set 1 #
Messages
Total messages: 2 (1 generated)
|