Sanitize referrer in context menus.

content/public/common/referrer.h

Index: content/public/common/referrer.h
diff --git a/content/public/common/referrer.h b/content/public/common/referrer.h
index b10bfd6c28e6cd96f6e44a5a2070904693fae979..db0dc16354462a5ada16caa0482b21ff4aadbcb1 100644
--- a/content/public/common/referrer.h
+++ b/content/public/common/referrer.h
@@ -5,6 +5,7 @@
 #ifndef CONTENT_PUBLIC_COMMON_REFERRER_H_
 #define CONTENT_PUBLIC_COMMON_REFERRER_H_
 
+#include "base/logging.h"
 #include "content/common/content_export.h"
 #include "third_party/WebKit/public/platform/WebReferrerPolicy.h"
 #include "url/gurl.h"
@@ -23,6 +24,33 @@ struct CONTENT_EXPORT Referrer {
 
   GURL url;
   blink::WebReferrerPolicy policy;
+
+  static Referrer SanitizeForRequest(const GURL& request,
+                                     const Referrer& referrer) {
+    Referrer sanitized_referrer;
+    sanitized_referrer.url = referrer.url.GetAsReferrer();
+    sanitized_referrer.policy = referrer.policy;

[jochen (gone - plz use gerrit), 2014/08/05 13:27:42]

can you also make SerializedNavigationEntry::Sanitize use this method (in
components/sessions/serialized_navigation_entry.cc)

esp, we should clear the referrer if either the referrer or the request url are
not in the http family.

[nasko, 2014/08/05 14:27:58]

Done.

+    switch (sanitized_referrer.policy) {
+      case blink::WebReferrerPolicyDefault:
+        if (sanitized_referrer.url.SchemeIsSecure() &&
+            !request.SchemeIsSecure()) {
+          sanitized_referrer.url = GURL();
+        }
+        break;
+      case blink::WebReferrerPolicyAlways:
+        break;
+      case blink::WebReferrerPolicyNever:
+        sanitized_referrer.url = GURL();
+        break;
+      case blink::WebReferrerPolicyOrigin:
+        sanitized_referrer.url = sanitized_referrer.url.GetOrigin();
+        break;
+      default:
+        NOTREACHED();
+        break;
+    }
+    return sanitized_referrer;
+  }
 };
 
 }  // namespace content