Escape single-quote in query strings to avoid certain types of xss.

About 46 LayoutTests will need rebaselining after this lands.
BUG=292740
R=abarth@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23754022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@224874 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 2 insertions, 2 deletions

diff --git a/url/url_canon_internal.cc b/url/url_canon_internal.cc
index 8b4bf21..8592cea 100644
--- a/url/url_canon_internal.cc
+++ b/url/url_canon_internal.cc
@@ -116,7 +116,7 @@ const unsigned char kSharedCharTypeTable[0x100] = {
     CHAR_QUERY | CHAR_USERINFO,  // 0x24  $
     CHAR_QUERY | CHAR_USERINFO,  // 0x25  %
     CHAR_QUERY | CHAR_USERINFO,  // 0x26  &
-    CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT,  // 0x27  '
+    0,                           // 0x27  '  (Try to prevent XSS.)
     CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT,  // 0x28  (
     CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT,  // 0x29  )
     CHAR_QUERY | CHAR_USERINFO | CHAR_COMPONENT,  // 0x2a  *
diff --git a/url/url_util_unittest.cc b/url/url_util_unittest.cc
index 8b16d79..dfbdb40 100644
--- a/url/url_util_unittest.cc
+++ b/url/url_util_unittest.cc
@@ -202,7 +202,7 @@ TEST(URLUtilTest, TestEncodeURIComponent) {
     {"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F",
      "%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F"},
     {" !\"#$%&'()*+,-./",
-     "%20!%22%23%24%25%26'()*%2B%2C-.%2F"},
+     "%20!%22%23%24%25%26%27()*%2B%2C-.%2F"},
     {"0123456789:;<=>?",
      "0123456789%3A%3B%3C%3D%3E%3F"},
     {"@ABCDEFGHIJKLMNO",