Remove use of URL_SPECIAL_CHARS from SafeBrowsing files.

We're removing this, in favor of PATH_SEPARATORS and URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS, to reduce the chances of security issues with unescaping going forward. BUG=589257 Review URL: https://codereview.chromium.org/1733253003 Cr-Commit-Position: refs/heads/master@{#378188}
author: mmenke <mmenke@chromium.org> 2016-02-29 01:51:06 -0800
committer: Commit bot <commit-bot@chromium.org> 2016-02-29 09:52:23 +0000
commit: 9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f (patch)
tree: 59d37462241bde6ba9ce6f517ba0e5e7d21cb149
parent: fa0168cea92cb06b96ec99700937eac42ef2582f (diff)
download: chromium_src-9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f.zip
chromium_src-9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f.tar.gz
chromium_src-9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f.tar.bz2
2 files changed, 8 insertions, 6 deletions
diff --git a/components/safe_browsing_db/util.cc b/components/safe_browsing_db/util.cc
index 153da70..da26b2a 100644
--- a/components/safe_browsing_db/util.cc
+++ b/components/safe_browsing_db/util.cc
@@ -166,9 +166,10 @@ std::string Unescape(const std::string& url) {
   do {
     old_size = unescaped_str.size();
     unescaped_str = net::UnescapeURLComponent(
-        unescaped_str, net::UnescapeRule::SPOOFING_AND_CONTROL_CHARS |
-                           net::UnescapeRule::SPACES |
-                           net::UnescapeRule::URL_SPECIAL_CHARS);
+        unescaped_str,
+        net::UnescapeRule::SPOOFING_AND_CONTROL_CHARS |
+            net::UnescapeRule::SPACES | net::UnescapeRule::PATH_SEPARATORS |
+            net::UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS);
   } while (old_size != unescaped_str.size() &&
            ++loop_var <= kMaxLoopIterations);
 
diff --git a/ios/chrome/browser/safe_browsing/util.cc b/ios/chrome/browser/safe_browsing/util.cc
index afc1cf5..34052cb 100644
--- a/ios/chrome/browser/safe_browsing/util.cc
+++ b/ios/chrome/browser/safe_browsing/util.cc
@@ -143,9 +143,10 @@ std::string Unescape(const std::string& url) {
   do {
     old_size = unescaped_str.size();
     unescaped_str = net::UnescapeURLComponent(
-        unescaped_str, net::UnescapeRule::SPOOFING_AND_CONTROL_CHARS |
-                           net::UnescapeRule::SPACES |
-                           net::UnescapeRule::URL_SPECIAL_CHARS);
+        unescaped_str,
+        net::UnescapeRule::SPOOFING_AND_CONTROL_CHARS |
+            net::UnescapeRule::SPACES | net::UnescapeRule::PATH_SEPARATORS |
+            net::UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS);
   } while (old_size != unescaped_str.size() &&
            ++loop_var <= kMaxLoopIterations);
author	mmenke <mmenke@chromium.org>	2016-02-29 01:51:06 -0800
committer	Commit bot <commit-bot@chromium.org>	2016-02-29 09:52:23 +0000
commit	9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f (patch)
tree	59d37462241bde6ba9ce6f517ba0e5e7d21cb149
parent	fa0168cea92cb06b96ec99700937eac42ef2582f (diff)
download	chromium_src-9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f.zip chromium_src-9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f.tar.gz chromium_src-9eebdc28cdbaaafc5315e03c45c5bcdae58cd96f.tar.bz2