This patch strips out the http auth credentials before storing it in History DB.

BUG=20318
TEST=Visit a url having auth credentials. Check history db to see url stored without credentials.
Review URL: http://codereview.chromium.org/1012001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41773 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 2 deletions

diff --git a/chrome/browser/history/url_database.cc b/chrome/browser/history/url_database.cc
index 27eabd3..c5c6199 100644
--- a/chrome/browser/history/url_database.cc
+++ b/chrome/browser/history/url_database.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -38,7 +38,13 @@ URLDatabase::~URLDatabase() {
 // static
 std::string URLDatabase::GURLToDatabaseURL(const GURL& gurl) {
   // TODO(brettw): do something fancy here with encoding, etc.
-  return gurl.spec();
+
+  // Strip username and password from URL before sending to DB.
+  GURL::Replacements replacements;
+  replacements.ClearUsername();
+  replacements.ClearPassword();
+
+  return (gurl.ReplaceComponents(replacements)).spec();
 }
 
 // Convenience to fill a history::URLRow. Must be in sync with the fields in