Escape omnibox URLs before pasting to clipboard as HTML.

This change moves the responsibility for escaping into the
WriteHyperLink() method so as to prevent callers from shooting
themeselves in the foot when invoking this.

The testcase is improved by including special characters, and
is enabled beyond windows.

BUG=297718
R=sky@chromium.org

Review URL: https://codereview.chromium.org/23537069

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@225337 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 14 insertions, 10 deletions

diff --git a/ui/base/clipboard/clipboard_unittest.cc b/ui/base/clipboard/clipboard_unittest.cc
index 8217a60..20dff76 100644
--- a/ui/base/clipboard/clipboard_unittest.cc
+++ b/ui/base/clipboard/clipboard_unittest.cc
@@ -507,15 +507,16 @@ TEST_F(ClipboardTest, MultipleDataTest) {
   EXPECT_EQ(payload1, unpickled_string1);
 }
 
-#if defined(OS_WIN)  // Windows only tests.
+#if !defined(OS_MACOSX) && !defined(OS_ANDROID)
 TEST_F(ClipboardTest, HyperlinkTest) {
-  const std::string kTitle("The Example Company");
-  const std::string kUrl("http://www.example.com/");
-  const std::string kExpectedHtml("<a href=\"http://www.example.com/\">"
-                                  "The Example Company</a>");
+  const std::string kTitle("The <Example> Company's \"home page\"");
+  const std::string kUrl("http://www.example.com?x=3&lt=3#\"'<>");
+  const std::string kExpectedHtml(
+      "<a href=\"http://www.example.com?x=3&amp;lt=3#&quot;&#39;&lt;&gt;\">"
+      "The &lt;Example&gt; Company&#39;s &quot;home page&quot;</a>");
+
   std::string url_result;
   string16 html_result;
-
   {
     ScopedClipboardWriter clipboard_writer(&clipboard(),
                                            Clipboard::BUFFER_STANDARD);
@@ -529,7 +530,9 @@ TEST_F(ClipboardTest, HyperlinkTest) {
                        &ignored, &ignored);
   EXPECT_PRED2(MarkupMatches, ASCIIToUTF16(kExpectedHtml), html_result);
 }
+#endif
 
+#if defined(OS_WIN)  // Windows only tests.
 TEST_F(ClipboardTest, WebSmartPasteTest) {
   {
     ScopedClipboardWriter clipboard_writer(&clipboard(),
diff --git a/ui/base/clipboard/scoped_clipboard_writer.cc b/ui/base/clipboard/scoped_clipboard_writer.cc
index 330862b..ce9cba9 100644
--- a/ui/base/clipboard/scoped_clipboard_writer.cc
+++ b/ui/base/clipboard/scoped_clipboard_writer.cc
@@ -10,6 +10,7 @@
 
 #include "base/pickle.h"
 #include "base/strings/utf_string_conversions.h"
+#include "net/base/escape.h"
 #include "ui/gfx/size.h"
 
 namespace ui {
@@ -77,9 +78,9 @@ void ScopedClipboardWriter::WriteHyperlink(const string16& anchor_text,
 
   // Construct the hyperlink.
   std::string html("<a href=\"");
-  html.append(url);
+  html.append(net::EscapeForHTML(url));
   html.append("\">");
-  html.append(UTF16ToUTF8(anchor_text));
+  html.append(net::EscapeForHTML(UTF16ToUTF8(anchor_text)));
   html.append("</a>");
   WriteHTML(UTF8ToUTF16(html), std::string());
 }
diff --git a/ui/base/clipboard/scoped_clipboard_writer.h b/ui/base/clipboard/scoped_clipboard_writer.h
index 1b1392f..4d5c587 100644
--- a/ui/base/clipboard/scoped_clipboard_writer.h
+++ b/ui/base/clipboard/scoped_clipboard_writer.h
@@ -50,8 +50,8 @@ class UI_EXPORT ScopedClipboardWriter {
   void WriteBookmark(const string16& bookmark_title,
                      const std::string& url);
 
-  // Adds an html hyperlink (<a href>) to the clipboard. |anchor_text| should
-  // be escaped prior to being passed in.
+  // Adds an html hyperlink (<a href>) to the clipboard. |anchor_text| and
+  // |url| will be escaped as needed.
   void WriteHyperlink(const string16& anchor_text, const std::string& url);
 
   // Used by WebKit to determine whether WebKit wrote the clipboard last