2 files changed, 29 insertions, 0 deletions

diff --git a/chrome/browser/ui/omnibox/omnibox_view_unittest.cc b/chrome/browser/ui/omnibox/omnibox_view_unittest.cc
new file mode 100644
index 0000000..d017bff
--- /dev/null
+++ b/chrome/browser/ui/omnibox/omnibox_view_unittest.cc
@@ -0,0 +1,28 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ui/omnibox/omnibox_view.h"
+#include "base/string16.h"
+#include "base/string_util.h"
+#include "base/utf_string_conversions.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+TEST(OmniboxView, TestStripSchemasUnsafeForPaste) {
+  const char* urls[] = {
+    "http://www.google.com?q=javascript:alert(0)",  // Safe URL.
+    "javAscript:alert(0)",                          // Unsafe JS URL.
+    "jaVascript:\njavaScript: alert(0)"             // Single strip unsafe.
+  };
+
+  const char* expecteds[] = {
+    "http://www.google.com?q=javascript:alert(0)",  // Safe URL.
+    "alert(0)",                                     // Unsafe JS URL.
+    "alert(0)"                                      // Single strip unsafe.
+  };
+
+  for (size_t i = 0; i < arraysize(urls); i++) {
+    EXPECT_EQ(ASCIIToUTF16(expecteds[i]),
+              OmniboxView::StripJavascriptSchemas(ASCIIToUTF16(urls[i])));
+  }
+}
diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi
index e150411..19e3d28 100644
--- a/chrome/chrome_tests.gypi
+++ b/chrome/chrome_tests.gypi
@@ -1869,6 +1869,7 @@
         'browser/ui/gtk/status_icons/status_tray_gtk_unittest.cc',
         'browser/ui/gtk/tabs/tab_renderer_gtk_unittest.cc',
         'browser/ui/login/login_prompt_unittest.cc',
+        'browser/ui/omnibox/omnibox_view_unittest.cc',
         'browser/ui/panels/panel_browser_window_cocoa_unittest.mm',
         'browser/ui/search_engines/keyword_editor_controller_unittest.cc',
         'browser/ui/shell_dialogs_unittest.cc',