From 3ab2df689c216f35ef744a64d6cff3f87127d61d Mon Sep 17 00:00:00 2001 From: "inferno@chromium.org" Date: Tue, 16 Mar 2010 22:05:15 +0000 Subject: This patch strips out the http auth credentials before storing it in History DB. BUG=20318 TEST=Visit a url having auth credentials. Check history db to see url stored without credentials. Review URL: http://codereview.chromium.org/1012001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41773 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/browser/history/url_database.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'chrome/browser/history/url_database.cc') diff --git a/chrome/browser/history/url_database.cc b/chrome/browser/history/url_database.cc index 27eabd3..c5c6199 100644 --- a/chrome/browser/history/url_database.cc +++ b/chrome/browser/history/url_database.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -38,7 +38,13 @@ URLDatabase::~URLDatabase() { // static std::string URLDatabase::GURLToDatabaseURL(const GURL& gurl) { // TODO(brettw): do something fancy here with encoding, etc. - return gurl.spec(); + + // Strip username and password from URL before sending to DB. + GURL::Replacements replacements; + replacements.ClearUsername(); + replacements.ClearPassword(); + + return (gurl.ReplaceComponents(replacements)).spec(); } // Convenience to fill a history::URLRow. Must be in sync with the fields in -- cgit v1.1