Prevent interpretating userinfo as url scheme when editing bookmarks
Chrome's Edit Bookmark dialog formats urls for display such that a
url of http://javascript:scripttext@host.com is later converted to a
javascript url scheme, allowing persistence of a script injection
attack within the user's bookmarks.
This fix prevents such misinterpretations by always showing the
scheme when a userinfo component is present within the url.
BUG=639126
Review-Url: https://codereview.chromium.org/2368593002
Cr-Commit-Position: refs/heads/master@{#422467}
4 files changed
