[CustomScheme] Fix a wrong url validation check in VerifyCustomHandlerURL

In VerifyCustomHandlerURL, though it should check the URL validation after removing
'%s' in the given URL, it has checked it original URL even though it already removed
'%s'. This CL fixes it as well as adds a new invalid URL test case to the tests.

Additionally, we need to fix 2 tests of registerProtocolHandler in the protocol.html of wpt.
According to the spec, If the %s placeholder is in the scheme, host, or port parts of the URL,
this should throw a SecurityError exception forcibly. However, the 2 tests have been checked
if it throws a syntax error. Fixed it too.

Spec: https://html.spec.whatwg.org/multipage/webappapis.html#custom-handlers

TEST: Add a new invalid url test to http/tests/navigatorcontentutils.
      external/wpt/html/webappapis/system-state-and-capabilities/the-navigator-object/protocol.html

Bug: none
Change-Id: I11f3c626b767b6fdc880bda157741d68d67ee001
Reviewed-on: https://chromium-review.googlesource.com/796252
Commit-Queue: Gyuyoung Kim <gyuyoung.kim@lge.com>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520821}

third_party/WebKit/LayoutTests/external/wpt/html/webappapis/system-state-and-capabilities/the-navigator-object/protocol.html

@@ -58,12 +58,12 @@ test(function () {
 }, 'an empty url argument should throw SYNTAX_ERR');
 
 test(function () {
-  assert_throws('SYNTAX_ERR', function () { navigator.registerProtocolHandler('mailto', 'http://%s.com', 'foo') } );
-}, '%s instead of domain name should throw SYNTAX_ERR');
+  assert_throws('SECURITY_ERR', function () { navigator.registerProtocolHandler('mailto', 'http://%s.com', 'foo') } );
+}, '%s instead of domain name should throw SECURITY_ERR');
 
 test(function () {
-  assert_throws('SYNTAX_ERR', function () { navigator.registerProtocolHandler('mailto', 'http://%s.example.com', 'foo') } );
-}, '%s instead of subdomain name should throw SYNTAX_ERR');
+  assert_throws('SECURITY_ERR', function () { navigator.registerProtocolHandler('mailto', 'http://%s.example.com', 'foo') } );
+}, '%s instead of subdomain name should throw SECURITY_ERR');
 
 test(function () {
   assert_throws('SYNTAX_ERR', function () { navigator.registerProtocolHandler('mailto', location.href + '', 'foo') } );

third_party/WebKit/LayoutTests/http/tests/navigatorcontentutils/register-protocol-handler-expected.txt

@@ -37,6 +37,7 @@ PASS Invalid scheme "magnet:+" falied.
 PASS Invalid scheme "tel:sip" falied.
 PASS Invalid url "" threw SyntaxError exception: "Failed to execute 'registerProtocolHandler' on 'Navigator': The url provided ('') does not contain '%s'.".
 PASS Invalid url "%S" threw SyntaxError exception: "Failed to execute 'registerProtocolHandler' on 'Navigator': The url provided ('%S') does not contain '%s'.".
+PASS Invalid url "http://[v8.:::]//url=%s" threw SyntaxError exception: "Failed to execute 'registerProtocolHandler' on 'Navigator': The custom handler URL created by removing '%s' and prepending 'http://127.0.0.1:8000/navigatorcontentutils/register-protocol-handler.html' is invalid.".
 PASS The registeration of URL that has the same origin with the document origin is allowed.
 PASS URL with origin different than document origin threw SecurityError exception: "Failed to execute 'registerProtocolHandler' on 'Navigator': Can only register custom handler in the document's origin.".
 PASS Valid call succeeded.

third_party/WebKit/LayoutTests/http/tests/navigatorcontentutils/register-protocol-handler.html

@@ -63,7 +63,7 @@ invalid_schemes.forEach(function (scheme) {
         debug('Fail: Invalid scheme "' + scheme + '" allowed. Threw exception: "' + errorMessage + '".');
 });
 
-var invalid_urls = ["", "%S"];
+var invalid_urls = ["", "%S", "http://[v8.:::]//url=%s"];
 invalid_urls.forEach(function (url) {
     var succeeded = false;
     try {

third_party/WebKit/LayoutTests/http/tests/navigatorcontentutils/unregister-protocol-handler-expected.txt

@@ -37,6 +37,7 @@ PASS Invalid scheme "magnet:+" falied.
 PASS Invalid scheme "tel:sip" falied.
 PASS Invalid url "" threw SyntaxError exception.Failed to execute 'unregisterProtocolHandler' on 'Navigator': The url provided ('') does not contain '%s'.".
 PASS Invalid url "%S" threw SyntaxError exception.Failed to execute 'unregisterProtocolHandler' on 'Navigator': The url provided ('%S') does not contain '%s'.".
+PASS Invalid url "http://[v8.:::]//url=%s" threw SyntaxError exception.Failed to execute 'unregisterProtocolHandler' on 'Navigator': The custom handler URL created by removing '%s' and prepending 'http://127.0.0.1:8000/navigatorcontentutils/unregister-protocol-handler.html' is invalid.".
 PASS URL with origin different than document origin threw SecurityError exception: "Failed to execute 'unregisterProtocolHandler' on 'Navigator': Can only register custom handler in the document's origin.".
 PASS Valid call succeeded.
 

third_party/WebKit/LayoutTests/http/tests/navigatorcontentutils/unregister-protocol-handler.html

@@ -62,7 +62,7 @@ invalid_schemes.forEach(function (scheme) {
         debug('Fail: Invalid scheme "' + scheme + '" allowed. Threw exception: "' + errorMessage + '".');
 });
 
-var invalid_urls = ["", "%S"];
+var invalid_urls = ["", "%S", "http://[v8.:::]//url=%s"];
 invalid_urls.forEach(function (url) {
    var succeeded = false;
    try {

third_party/WebKit/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

@@ -64,8 +64,7 @@ static bool VerifyCustomHandlerURL(const Document& document,
   // the "%s" token and prepending the base url, does not resolve.
   String new_url = url;
   new_url.Remove(index, WTF_ARRAY_LENGTH(kToken) - 1);
-
-  KURL kurl = document.CompleteURL(url);
+  KURL kurl = document.CompleteURL(new_url);
 
   if (kurl.IsEmpty() || !kurl.IsValid()) {
     exception_state.ThrowDOMException(