Remove UnescapeURLComponent() overload that takes a base::string16.

The method has some safe-for-display safety checks that assume the input
is UTF-8 / output is UTF-8.  This change makes it at least a little
harder to avoid those checks, and makes output no longer vary based on
whether passing in a std::string or a string16 (By removing the latter
option entirely).

Bug: 831321
Change-Id: Ib39a2cccd71861213341e92932525e8ecafc60cd
Reviewed-on: https://chromium-review.googlesource.com/1004855Reviewed-by: Matt Giuca <mgiuca@chromium.org>
Reviewed-by: Justin Donnelly <jdonnelly@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#550720}

components/omnibox/browser/url_index_private_data.cc

@@ -190,10 +190,13 @@ ScoredHistoryMatches URLIndexPrivateData::HistoryItemsForTerms(
     // the final filtering we need whitespace separated substrings possibly
     // containing escaped characters.
     base::string16 lower_raw_string(base::i18n::ToLower(search_string));
-    base::string16 lower_unescaped_string = net::UnescapeURLComponent(
-        lower_raw_string,
+    // Have to convert to UTF-8 and back, because UnescapeURLComponent doesn't
+    // support unescaping UTF-8 characters and converting them to UTF-16.
+    base::string16 lower_unescaped_string =
+        base::UTF8ToUTF16(net::UnescapeURLComponent(
+            base::UTF16ToUTF8(lower_raw_string),
             net::UnescapeRule::SPACES | net::UnescapeRule::PATH_SEPARATORS |
-            net::UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS);
+                net::UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS));
 
     // Extract individual 'words' (as opposed to 'terms'; see comment in
     // HistoryIdsToScoredMatches()) from the search string. When the user types

net/base/escape.cc

@@ -101,18 +101,15 @@ const char kUrlUnescape[128] = {
 // Attempts to unescape the sequence at |index| within |escaped_text|.  If
 // successful, sets |value| to the unescaped value.  Returns whether
 // unescaping succeeded.
-template <typename STR>
-bool UnescapeUnsignedCharAtIndex(STR escaped_text,
+bool UnescapeUnsignedCharAtIndex(base::StringPiece escaped_text,
                                  size_t index,
                                  unsigned char* value) {
   if ((index + 2) >= escaped_text.size())
     return false;
   if (escaped_text[index] != '%')
     return false;
-  const typename STR::value_type most_sig_digit(
-      static_cast<typename STR::value_type>(escaped_text[index + 1]));
-  const typename STR::value_type least_sig_digit(
-      static_cast<typename STR::value_type>(escaped_text[index + 2]));
+  char most_sig_digit(escaped_text[index + 1]);
+  char least_sig_digit(escaped_text[index + 2]);
   if (base::IsHexDigit(most_sig_digit) && base::IsHexDigit(least_sig_digit)) {
     *value = base::HexDigitToInt(most_sig_digit) * 16 +
              base::HexDigitToInt(least_sig_digit);
@@ -123,8 +120,7 @@ bool UnescapeUnsignedCharAtIndex(STR escaped_text,
 
 // Returns true if there is an Arabic Language Mark at |index|. |first_byte|
 // is the byte at |index|.
-template <typename STR>
-bool HasArabicLanguageMarkAtIndex(STR escaped_text,
+bool HasArabicLanguageMarkAtIndex(base::StringPiece escaped_text,
                                   unsigned char first_byte,
                                   size_t index) {
   if (first_byte != 0xD8)
@@ -137,8 +133,7 @@ bool HasArabicLanguageMarkAtIndex(STR escaped_text,
 
 // Returns true if there is a BiDi control char at |index|. |first_byte| is the
 // byte at |index|.
-template <typename STR>
-bool HasThreeByteBidiControlCharAtIndex(STR escaped_text,
+bool HasThreeByteBidiControlCharAtIndex(base::StringPiece escaped_text,
                                         unsigned char first_byte,
                                         size_t index) {
   if (first_byte != 0xE2)
@@ -161,8 +156,7 @@ bool HasThreeByteBidiControlCharAtIndex(STR escaped_text,
 
 // Returns true if there is a four-byte banned char at |index|. |first_byte| is
 // the byte at |index|.
-template <typename STR>
-bool HasFourByteBannedCharAtIndex(STR escaped_text,
+bool HasFourByteBannedCharAtIndex(base::StringPiece escaped_text,
                                   unsigned char first_byte,
                                   size_t index) {
   // The following characters are blacklisted for spoofability concerns.
@@ -196,9 +190,8 @@ bool HasFourByteBannedCharAtIndex(STR escaped_text,
 // the alterations done to the string that are not one-character-to-one-
 // character.  The resulting |adjustments| will always be sorted by increasing
 // offset.
-template <typename STR>
-STR UnescapeURLWithAdjustmentsImpl(
-    base::BasicStringPiece<STR> escaped_text,
+std::string UnescapeURLWithAdjustmentsImpl(
+    base::StringPiece escaped_text,
     UnescapeRule::Type rules,
     base::OffsetAdjuster::Adjustments* adjustments) {
   if (adjustments)
@@ -210,7 +203,7 @@ STR UnescapeURLWithAdjustmentsImpl(
   // The output of the unescaping is always smaller than the input, so we can
   // reserve the input size to make sure we have enough buffer and don't have
   // to allocate in the loop below.
-  STR result;
+  std::string result;
   result.reserve(escaped_text.length());
 
   // Locations of adjusted text.
@@ -436,11 +429,6 @@ std::string UnescapeURLComponent(base::StringPiece escaped_text,
   return UnescapeURLWithAdjustmentsImpl(escaped_text, rules, NULL);
 }
 
-base::string16 UnescapeURLComponent(base::StringPiece16 escaped_text,
-                                    UnescapeRule::Type rules) {
-  return UnescapeURLWithAdjustmentsImpl(escaped_text, rules, NULL);
-}
-
 base::string16 UnescapeAndDecodeUTF8URLComponent(base::StringPiece text,
                                                  UnescapeRule::Type rules) {
   return UnescapeAndDecodeUTF8URLComponentWithAdjustments(text, rules, NULL);

net/base/escape.h

@@ -118,15 +118,13 @@ class UnescapeRule {
 // a hex digit, and converting to the character with the numerical value of
 // those digits. Thus "i%20=%203%3b" unescapes to "i = 3;".
 //
-// Watch out: this doesn't necessarily result in the correct final result,
-// because the encoding may be unknown. For example, the input might be ASCII,
-// which, after unescaping, is supposed to be interpreted as UTF-8, and then
-// converted into full UTF-16 chars. This function won't tell you if any
-// conversions need to take place, it only unescapes.
+// This method does not ensure that the output is a valid string using any
+// character encoding. However, unless SPOOFING_AND_CONTROL_CHARS is set, it
+// does leave escaped certain byte sequences that would be dangerous to display
+// to the user, because if interpreted as UTF-8, they could be used to mislead
+// the user.
 NET_EXPORT std::string UnescapeURLComponent(base::StringPiece escaped_text,
                                             UnescapeRule::Type rules);
-NET_EXPORT base::string16 UnescapeURLComponent(base::StringPiece16 escaped_text,
-                                               UnescapeRule::Type rules);
 
 // Unescapes the given substring as a URL, and then tries to interpret the
 // result as being encoded as UTF-8. If the result is convertable into UTF-8, it

net/base/escape_unittest.cc

@@ -21,12 +21,6 @@ struct EscapeCase {
 };
 
 struct UnescapeURLCase {
-  const wchar_t* input;
-  UnescapeRule::Type rules;
-  const wchar_t* output;
-};
-
-struct UnescapeURLCaseASCII {
   const char* input;
   UnescapeRule::Type rules;
   const char* output;
@@ -148,8 +142,8 @@ TEST(EscapeTest, EscapeUrlEncodedDataSpace) {
   ASSERT_EQ(EscapeUrlEncodedData("a b", false), "a%20b");
 }
 
-TEST(EscapeTest, UnescapeURLComponentASCII) {
-  const UnescapeURLCaseASCII unescape_cases[] = {
+TEST(EscapeTest, UnescapeURLComponent) {
+  const UnescapeURLCase kUnescapeCases[] = {
       {"", UnescapeRule::NORMAL, ""},
       {"%2", UnescapeRule::NORMAL, "%2"},
       {"%%%%%%", UnescapeRule::NORMAL, "%%%%%%"},
@@ -159,6 +153,89 @@ TEST(EscapeTest, UnescapeURLComponentASCII) {
        "Some%20random text %25%2dOK"},
       {"Some%20random text %25%2dOK", UnescapeRule::NORMAL,
        "Some%20random text %25-OK"},
+      {"Some%20random text %25%E2%80", UnescapeRule::NORMAL,
+       "Some%20random text %25\xE2\x80"},
+      {"Some%20random text %25%E2%80OK", UnescapeRule::NORMAL,
+       "Some%20random text %25\xE2\x80OK"},
+      {"Some%20random text %25%E2%80%84OK", UnescapeRule::NORMAL,
+       "Some%20random text %25\xE2\x80\x84OK"},
+
+      // BiDi Control characters should not be unescaped unless explicity told
+      // to
+      // do so with UnescapeRule::SPOOFING_AND_CONTROL_CHARS
+      {"Some%20random text %25%D8%9COK", UnescapeRule::NORMAL,
+       "Some%20random text %25%D8%9COK"},
+      {"Some%20random text %25%E2%80%8EOK", UnescapeRule::NORMAL,
+       "Some%20random text %25%E2%80%8EOK"},
+      {"Some%20random text %25%E2%80%8FOK", UnescapeRule::NORMAL,
+       "Some%20random text %25%E2%80%8FOK"},
+      {"Some%20random text %25%E2%80%AAOK", UnescapeRule::NORMAL,
+       "Some%20random text %25%E2%80%AAOK"},
+      {"Some%20random text %25%E2%80%ABOK", UnescapeRule::NORMAL,
+       "Some%20random text %25%E2%80%ABOK"},
+      {"Some%20random text %25%E2%80%AEOK", UnescapeRule::NORMAL,
+       "Some%20random text %25%E2%80%AEOK"},
+      {"Some%20random text %25%E2%81%A6OK", UnescapeRule::NORMAL,
+       "Some%20random text %25%E2%81%A6OK"},
+      {"Some%20random text %25%E2%81%A9OK", UnescapeRule::NORMAL,
+       "Some%20random text %25%E2%81%A9OK"},
+      // UnescapeRule::SPOOFING_AND_CONTROL_CHARS should unescape BiDi Control
+      // characters.
+      {"Some%20random text %25%D8%9COK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xD8\x9COK"},
+      {"Some%20random text %25%E2%80%8EOK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xE2\x80\x8EOK"},
+      {"Some%20random text %25%E2%80%8FOK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xE2\x80\x8FOK"},
+      {"Some%20random text %25%E2%80%AAOK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xE2\x80\xAAOK"},
+      {"Some%20random text %25%E2%80%ABOK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xE2\x80\xABOK"},
+      {"Some%20random text %25%E2%80%AEOK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xE2\x80\xAEOK"},
+      {"Some%20random text %25%E2%81%A6OK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xE2\x81\xA6OK"},
+      {"Some%20random text %25%E2%81%A9OK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xE2\x81\xA9OK"},
+
+      // Certain banned characters should not be unescaped unless explicitly
+      // told
+      // to do so with UnescapeRule::SPOOFING_AND_CONTROL_CHARS.
+      // U+1F50F LOCK WITH INK PEN
+      {"Some%20random text %25%F0%9F%94%8FOK", UnescapeRule::NORMAL,
+       "Some%20random text %25%F0%9F%94%8FOK"},
+      // U+1F510 CLOSED LOCK WITH KEY
+      {"Some%20random text %25%F0%9F%94%90OK", UnescapeRule::NORMAL,
+       "Some%20random text %25%F0%9F%94%90OK"},
+      // U+1F512 LOCK
+      {"Some%20random text %25%F0%9F%94%92OK", UnescapeRule::NORMAL,
+       "Some%20random text %25%F0%9F%94%92OK"},
+      // U+1F513 OPEN LOCK
+      {"Some%20random text %25%F0%9F%94%93OK", UnescapeRule::NORMAL,
+       "Some%20random text %25%F0%9F%94%93OK"},
+      // UnescapeRule::SPOOFING_AND_CONTROL_CHARS should unescape banned
+      // characters.
+      {"Some%20random text %25%F0%9F%94%8FOK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xF0\x9F\x94\x8FOK"},
+      {"Some%20random text %25%F0%9F%94%90OK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xF0\x9F\x94\x90OK"},
+      {"Some%20random text %25%F0%9F%94%92OK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xF0\x9F\x94\x92OK"},
+      {"Some%20random text %25%F0%9F%94%93OK",
+       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Some%20random text %25\xF0\x9F\x94\x93OK"},
+
       {"Some%20random text %25%2dOK", UnescapeRule::SPACES,
        "Some random text %25-OK"},
       {"Some%20random text %25%2dOK", UnescapeRule::PATH_SEPARATORS,
@@ -192,19 +269,22 @@ TEST(EscapeTest, UnescapeURLComponentASCII) {
       {"Hello%20%13%10%02", UnescapeRule::SPACES, "Hello %13%10%02"},
       {"Hello%20%13%10%02", UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
        "Hello%20\x13\x10\x02"},
+      {"Hello\xE9\xA0\xA4\xE9\xA0\xA7",
+       UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
+       "Hello\xE9\xA0\xA4\xE9\xA0\xA7"},
 
       // '/' and '\\' should only be unescaped by PATH_SEPARATORS.
       {"%2F%5C", UnescapeRule::PATH_SEPARATORS, "/\\"},
-      {"%2F%5C", UnescapeRule::SPACES |
+      {"%2F%5C",
+       UnescapeRule::SPACES |
            UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS |
            UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
        "%2F%5C"},
   };
 
-  for (size_t i = 0; i < arraysize(unescape_cases); i++) {
-    std::string str(unescape_cases[i].input);
-    EXPECT_EQ(std::string(unescape_cases[i].output),
-              UnescapeURLComponent(str, unescape_cases[i].rules));
+  for (const auto unescape_case : kUnescapeCases) {
+    EXPECT_EQ(unescape_case.output,
+              UnescapeURLComponent(unescape_case.input, unescape_case.rules));
   }
 
   // Test the NULL character unescaping (which wouldn't work above since those
@@ -228,166 +308,6 @@ TEST(EscapeTest, UnescapeURLComponentASCII) {
   EXPECT_EQ(expected, UnescapeURLComponent(input, UnescapeRule::NORMAL));
 }
 
-TEST(EscapeTest, UnescapeURLComponent) {
-  const UnescapeURLCase unescape_cases[] = {
-      {L"", UnescapeRule::NORMAL, L""},
-      {L"%2", UnescapeRule::NORMAL, L"%2"},
-      {L"%%%%%%", UnescapeRule::NORMAL, L"%%%%%%"},
-      {L"Don't escape anything", UnescapeRule::NORMAL,
-       L"Don't escape anything"},
-      {L"Invalid %escape %2", UnescapeRule::NORMAL, L"Invalid %escape %2"},
-      {L"Some%20random text %25%2dOK", UnescapeRule::NONE,
-       L"Some%20random text %25%2dOK"},
-      {L"Some%20random text %25%2dOK", UnescapeRule::NORMAL,
-       L"Some%20random text %25-OK"},
-      {L"Some%20random text %25%E2%80", UnescapeRule::NORMAL,
-       L"Some%20random text %25\xE2\x80"},
-      {L"Some%20random text %25%E2%80OK", UnescapeRule::NORMAL,
-       L"Some%20random text %25\xE2\x80OK"},
-      {L"Some%20random text %25%E2%80%84OK", UnescapeRule::NORMAL,
-       L"Some%20random text %25\xE2\x80\x84OK"},
-
-      // BiDi Control characters should not be unescaped unless explicity told
-      // to
-      // do so with UnescapeRule::SPOOFING_AND_CONTROL_CHARS
-      {L"Some%20random text %25%D8%9COK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%D8%9COK"},
-      {L"Some%20random text %25%E2%80%8EOK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%E2%80%8EOK"},
-      {L"Some%20random text %25%E2%80%8FOK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%E2%80%8FOK"},
-      {L"Some%20random text %25%E2%80%AAOK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%E2%80%AAOK"},
-      {L"Some%20random text %25%E2%80%ABOK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%E2%80%ABOK"},
-      {L"Some%20random text %25%E2%80%AEOK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%E2%80%AEOK"},
-      {L"Some%20random text %25%E2%81%A6OK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%E2%81%A6OK"},
-      {L"Some%20random text %25%E2%81%A9OK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%E2%81%A9OK"},
-      // UnescapeRule::SPOOFING_AND_CONTROL_CHARS should unescape BiDi Control
-      // characters.
-      {L"Some%20random text %25%D8%9COK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xD8\x9COK"},
-      {L"Some%20random text %25%E2%80%8EOK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xE2\x80\x8EOK"},
-      {L"Some%20random text %25%E2%80%8FOK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xE2\x80\x8FOK"},
-      {L"Some%20random text %25%E2%80%AAOK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xE2\x80\xAAOK"},
-      {L"Some%20random text %25%E2%80%ABOK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xE2\x80\xABOK"},
-      {L"Some%20random text %25%E2%80%AEOK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xE2\x80\xAEOK"},
-      {L"Some%20random text %25%E2%81%A6OK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xE2\x81\xA6OK"},
-      {L"Some%20random text %25%E2%81%A9OK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xE2\x81\xA9OK"},
-
-      // Certain banned characters should not be unescaped unless explicitly
-      // told
-      // to do so with UnescapeRule::SPOOFING_AND_CONTROL_CHARS.
-      // U+1F50F LOCK WITH INK PEN
-      {L"Some%20random text %25%F0%9F%94%8FOK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%F0%9F%94%8FOK"},
-      // U+1F510 CLOSED LOCK WITH KEY
-      {L"Some%20random text %25%F0%9F%94%90OK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%F0%9F%94%90OK"},
-      // U+1F512 LOCK
-      {L"Some%20random text %25%F0%9F%94%92OK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%F0%9F%94%92OK"},
-      // U+1F513 OPEN LOCK
-      {L"Some%20random text %25%F0%9F%94%93OK", UnescapeRule::NORMAL,
-       L"Some%20random text %25%F0%9F%94%93OK"},
-      // UnescapeRule::SPOOFING_AND_CONTROL_CHARS should unescape banned
-      // characters.
-      {L"Some%20random text %25%F0%9F%94%8FOK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xF0\x9F\x94\x8FOK"},
-      {L"Some%20random text %25%F0%9F%94%90OK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xF0\x9F\x94\x90OK"},
-      {L"Some%20random text %25%F0%9F%94%92OK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xF0\x9F\x94\x92OK"},
-      {L"Some%20random text %25%F0%9F%94%93OK",
-       UnescapeRule::NORMAL | UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Some%20random text %25\xF0\x9F\x94\x93OK"},
-
-      {L"Some%20random text %25%2dOK", UnescapeRule::SPACES,
-       L"Some random text %25-OK"},
-      {L"Some%20random text %25%2dOK",
-       UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS,
-       L"Some%20random text %-OK"},
-      {L"Some%20random text %25%2dOK",
-       UnescapeRule::SPACES |
-           UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS,
-       L"Some random text %-OK"},
-      {L"%A0%B1%C2%D3%E4%F5", UnescapeRule::NORMAL,
-       L"\xA0\xB1\xC2\xD3\xE4\xF5"},
-      {L"%Aa%Bb%Cc%Dd%Ee%Ff", UnescapeRule::NORMAL,
-       L"\xAa\xBb\xCc\xDd\xEe\xFf"},
-      // Certain URL-sensitive characters should not be unescaped unless asked.
-      {L"Hello%20%13%10world %23# %3F? %3D= %26& %25% %2B+",
-       UnescapeRule::SPACES,
-       L"Hello %13%10world %23# %3F? %3D= %26& %25% %2B+"},
-      {L"Hello%20%13%10world %23# %3F? %3D= %26& %25% %2B+",
-       UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS,
-       L"Hello%20%13%10world ## ?? == && %% ++"},
-      // We can neither escape nor unescape '@' since some websites expect it to
-      // be preserved as either '@' or "%40".
-      // See http://b/996720 and http://crbug.com/23933 .
-      {L"me@my%40example", UnescapeRule::NORMAL, L"me@my%40example"},
-      // Control characters.
-      {L"%01%02%03%04%05%06%07%08%09 %25",
-       UnescapeRule::URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS,
-       L"%01%02%03%04%05%06%07%08%09 %"},
-      {L"%01%02%03%04%05%06%07%08%09 %25",
-       UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"\x01\x02\x03\x04\x05\x06\x07\x08\x09 %25"},
-      {L"Hello%20%13%10%02", UnescapeRule::SPACES, L"Hello %13%10%02"},
-      {L"Hello%20%13%10%02", UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Hello%20\x13\x10\x02"},
-      {L"Hello\x9824\x9827", UnescapeRule::SPOOFING_AND_CONTROL_CHARS,
-       L"Hello\x9824\x9827"},
-  };
-
-  for (size_t i = 0; i < arraysize(unescape_cases); i++) {
-    base::string16 str(base::WideToUTF16(unescape_cases[i].input));
-    EXPECT_EQ(base::WideToUTF16(unescape_cases[i].output),
-              UnescapeURLComponent(str, unescape_cases[i].rules));
-  }
-
-  // Test the NULL character unescaping (which wouldn't work above since those
-  // are just char pointers).
-  base::string16 input(base::WideToUTF16(L"Null"));
-  input.push_back(0);  // Also have a NULL in the input.
-  input.append(base::WideToUTF16(L"%00%39Test"));
-
-  // When we're unescaping NULLs
-  base::string16 expected(base::WideToUTF16(L"Null"));
-  expected.push_back(0);
-  expected.push_back(0);
-  expected.append(base::ASCIIToUTF16("9Test"));
-  EXPECT_EQ(expected, UnescapeURLComponent(
-                          input, UnescapeRule::SPOOFING_AND_CONTROL_CHARS));
-
-  // When we're not unescaping NULLs.
-  expected = base::WideToUTF16(L"Null");
-  expected.push_back(0);
-  expected.append(base::WideToUTF16(L"%009Test"));
-  EXPECT_EQ(expected, UnescapeURLComponent(input, UnescapeRule::NORMAL));
-}
-
 TEST(EscapeTest, UnescapeAndDecodeUTF8URLComponent) {
   const UnescapeAndDecodeCase unescape_cases[] = {
     { "%",

net/base/unescape_url_component_fuzzer.cc

@@ -18,18 +18,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     net::UnescapeURLComponent(path, static_cast<net::UnescapeRule::Type>(i));
   }
 
-  // When non-empty, align |data| to sizeof(char16).
-  if ((size > 0) && ((size % 2) == 1)) {
-    data++;
-    size--;
-  }
-
-  // Test for StringPiece16.
-  base::StringPiece16 path16(reinterpret_cast<const base::char16*>(data),
-                             size / 2);
-  for (int i = 0; i <= kMaxUnescapeRule; i++) {
-    net::UnescapeURLComponent(path16, static_cast<net::UnescapeRule::Type>(i));
-  }
-
   return 0;
 }