Sanitize URL before URL sent for lookup

When performing the full URL lookup, strip out the fragment, username
and password components. Fragments are only used for local navigations.
Usernames/Passwords are too privacy sensitive.

Bug: 1015469
Change-Id: Ib3885a0acc7c479087cb9e5fe55696cd4745b7a0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1872753
Commit-Queue: Xinghui Lu <xinghuilu@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#708848}

components/safe_browsing/realtime/url_lookup_service.cc

@@ -29,6 +29,16 @@ const size_t kBackOffResetDurationInSeconds = 5 * 60;  // 5 minutes.
 
 const size_t kURLLookupTimeoutDurationInSeconds = 1 * 60;  // 1 minute.
 
+// Fragements, usernames and passwords are removed, becuase fragments are only
+// used for local navigations and usernames/passwords are too privacy sensitive.
+GURL SanitizeURL(const GURL& url) {
+  GURL::Replacements replacements;
+  replacements.ClearRef();
+  replacements.ClearUsername();
+  replacements.ClearPassword();
+  return url.ReplaceComponents(replacements);
+}
+
 }  // namespace
 
 RealTimeUrlLookupService::RealTimeUrlLookupService(
@@ -43,7 +53,7 @@ void RealTimeUrlLookupService::StartLookup(
   DCHECK(url.is_valid());
 
   RTLookupRequest request;
-  request.set_url(url.spec());
+  request.set_url(SanitizeURL(url).spec());
   request.set_lookup_type(RTLookupRequest::NAVIGATION);
   std::string req_data, req_base64;
   request.SerializeToString(&req_data);