Handle Javascript URLs correctly from loadQuery command

LoadQuery is called for commands such as (paste&Go, QRScan and voice search).
the query passed to it is not sanitized and can have javascript which shouldn't be executed.
This CL sanitize the input of the LoadQuery command to make sure it's safe.

The sanitization works by compressing white spaces from the beginning of the query &
then strip javascript: scheme if it exists on the beginning of the query.
examples of sanitization results: "javascript:abc"->"abc", "javascript:" -> "   java" -> " java"

Bug: 877984
Cq-Include-Trybots: luci.chromium.try:ios-simulator-cronet;luci.chromium.try:ios-simulator-full-configs
Change-Id: I8524632092d3ecb0c4c23f26e3baa25ac305e58b
Reviewed-on: https://chromium-review.googlesource.com/1205601Reviewed-by: Mark Cogan <marq@chromium.org>
Reviewed-by: Eugene But <eugenebut@chromium.org>
Commit-Queue: Mohammad Refaat <mrefaat@chromium.org>
Cr-Commit-Position: refs/heads/master@{#589561}

ios/chrome/browser/ui/location_bar/location_bar_coordinator.mm

@@ -11,6 +11,7 @@
 #include "base/strings/sys_string_conversions.h"
 #include "components/google/core/common/google_util.h"
 #include "components/omnibox/browser/omnibox_edit_model.h"
+#include "components/omnibox/browser/omnibox_view.h"
 #include "components/search_engines/util.h"
 #include "components/strings/grit/components_strings.h"
 #include "components/variations/net/variations_http_headers.h"
@@ -199,11 +200,15 @@ const int kLocationAuthorizationStatusCount = 4;
 
 - (void)loadQuery:(NSString*)query immediately:(BOOL)immediately {
   DCHECK(query);
+  // Since the query is not user typed, sanitize it to make sure it's safe.
+  base::string16 sanitizedQuery =
+      OmniboxView::SanitizeTextForPaste(base::SysNSStringToUTF16(query));
   if (immediately) {
-    [self loadURLForQuery:query];
+    [self loadURLForQuery:sanitizedQuery];
   } else {
     [self focusOmnibox];
-    [self.omniboxCoordinator insertTextToOmnibox:query];
+    [self.omniboxCoordinator
+        insertTextToOmnibox:base::SysUTF16ToNSString(sanitizedQuery)];
   }
 }
 
@@ -332,15 +337,15 @@ const int kLocationAuthorizationStatusCount = 4;
 }
 
 // Navigate to |query| from omnibox.
-- (void)loadURLForQuery:(NSString*)query {
+- (void)loadURLForQuery:(const base::string16&)query {
   GURL searchURL;
   metrics::OmniboxInputType type = AutocompleteInput::Parse(
-      base::SysNSStringToUTF16(query), std::string(),
-      AutocompleteSchemeClassifierImpl(), nullptr, nullptr, &searchURL);
+      query, std::string(), AutocompleteSchemeClassifierImpl(), nullptr,
+      nullptr, &searchURL);
   if (type != metrics::OmniboxInputType::URL || !searchURL.is_valid()) {
     searchURL = GetDefaultSearchURLForSearchTerms(
         ios::TemplateURLServiceFactory::GetForBrowserState(self.browserState),
-        base::SysNSStringToUTF16(query));
+        query);
   }
   if (searchURL.is_valid()) {
     // It is necessary to include PAGE_TRANSITION_FROM_ADDRESS_BAR in the

ios/chrome/browser/ui/location_bar/location_bar_legacy_coordinator.mm

@@ -11,6 +11,7 @@
 #include "base/strings/sys_string_conversions.h"
 #include "components/google/core/common/google_util.h"
 #include "components/omnibox/browser/omnibox_edit_model.h"
+#include "components/omnibox/browser/omnibox_view.h"
 #include "components/search_engines/util.h"
 #include "components/strings/grit/components_strings.h"
 #include "components/variations/net/variations_http_headers.h"
@@ -206,14 +207,18 @@ const int kLocationAuthorizationStatusCount = 4;
 
 - (void)loadQuery:(NSString*)query immediately:(BOOL)immediately {
   DCHECK(query);
+  // Since the query is not user typed, sanitize it to make sure it's safe.
+  base::string16 sanitizedQuery =
+      OmniboxView::SanitizeTextForPaste(base::SysNSStringToUTF16(query));
   if (immediately) {
-    [self loadURLForQuery:query];
+    [self loadURLForQuery:sanitizedQuery];
   } else {
     [self focusOmnibox];
-    [self.locationBarView.textField insertTextWhileEditing:query];
+    NSString* nsQuery = base::SysUTF16ToNSString(sanitizedQuery);
+    [self.locationBarView.textField insertTextWhileEditing:nsQuery];
     // The call to |setText| shouldn't be needed, but without it the "Go" button
     // of the keyboard is disabled.
-    [self.locationBarView.textField setText:query];
+    [self.locationBarView.textField setText:nsQuery];
     // Notify the accessibility system to start reading the new contents of the
     // Omnibox.
     UIAccessibilityPostNotification(UIAccessibilityScreenChangedNotification,
@@ -315,15 +320,15 @@ const int kLocationAuthorizationStatusCount = 4;
 }
 
 // Navigate to |query| from omnibox.
-- (void)loadURLForQuery:(NSString*)query {
+- (void)loadURLForQuery:(const base::string16&)query {
   GURL searchURL;
   metrics::OmniboxInputType type = AutocompleteInput::Parse(
-      base::SysNSStringToUTF16(query), std::string(),
-      AutocompleteSchemeClassifierImpl(), nullptr, nullptr, &searchURL);
+      query, std::string(), AutocompleteSchemeClassifierImpl(), nullptr,
+      nullptr, &searchURL);
   if (type != metrics::OmniboxInputType::URL || !searchURL.is_valid()) {
     searchURL = GetDefaultSearchURLForSearchTerms(
         ios::TemplateURLServiceFactory::GetForBrowserState(self.browserState),
-        base::SysNSStringToUTF16(query));
+        query);
   }
   if (searchURL.is_valid()) {
     // It is necessary to include PAGE_TRANSITION_FROM_ADDRESS_BAR in the