Update To 11.40.268.0

[platform/framework/web/crosswalk.git] / src / net / base / escape.h

diff --git a/src/net/base/escape.h b/src/net/base/escape.h
index 1915d24..6c92333 100644 (file)
--- a/src/net/base/escape.h
+++ b/src/net/base/escape.h
@@ -42,8 +42,8 @@ NET_EXPORT std::string EscapeNonASCII(const std::string& input);
 
 // Escapes characters in text suitable for use as an external protocol handler
 // command.
-// We %XX everything except alphanumerics and %-_.!~*'() and the restricted
-// chracters (;/?:@&=+$,).
+// We %XX everything except alphanumerics and -_.!~*'() and the restricted
+// chracters (;/?:@&=+$,#[]) and a valid percent escape sequence (%XX).
 NET_EXPORT std::string EscapeExternalHandlerValue(const std::string& text);
 
 // Appends the given character to the output string, escaping the character if
@@ -88,7 +88,10 @@ class UnescapeRule {
 
     // Unescapes control characters such as %01. This INCLUDES NULLs. This is
     // used for rare cases such as data: URL decoding where the result is binary
-    // data. You should not use this for normal URLs!
+    // data. This flag also unescapes BiDi control characters.
+    //
+    // DO NOT use CONTROL_CHARS if the URL is going to be displayed in the UI
+    // for security reasons.
     CONTROL_CHARS = 8,
 
     // URL queries use "+" for space. This flag controls that replacement.