Filter more incoming URLs in the CreateWindow path.

content/browser/renderer_host/render_view_host_impl.cc

Index: content/browser/renderer_host/render_view_host_impl.cc
===================================================================
--- content/browser/renderer_host/render_view_host_impl.cc	(revision 178378)
+++ content/browser/renderer_host/render_view_host_impl.cc	(working copy)
@@ -1094,8 +1094,10 @@
   ViewHostMsg_CreateWindow_Params validated_params(params);
   ChildProcessSecurityPolicyImpl* policy =
       ChildProcessSecurityPolicyImpl::GetInstance();
-  // TODO(cevans): also validate opener_url, opener_security_origin.
   FilterURL(policy, GetProcess(), false, &validated_params.target_url);
+  FilterURL(policy, GetProcess(), false, &validated_params.opener_url);
+  FilterURL(policy, GetProcess(), true,
+            &validated_params.opener_security_origin);
 
   delegate_->CreateNewWindow(route_id, validated_params,
                              session_storage_namespace);