There's a common pattern in storage APIs (and probably others)
* Grab a blink::SecurityOrigin
* Convert to blink::WebSecurityOrigin
* Pass into a blink platform API
* In the Chromium code, blink::WebStringToGURL(security_origin.toString())
* Pass GURL over IPC
* Reason about security properties of GURL
* ...
* Profit!
Ideally, this would use url::Origin and not convert to GURL.
Comment 1 by jsb...@chromium.org
, Mar 2 2016