[FedCM] Add a prefix for custom parameters

That way they do not conflict with builtin keys
such as account_id or disclosure_text_shown.

I picked `param_` as the prefix. The underscore matches what
we use in other parameters like `account_id`.

Bug: 339457767
Change-Id: I68c778554514f94e9b59ef01ff5b12d4c55872bc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5531106
Commit-Queue: Christian Biesinger <cbiesinger@chromium.org>
Reviewed-by: Yi Gu <yigu@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1299492}

content/browser/webid/federated_auth_request_impl.cc

@@ -170,10 +170,9 @@ std::string ComputeUrlEncodedTokenPostData(
                                base::JoinString(scope, " "), /*use_plus=*/true);
     }
     for (const auto& pair : params) {
-      // TODO(crbug.com/40262526): Should we use a prefix with these custom
-      // parameters so that they don't collide with the standard ones?
-      query += "&" + base::EscapeUrlEncodedData(pair.first, /*use_plus=*/true) +
-               "=" + base::EscapeUrlEncodedData(pair.second, /*use_plus=*/true);
+      query += "&param_" +
+               base::EscapeUrlEncodedData(pair.first, /*use_plus=*/true) + "=" +
+               base::EscapeUrlEncodedData(pair.second, /*use_plus=*/true);
     }
   }
 

content/browser/webid/webid_browsertest.cc

@@ -1153,9 +1153,9 @@ IN_PROC_BROWSER_TEST_F(WebIdAuthzBrowserTest, Authz_noPopUpWindow) {
             // Asserts that the scope and params parameters
             // were passed correctly to the id assertion endpoint.
             content += "scope=name+email+picture&";
-            content += "%3F+gets+://=%26+escaped+!&";
-            content += "foo=bar&";
-            content += "hello=world";
+            content += "param_%3F+gets+://=%26+escaped+!&";
+            content += "param_foo=bar&";
+            content += "param_hello=world";
 
             EXPECT_EQ(request.content, content);