In order to do that we introduced both a preference(currently prefs::kForceSafeSearch) and a policy in Chrome which when set active will make sure that the parameters safe=active and ssui=on are present.
The implementation of this feature is done in chrome/browser/net/chrome_network_delegate.cc, where we see if it is a Google search URL (if the feature is active of course). Since an extension could come and modify the URL after us we let the extensions (if any) do their work first. If the extension modifies the URL the network stack will detect that and it will generate a OnBeforeRedirect which is followed by OnBeforeURLRequest.
In OnBeforeURLRequest we have two scenarios:
While enforcing the SafeSearch parameters we split the query part of the URL (everything between ? and #) into parameters. Then we remove any safe= and ssui= parameters and add the correct values at the end. As stated here the query part is in ASCII..
At the current time this change only affects Google Web Search queries which come form any source (omnibox, google.tld websites). This is the result of a lack of standardization when it comes to setting SafeSearch. Maybe in the future we will pursue implementing this option for multiple search engines or thorugh OpenSearch.
This feature is tested using unit tests in chrome/browser/net/chrome_network_delegate_unittest.cc. To run the test simply compile the unit_tests executable and run:
The policy part of it is tested using browser tests in chrome/browser/policy/policy_browsertest.cc. To run it:
Note: This feature is still in review and has not landed yet in Chrome. Initially it will also not be visible to the users.