Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(725)

Issue 8311007: Adding `content_security_policy` to the "Mappy" sample. (Closed)

Created:
9 years, 2 months ago by Mike West
Modified:
9 years, 2 months ago
CC:
chromium-reviews, Aaron Boodman, Erik does not do reviews, mihaip+watch_chromium.org
Visibility:
Public.

Description

Adding `content_security_policy` to the "Mappy" sample. This involved pretty much rewriting the popup code to avoid a script injected via `document.write` in the Maps API code. BUG=92644 TEST= Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=106043

Patch Set 1 #

Total comments: 2

Patch Set 2 : Adding `default-src`, rebuilding docs. #

Patch Set 3 : Rebasing. #

Messages

Total messages: 6 (0 generated)
Mike West
And another. I rewrote a chunk of this to avoid using the Maps API that ...
9 years, 2 months ago (2011-10-16 12:25:55 UTC) #1
abarth-chromium
http://codereview.chromium.org/8311007/diff/1/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json File chrome/common/extensions/docs/examples/extensions/mappy/manifest.json (right): http://codereview.chromium.org/8311007/diff/1/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json#newcode20 chrome/common/extensions/docs/examples/extensions/mappy/manifest.json:20: "content_security_policy": "script-src 'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com" Please add ...
9 years, 2 months ago (2011-10-16 19:48:16 UTC) #2
Mike West
Thanks. http://codereview.chromium.org/8311007/diff/1/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json File chrome/common/extensions/docs/examples/extensions/mappy/manifest.json (right): http://codereview.chromium.org/8311007/diff/1/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json#newcode20 chrome/common/extensions/docs/examples/extensions/mappy/manifest.json:20: "content_security_policy": "script-src 'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com" On ...
9 years, 2 months ago (2011-10-16 21:14:56 UTC) #3
abarth-chromium
Yeah, default-src 'none' is the best approach. An older version of the spec used to ...
9 years, 2 months ago (2011-10-16 21:20:32 UTC) #4
Mike West
On 2011/10/16 21:20:32, abarth wrote: > Yeah, default-src 'none' is the best approach. An older ...
9 years, 2 months ago (2011-10-17 07:54:06 UTC) #5
Boris Smus
9 years, 2 months ago (2011-10-17 21:39:25 UTC) #6
LGTM. Thanks for adding the license header too.

Powered by Google App Engine
This is Rietveld 408576698