Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Issue 1126253007: Block modal dialogs inside sandboxes. (Closed)

Created:
5 years, 7 months ago by Mike West
Modified:
5 years, 7 months ago
Reviewers:
Yoav Weiss, dcheng
CC:
blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, eae+blinkwatch, rwlbuis, sof, site-isolation-reviews_chromium.org
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Block modal dialogs inside sandboxes. This patch adds a runtime flag to block modal dialogs inside sandboxed documents, and a corresponding `allow-modals` sandbox flag to re-enable that functionality. Intent to Implement at [1], discussion on whatwg@ at [2]. [1]: https://groups.google.com/a/chromium.org/d/msg/blink-dev/mXX0AO6Lioo/ual1B_3IqTYJ [2]: https://lists.w3.org/Archives/Public/public-whatwg-archive/2015May/0035.html BUG=483624 R=dcheng@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=195791

Patch Set 1 #

Total comments: 1

Patch Set 2 : fast/frames #

Patch Set 3 : console.log #

Patch Set 4 : 'allow-modals' #

Patch Set 5 : WebSandboxFlags. #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+195 lines, -104 lines) Patch
M LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
D LayoutTests/fast/frames/resources/navigate-top-by-name-to-fail.html View 1 1 chunk +0 lines, -11 lines 0 comments Download
M LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html View 1 1 chunk +22 lines, -7 lines 0 comments Download
D LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt View 1 1 chunk +0 lines, -12 lines 0 comments Download
M LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt View 1 1 chunk +7 lines, -7 lines 0 comments Download
M LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/fast/frames/sandboxed-iframe-scripting-02-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/fast/frames/sandboxed-iframe-workers.html View 1 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/fast/frames/sandboxed-iframe-workers-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/iframe-inside-csp-expected.txt View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandbox.php View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control-expected.txt View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-report-only-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/drag-drop-same-unique-origin-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/isolatedWorld/resources/fail.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/isolatedWorld/sandboxed-iframe.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html View 1 2 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/no-popup-from-sandbox.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/no-popup-from-sandbox-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/no-popup-from-sandbox-top.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/no-popup-from-sandbox-top-expected.txt View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/resources/drag-drop-allowed.html View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
A LayoutTests/http/tests/security/sandbox-iframe-allows-modals.html View 1 2 3 1 chunk +31 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/sandbox-iframe-allows-modals-expected.txt View 1 2 3 1 chunk +10 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/sandbox-iframe-blocks-modals.html View 1 chunk +31 lines, -0 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-window-name-alert.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-window-name-alert-expected.txt View 1 2 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-window-name-navigator.html View 1 2 1 chunk +7 lines, -7 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-window-name-navigator-expected.txt View 1 2 1 chunk +5 lines, -5 lines 0 comments Download
M Source/core/dom/SandboxFlags.h View 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/dom/SandboxFlags.cpp View 1 2 3 1 chunk +2 lines, -0 lines 0 comments Download
M Source/core/frame/LocalDOMWindow.cpp View 1 5 chunks +29 lines, -10 lines 1 comment Download
M Source/platform/RuntimeEnabledFeatures.in View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/web/AssertMatchingEnums.cpp View 1 2 3 4 1 chunk +2 lines, -0 lines 0 comments Download
M public/web/WebSandboxFlags.h View 1 2 3 4 1 chunk +2 lines, -0 lines 0 comments Download

Messages

Total messages: 15 (2 generated)
Mike West
WDYT of this patch, Yoav? dcheng@, FYI. :)
5 years, 7 months ago (2015-05-18 10:29:47 UTC) #2
Mike West
Yoav is apparently on a plane. :) Daniel, perhaps you can take a look when ...
5 years, 7 months ago (2015-05-18 11:00:54 UTC) #3
Yoav Weiss
A few minutes at the gate :) https://codereview.chromium.org/1126253007/diff/1/Source/core/frame/LocalDOMWindow.cpp File Source/core/frame/LocalDOMWindow.cpp (right): https://codereview.chromium.org/1126253007/diff/1/Source/core/frame/LocalDOMWindow.cpp#newcode792 Source/core/frame/LocalDOMWindow.cpp:792: if (frame()->document()->isSandboxed(SandboxModals)) ...
5 years, 7 months ago (2015-05-18 11:28:29 UTC) #4
Mike West
On 2015/05/18 at 11:28:29, yoav wrote: > A few minutes at the gate :) > ...
5 years, 7 months ago (2015-05-18 11:35:31 UTC) #5
Yoav Weiss
On 2015/05/18 11:35:31, Mike West (holiday in DE) wrote: > On 2015/05/18 at 11:28:29, yoav ...
5 years, 7 months ago (2015-05-18 11:45:38 UTC) #6
Mike West
On 2015/05/18 at 11:45:38, yoav wrote: > OK, so this is on by default to ...
5 years, 7 months ago (2015-05-18 11:49:38 UTC) #7
Mike West
On 2015/05/18 at 11:49:38, Mike West (holiday in DE) wrote: > > * Gather feedback ...
5 years, 7 months ago (2015-05-18 11:50:39 UTC) #8
dcheng
FYI, this will require updating content/common/frame_replication_state.h as well, once this rolls into Chrome.
5 years, 7 months ago (2015-05-18 18:59:29 UTC) #9
Mike West
dcheng@: Thanks! I'll throw a patch at you shortly after this lands. yoav@: Mind taking ...
5 years, 7 months ago (2015-05-22 13:49:04 UTC) #10
Yoav Weiss
Re-LGTM (with nit/thought) https://codereview.chromium.org/1126253007/diff/80001/Source/core/frame/LocalDOMWindow.cpp File Source/core/frame/LocalDOMWindow.cpp (right): https://codereview.chromium.org/1126253007/diff/80001/Source/core/frame/LocalDOMWindow.cpp#newcode797 Source/core/frame/LocalDOMWindow.cpp:797: Might be a good idea to ...
5 years, 7 months ago (2015-05-22 14:32:24 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1126253007/80001
5 years, 7 months ago (2015-05-22 15:08:58 UTC) #13
Mike West
On 2015/05/22 at 14:32:24, yoav wrote: > Re-LGTM (with nit/thought) > > https://codereview.chromium.org/1126253007/diff/80001/Source/core/frame/LocalDOMWindow.cpp > File ...
5 years, 7 months ago (2015-05-22 15:09:14 UTC) #14
commit-bot: I haz the power
5 years, 7 months ago (2015-05-22 15:32:15 UTC) #15
Message was sent while issue was closed.
Committed patchset #5 (id:80001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=195791

Powered by Google App Engine
This is Rietveld 408576698