DescriptionPrevent webview tags from navigating outside web-safe schemes.
This CL removes protocol handlers and avoids granting capabilities or
bindings to webview processes, which prevents navigations to WebUI,
extension, and file URLs. Web and data URLs are still permitted.
BUG=139397
TEST=Try to visit chrome://settings or other privileged URLs in a <webview>.
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=164788
Patch Set 1 #Patch Set 2 : Fix failing unit tests. #Patch Set 3 : Remove TODO #
Total comments: 8
Patch Set 4 : Fix review comments #
Total comments: 2
Patch Set 5 : Fix nit #Messages
Total messages: 13 (0 generated)
|