Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1212163007: Kill renderers for bad password forms in --site-per-process. (Closed)

Created:
5 years, 5 months ago by lfg
Modified:
5 years, 5 months ago
CC:
chromium-reviews, posciak+watch_chromium.org, avayvod+watch_chromium.org, vabr+watchlist_chromium.org, jam, mcasas+watch_chromium.org, feature-media-reviews_chromium.org, darin-cc_chromium.org, gcasto+watchlist_chromium.org, wjia+watch_chromium.org, mlamouri+watch-media_chromium.org, mkwst+watchlist-passwords_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Kill renderers for bad password forms in --site-per-process. Validate the origin from password forms to make sure that the renderer that's sending the autofill requests are allowed to access the passwords. BUG=467150 TBR=sky@chromium.org for chrome/browser/ui/login/login_prompt.cc Committed: https://crrev.com/24d08379839a9c94d1c8aa10a8b04185dc6a9b19 Cr-Commit-Position: refs/heads/master@{#339322}

Patch Set 1 #

Patch Set 2 : adding test, bad message #

Total comments: 15

Patch Set 3 : addressing comments #

Patch Set 4 : updating python script #

Patch Set 5 : starting histogram samples from 1 #

Total comments: 3

Patch Set 6 : moving password_manager::BadMessageReason outside of bad_message namespace, fixing tests #

Patch Set 7 : fixing cross-origin redirect http auth #

Total comments: 5

Patch Set 8 : #

Total comments: 2

Patch Set 9 : addressing vabr's comments #

Patch Set 10 : rebase #

Patch Set 11 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+217 lines, -35 lines) Patch
M chrome/browser/password_manager/password_manager_browsertest.cc View 1 2 3 4 5 3 chunks +62 lines, -0 lines 0 comments Download
M chrome/browser/password_manager/password_manager_test_base.h View 1 2 3 4 5 2 chunks +4 lines, -0 lines 0 comments Download
M chrome/browser/password_manager/password_manager_test_base.cc View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download
M chrome/browser/ui/login/login_prompt.cc View 1 2 3 4 5 6 7 8 9 10 1 chunk +1 line, -1 line 0 comments Download
M components/password_manager.gypi View 1 2 3 4 5 1 chunk +2 lines, -0 lines 0 comments Download
M components/password_manager/content/browser/BUILD.gn View 1 1 chunk +2 lines, -0 lines 0 comments Download
A + components/password_manager/content/browser/bad_message.h View 1 2 3 4 5 6 7 8 9 2 chunks +18 lines, -18 lines 0 comments Download
A components/password_manager/content/browser/bad_message.cc View 1 2 3 4 5 6 7 8 9 1 chunk +27 lines, -0 lines 0 comments Download
M components/password_manager/content/browser/content_password_manager_driver.h View 1 2 3 4 5 6 7 8 3 chunks +6 lines, -0 lines 0 comments Download
M components/password_manager/content/browser/content_password_manager_driver.cc View 1 2 3 4 5 6 7 8 9 10 3 chunks +47 lines, -0 lines 0 comments Download
M content/browser/child_process_security_policy_impl.h View 2 chunks +1 line, -6 lines 0 comments Download
M content/browser/child_process_security_policy_impl.cc View 1 2 2 chunks +4 lines, -4 lines 0 comments Download
M content/browser/media/android/media_resource_getter_impl.cc View 1 chunk +1 line, -1 line 0 comments Download
M content/browser/renderer_host/media/webrtc_identity_service_host.cc View 1 chunk +1 line, -1 line 0 comments Download
M content/browser/renderer_host/render_message_filter.cc View 2 chunks +2 lines, -2 lines 0 comments Download
M content/browser/site_instance_impl.cc View 1 2 3 4 5 1 chunk +6 lines, -0 lines 0 comments Download
M content/public/browser/child_process_security_policy.h View 1 2 2 chunks +7 lines, -0 lines 0 comments Download
M tools/metrics/histograms/histograms.xml View 1 2 3 4 5 6 7 8 9 2 chunks +21 lines, -0 lines 0 comments Download
M tools/metrics/histograms/update_bad_message_reasons.py View 1 2 3 1 chunk +4 lines, -2 lines 0 comments Download

Messages

Total messages: 27 (7 generated)
lfg
Hi Nick, please take a look. Thanks!
5 years, 5 months ago (2015-07-07 21:50:34 UTC) #2
ncarter (slow)
Nice! Just a couple nits! https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode2162 chrome/browser/password_manager/password_manager_browsertest.cc:2162: iframe_observer.SetPathToWaitFor("/password/crossite_iframe_content.html"); Crossite is an ...
5 years, 5 months ago (2015-07-07 22:18:32 UTC) #3
DaleCurtis
https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode2162 chrome/browser/password_manager/password_manager_browsertest.cc:2162: iframe_observer.SetPathToWaitFor("/password/crossite_iframe_content.html"); On 2015/07/07 22:18:32, ncarter wrote: > Crossite is ...
5 years, 5 months ago (2015-07-07 22:20:09 UTC) #4
ncarter (slow)
I'd like to get xunlu's opinion on this
5 years, 5 months ago (2015-07-07 22:24:41 UTC) #6
xunlu
On 2015/07/07 22:24:41, ncarter wrote: > I'd like to get xunlu's opinion on this +gcasto ...
5 years, 5 months ago (2015-07-07 22:57:53 UTC) #7
vabr (Chromium)
*password_manager* LGTM with a nit and a question. Cheers, Vaclav https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode2146 ...
5 years, 5 months ago (2015-07-08 08:26:27 UTC) #10
lfg
Please, take another look. https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode2146 chrome/browser/password_manager/password_manager_browsertest.cc:2146: switches::kSitePerProcess)) { On 2015/07/08 08:26:27, ...
5 years, 5 months ago (2015-07-08 15:31:47 UTC) #11
vabr (Chromium)
*password_manager* LGTM with a nit about the VLOG. Thanks! Vaclav https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/20001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode2146 ...
5 years, 5 months ago (2015-07-09 06:29:32 UTC) #12
ncarter (slow)
lgtm https://codereview.chromium.org/1212163007/diff/80001/components/password_manager/content/browser/bad_message.cc File components/password_manager/content/browser/bad_message.cc (right): https://codereview.chromium.org/1212163007/diff/80001/components/password_manager/content/browser/bad_message.cc#newcode18 components/password_manager/content/browser/bad_message.cc:18: << static_cast<int>(reason); Leave this as log error, to ...
5 years, 5 months ago (2015-07-09 21:47:30 UTC) #13
lfg
@vabr: Please, take another look. There was a large rebase and I had to fix ...
5 years, 5 months ago (2015-07-16 17:01:12 UTC) #14
ncarter (slow)
lgtm https://codereview.chromium.org/1212163007/diff/120001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/120001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode123 chrome/browser/password_manager/password_manager_browsertest.cc:123: IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, PromptForNormalSubmit) { Would it be better to ...
5 years, 5 months ago (2015-07-16 18:04:10 UTC) #15
lfg
https://codereview.chromium.org/1212163007/diff/120001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/120001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode123 chrome/browser/password_manager/password_manager_browsertest.cc:123: IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, PromptForNormalSubmit) { On 2015/07/16 18:04:10, ncarter wrote: > ...
5 years, 5 months ago (2015-07-16 18:33:14 UTC) #16
ncarter (slow)
https://codereview.chromium.org/1212163007/diff/120001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/1212163007/diff/120001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode123 chrome/browser/password_manager/password_manager_browsertest.cc:123: IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, PromptForNormalSubmit) { On 2015/07/16 18:33:14, lfg wrote: > ...
5 years, 5 months ago (2015-07-16 18:55:08 UTC) #17
vabr (Chromium)
*password_manager* LGTM with a comment. Thanks! Vaclav https://codereview.chromium.org/1212163007/diff/140001/components/password_manager/content/browser/content_password_manager_driver.h File components/password_manager/content/browser/content_password_manager_driver.h (right): https://codereview.chromium.org/1212163007/diff/140001/components/password_manager/content/browser/content_password_manager_driver.h#newcode77 components/password_manager/content/browser/content_password_manager_driver.h:77: void PasswordFormsParsed(const ...
5 years, 5 months ago (2015-07-17 07:25:10 UTC) #18
lfg
https://codereview.chromium.org/1212163007/diff/140001/components/password_manager/content/browser/content_password_manager_driver.h File components/password_manager/content/browser/content_password_manager_driver.h (right): https://codereview.chromium.org/1212163007/diff/140001/components/password_manager/content/browser/content_password_manager_driver.h#newcode77 components/password_manager/content/browser/content_password_manager_driver.h:77: void PasswordFormsParsed(const std::vector<autofill::PasswordForm>& forms); On 2015/07/17 07:25:10, vabr (Chromium) ...
5 years, 5 months ago (2015-07-17 15:56:08 UTC) #19
lfg
isherman@chromium.org: Please review changes in tools/metrics/histograms/
5 years, 5 months ago (2015-07-17 15:56:51 UTC) #21
Ilya Sherman
histograms lgtm
5 years, 5 months ago (2015-07-17 19:40:59 UTC) #22
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1212163007/200001
5 years, 5 months ago (2015-07-17 19:51:02 UTC) #25
commit-bot: I haz the power
Committed patchset #11 (id:200001)
5 years, 5 months ago (2015-07-17 20:45:43 UTC) #26
commit-bot: I haz the power
5 years, 5 months ago (2015-07-17 20:46:45 UTC) #27
Message was sent while issue was closed. 
Patchset 11 (id:??) landed as
https://crrev.com/24d08379839a9c94d1c8aa10a8b04185dc6a9b19
Cr-Commit-Position: refs/heads/master@{#339322}

Powered by Google App Engine
This is Rietveld 408576698