Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1235863003: Don't create cross origins references in the extension system (Closed)

Created:
5 years, 5 months ago by jochen (gone - plz use gerrit)
Modified:
5 years, 5 months ago
CC:
chromium-apps-reviews_chromium.org, chromium-reviews, extensions-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Don't create cross origins references in the extension system BUG=504011 R=kalman@chromium.org,haraken@chromium.org Committed: https://crrev.com/3b1351e5ead02ced4a026fcc6c6a24215a428f56 Cr-Commit-Position: refs/heads/master@{#338573}

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+3 lines, -1 line) Patch
M extensions/renderer/v8_context_native_handler.cc View 2 chunks +3 lines, -1 line 1 comment Download

Messages

Total messages: 15 (1 generated)
jochen (gone - plz use gerrit)
5 years, 5 months ago (2015-07-13 11:42:14 UTC) #1
jochen (gone - plz use gerrit)
depends on https://codereview.chromium.org/1235463006/
5 years, 5 months ago (2015-07-13 11:42:27 UTC) #2
haraken
LGTM
5 years, 5 months ago (2015-07-13 12:24:55 UTC) #3
not at google - send to devlin
Is this an alternative to https://codereview.chromium.org/1231803002/?
5 years, 5 months ago (2015-07-13 17:20:03 UTC) #4
jochen (gone - plz use gerrit)
right. I see from the other CL that you propose a way to add an ...
5 years, 5 months ago (2015-07-13 17:22:43 UTC) #5
not at google - send to devlin
https://codereview.chromium.org/1235863003/diff/1/extensions/renderer/v8_context_native_handler.cc File extensions/renderer/v8_context_native_handler.cc (right): https://codereview.chromium.org/1235863003/diff/1/extensions/renderer/v8_context_native_handler.cc#newcode57 extensions/renderer/v8_context_native_handler.cc:57: if (blink::WebFrame::scriptCanAccess(context->web_frame())) What is the context for "scriptCanAccess"? Does ...
5 years, 5 months ago (2015-07-13 17:27:08 UTC) #6
jochen (gone - plz use gerrit)
it's calling context (the call maps to blink::BindingSecurity::shouldAllowAccessToFrame)
5 years, 5 months ago (2015-07-13 17:39:52 UTC) #7
not at google - send to devlin
but either way, blink::scriptCanAccess only takes a single WebFrame. Where does it get the other ...
5 years, 5 months ago (2015-07-13 18:29:01 UTC) #8
jochen (gone - plz use gerrit)
it compares the frame you pass to the calling context.
5 years, 5 months ago (2015-07-13 18:42:37 UTC) #9
jochen (gone - plz use gerrit)
On 2015/07/13 at 18:42:37, jochen wrote: > it compares the frame you pass to the ...
5 years, 5 months ago (2015-07-13 18:48:37 UTC) #10
not at google - send to devlin
ok got it thanks. lgtm.
5 years, 5 months ago (2015-07-13 19:13:00 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1235863003/1
5 years, 5 months ago (2015-07-13 21:03:15 UTC) #13
commit-bot: I haz the power
Committed patchset #1 (id:1)
5 years, 5 months ago (2015-07-13 22:09:39 UTC) #14
commit-bot: I haz the power
5 years, 5 months ago (2015-07-13 22:10:39 UTC) #15
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/3b1351e5ead02ced4a026fcc6c6a24215a428f56
Cr-Commit-Position: refs/heads/master@{#338573}

Powered by Google App Engine
This is Rietveld 408576698