Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(6)

Issue 1235863003: Don't create cross origins references in the extension system (Closed)

Created:
3 years ago by jochen (gone - plz use gerrit)
Modified:
3 years ago
CC:
chromium-apps-reviews_chromium.org, chromium-reviews, extensions-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Don't create cross origins references in the extension system BUG=504011 R=kalman@chromium.org,haraken@chromium.org Committed: https://crrev.com/3b1351e5ead02ced4a026fcc6c6a24215a428f56 Cr-Commit-Position: refs/heads/master@{#338573}

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+3 lines, -1 line) Patch
M extensions/renderer/v8_context_native_handler.cc View 2 chunks +3 lines, -1 line 1 comment Download

Messages

Total messages: 15 (1 generated)
jochen (gone - plz use gerrit)
3 years ago (2015-07-13 11:42:14 UTC) #1
jochen (gone - plz use gerrit)
depends on https://codereview.chromium.org/1235463006/
3 years ago (2015-07-13 11:42:27 UTC) #2
haraken
LGTM
3 years ago (2015-07-13 12:24:55 UTC) #3
not at google - send to devlin
Is this an alternative to https://codereview.chromium.org/1231803002/?
3 years ago (2015-07-13 17:20:03 UTC) #4
jochen (gone - plz use gerrit)
right. I see from the other CL that you propose a way to add an ...
3 years ago (2015-07-13 17:22:43 UTC) #5
not at google - send to devlin
https://codereview.chromium.org/1235863003/diff/1/extensions/renderer/v8_context_native_handler.cc File extensions/renderer/v8_context_native_handler.cc (right): https://codereview.chromium.org/1235863003/diff/1/extensions/renderer/v8_context_native_handler.cc#newcode57 extensions/renderer/v8_context_native_handler.cc:57: if (blink::WebFrame::scriptCanAccess(context->web_frame())) What is the context for "scriptCanAccess"? Does ...
3 years ago (2015-07-13 17:27:08 UTC) #6
jochen (gone - plz use gerrit)
it's calling context (the call maps to blink::BindingSecurity::shouldAllowAccessToFrame)
3 years ago (2015-07-13 17:39:52 UTC) #7
not at google - send to devlin
but either way, blink::scriptCanAccess only takes a single WebFrame. Where does it get the other ...
3 years ago (2015-07-13 18:29:01 UTC) #8
jochen (gone - plz use gerrit)
it compares the frame you pass to the calling context.
3 years ago (2015-07-13 18:42:37 UTC) #9
jochen (gone - plz use gerrit)
On 2015/07/13 at 18:42:37, jochen wrote: > it compares the frame you pass to the ...
3 years ago (2015-07-13 18:48:37 UTC) #10
not at google - send to devlin
ok got it thanks. lgtm.
3 years ago (2015-07-13 19:13:00 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1235863003/1
3 years ago (2015-07-13 21:03:15 UTC) #13
commit-bot: I haz the power
Committed patchset #1 (id:1)
3 years ago (2015-07-13 22:09:39 UTC) #14
commit-bot: I haz the power
3 years ago (2015-07-13 22:10:39 UTC) #15
Message was sent while issue was closed.
Patchset 1 (id:??) landed as
https://crrev.com/3b1351e5ead02ced4a026fcc6c6a24215a428f56
Cr-Commit-Position: refs/heads/master@{#338573}

Powered by Google App Engine
This is Rietveld 408576698