Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(112)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1318153009: CSP: Loosen restrictions on inline style and event attributes. (Closed)

Created:
5 years, 3 months ago by Mike West
Modified:
5 years, 3 months ago
CC:
blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, eae+blinkwatch, rwlbuis, sof
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

CSP: Loosen restrictions on inline style and event attributes. We weren't properly performing the bypass check for inline style attributes, nor were we correctly bypassing CSP for inline event handlers. Of course, extensions shouldn't use either of these, but they do. Because of course they do. BUG=524356 R=jochen@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201974

Patch Set 1 #

Messages

Total messages: 5 (1 generated)
Mike West
Mind taking a look at this pretty straightforward fix?
5 years, 3 months ago (2015-09-09 10:06:21 UTC) #1
jochen (gone - plz use gerrit)
lgtm
5 years, 3 months ago (2015-09-09 10:24:21 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1318153009/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1318153009/1
5 years, 3 months ago (2015-09-09 11:27:46 UTC) #4
commit-bot: I haz the power
5 years, 3 months ago (2015-09-09 12:47:22 UTC) #5
Message was sent while issue was closed. 
Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=201974

Powered by Google App Engine
This is Rietveld 408576698