Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(193)

Issue 1775423002: Fix potential XSS on the NTP (Closed)

Created:
4 years, 9 months ago by Marc Treib
Modified:
4 years, 9 months ago
CC:
arv+watch_chromium.org, chromium-reviews, David Black, dhollowa+watch_chromium.org, donnd+watch_chromium.org, dougw+watch_chromium.org, Jered, jfweitz+watch_chromium.org, kmadhusu+watch_chromium.org, melevin+watch_chromium.org, samarth+watch_chromium.org, skanuj+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix potential XSS on the NTP BUG=592956 Committed: https://crrev.com/120894e0c50e42babadb6314cc997b1f3d7ddd00 Cr-Commit-Position: refs/heads/master@{#380640}

Patch Set 1 #

Total comments: 3

Patch Set 2 : whitelist #

Unified diffs Side-by-side diffs Delta from patch set Stats (+18 lines, -21 lines) Patch
M chrome/browser/resources/local_ntp/most_visited_single.js View 1 3 chunks +18 lines, -21 lines 0 comments Download

Messages

Total messages: 16 (3 generated)
Marc Treib
PTAL! https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js File chrome/browser/resources/local_ntp/most_visited_single.js (left): https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js#oldcode274 chrome/browser/resources/local_ntp/most_visited_single.js:274: if (navigator.sendBeacon) { navigator.sendBeacon has existed since Chrome ...
4 years, 9 months ago (2016-03-09 15:24:03 UTC) #2
jochen (gone - plz use gerrit)
https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js File chrome/browser/resources/local_ntp/most_visited_single.js (right): https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js#newcode347 chrome/browser/resources/local_ntp/most_visited_single.js:347: if (!data.url.startsWith('javascript:')) { what about blob URLs etc? Would ...
4 years, 9 months ago (2016-03-09 15:26:41 UTC) #3
Marc Treib
https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js File chrome/browser/resources/local_ntp/most_visited_single.js (right): https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js#newcode347 chrome/browser/resources/local_ntp/most_visited_single.js:347: if (!data.url.startsWith('javascript:')) { On 2016/03/09 15:26:41, jochen wrote: > ...
4 years, 9 months ago (2016-03-09 16:28:34 UTC) #4
jochen (gone - plz use gerrit)
On 2016/03/09 at 16:28:34, treib wrote: > https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js > File chrome/browser/resources/local_ntp/most_visited_single.js (right): > > https://codereview.chromium.org/1775423002/diff/1/chrome/browser/resources/local_ntp/most_visited_single.js#newcode347 ...
4 years, 9 months ago (2016-03-09 16:36:03 UTC) #5
Marc Treib
On 2016/03/09 16:36:03, jochen wrote: > On 2016/03/09 at 16:28:34, treib wrote: > > > ...
4 years, 9 months ago (2016-03-09 17:03:35 UTC) #6
jochen (gone - plz use gerrit)
On 2016/03/09 at 17:03:35, treib wrote: > On 2016/03/09 16:36:03, jochen wrote: > > On ...
4 years, 9 months ago (2016-03-09 17:09:35 UTC) #7
Marc Treib
On 2016/03/09 17:09:35, jochen wrote: > On 2016/03/09 at 17:03:35, treib wrote: > > On ...
4 years, 9 months ago (2016-03-10 14:21:30 UTC) #8
jochen (gone - plz use gerrit)
On 2016/03/10 at 14:21:30, treib wrote: > On 2016/03/09 17:09:35, jochen wrote: > > On ...
4 years, 9 months ago (2016-03-10 14:25:43 UTC) #9
Marc Treib
On 2016/03/10 14:25:43, jochen wrote: > On 2016/03/10 at 14:21:30, treib wrote: > > On ...
4 years, 9 months ago (2016-03-11 12:51:28 UTC) #10
jochen (gone - plz use gerrit)
lgtm
4 years, 9 months ago (2016-03-11 12:56:05 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1775423002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1775423002/20001
4 years, 9 months ago (2016-03-11 14:37:03 UTC) #13
commit-bot: I haz the power
Committed patchset #2 (id:20001)
4 years, 9 months ago (2016-03-11 15:27:50 UTC) #14
commit-bot: I haz the power
4 years, 9 months ago (2016-03-11 15:29:17 UTC) #16
Message was sent while issue was closed.
Patchset 2 (id:??) landed as
https://crrev.com/120894e0c50e42babadb6314cc997b1f3d7ddd00
Cr-Commit-Position: refs/heads/master@{#380640}

Powered by Google App Engine
This is Rietveld 408576698