chrome/browser/resources/local_ntp/most_visited_single.js - Issue 1775423002: Fix potential XSS on the NTP

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/resources/local_ntp/most_visited_single.js

Issue 1775423002: Fix potential XSS on the NTP (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: whitelist Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/resources/local_ntp/most_visited_single.js

diff --git a/chrome/browser/resources/local_ntp/most_visited_single.js b/chrome/browser/resources/local_ntp/most_visited_single.js

index d6a1d5ccf564cc9959d479188b76682839f3de97..5a7350ac7e267614ed557dcc1b6e485de335fff6 100644

--- a/chrome/browser/resources/local_ntp/most_visited_single.js

+++ b/chrome/browser/resources/local_ntp/most_visited_single.js

@@ -271,15 +271,7 @@ var showTiles = function() {

tiles = document.createElement('div');

if (impressionUrl) {

- if (navigator.sendBeacon) {

- navigator.sendBeacon(impressionUrl);

- } else {

- // if sendBeacon is not enabled, we fallback to "a ping".

- var a = document.createElement('a');

- a.href = '#';

- a.ping = impressionUrl;

- a.click();

- }

+ navigator.sendBeacon(impressionUrl);

impressionUrl = null;

}

};

@@ -327,6 +319,17 @@ var blacklistTile = function(tile) {

/**

+ * Returns whether the given URL has a known, safe scheme.

+ * @param {string} url URL to check.

+ */

+var isSchemeAllowed = function(url) {

+ return url.startsWith('http://') || url.startsWith('https://') ||

+ url.startsWith('ftp://') || url.startsWith('file://') ||

+ url.startsWith('chrome-extension://');

+};

+/**

* Renders a MostVisited tile to the DOM.

* @param {object} data Object containing rid, url, title, favicon, thumbnail.

* data is null if you want to construct an empty tile.

@@ -343,31 +346,25 @@ var renderTile = function(data) {

tile.className = 'mv-tile';

tile.setAttribute('data-tid', data.tid);

- var tooltip = queryArgs['removeTooltip'] || '';

var html = [];

if (!USE_ICONS) {

html.push('<div class="mv-favicon"></div>');

}

html.push('<div class="mv-title"></div><div class="mv-thumb"></div>');

- html.push('<div title="' + tooltip + '" class="mv-x"></div>');

+ html.push('<div class="mv-x"></div>');

tile.innerHTML = html.join('');

+ tile.lastElementChild.title = queryArgs['removeTooltip'] || '';

- tile.href = data.url;

+ if (isSchemeAllowed(data.url)) {

+ tile.href = data.url;

+ }

tile.title = data.title;

if (data.impressionUrl) {

impressionUrl = data.impressionUrl;

}

if (data.pingUrl) {

tile.addEventListener('click', function(ev) {

- if (navigator.sendBeacon) {

- navigator.sendBeacon(data.pingUrl);

- } else {

- // if sendBeacon is not enabled, we fallback to "a ping".

- var a = document.createElement('a');

- a.href = '#';

- a.ping = data.pingUrl;

- a.click();

- }

+ navigator.sendBeacon(data.pingUrl);

});

}

// For local suggestions, we use navigateContentWindow instead of the default

« no previous file with comments | « no previous file | no next file » | no next file with comments »