Chromium Code Reviews
Help | Chromium Project | Sign in
(163)

Issue 18865003: Do not allow HTTP refresh headers to refresh to javascript: URLs. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
2 years ago by Tom Sepez
Modified:
2 years ago
Reviewers:
abarth-chromium
CC:
blink-reviews, dglazkov+blink, Nate Chapin, eae+blinkwatch, adamk+blink_chromium.org, gavinp+loader_chromium.org
Visibility:
Public.

Description

Do not allow HTTP refresh headers to refresh to javascript: URLs. This behaviour has been standard in IE since IE7. This makes us both more compatible and less vulnerable to XSS. BUG=258151 R=abarth@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=153912

Patch Set 1 #

Messages

Total messages: 4 (0 generated)
Tom Sepez
Adam, please review.
2 years ago (2013-07-09 21:07:49 UTC) #1
abarth-chromium
LGTM. We might want to mention this change in the blog post for M30. Would ...
2 years ago (2013-07-09 21:11:15 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/18865003/1
2 years ago (2013-07-10 16:16:15 UTC) #3
commit-bot: I haz the power
2 years ago (2013-07-10 18:02:37 UTC) #4
Message was sent while issue was closed.
Change committed as 153912
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 5fa3ca5