Chromium Code Reviews
Help | Chromium Project | Sign in
(1)

Issue 18865003: Do not allow HTTP refresh headers to refresh to javascript: URLs. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
1 year, 7 months ago by Tom Sepez
Modified:
1 year, 7 months ago
Reviewers:
abarth
CC:
blink-reviews, dglazkov+blink, Nate Chapin, eae+blinkwatch, adamk+blink_chromium.org, gavinp+loader_chromium.org
Visibility:
Public.

Description

Do not allow HTTP refresh headers to refresh to javascript: URLs. This behaviour has been standard in IE since IE7. This makes us both more compatible and less vulnerable to XSS. BUG=258151 R=abarth@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=153912

Patch Set 1 #

Messages

Total messages: 4 (0 generated)
Tom Sepez
Adam, please review.
1 year, 7 months ago (2013-07-09 21:07:49 UTC) #1
abarth
LGTM. We might want to mention this change in the blog post for M30. Would ...
1 year, 7 months ago (2013-07-09 21:11:15 UTC) #2
I haz the power (commit-bot)
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/18865003/1
1 year, 7 months ago (2013-07-10 16:16:15 UTC) #3
I haz the power (commit-bot)
1 year, 7 months ago (2013-07-10 18:02:37 UTC) #4
Message was sent while issue was closed.
Change committed as 153912
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 87e6a26