Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(139)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 19564003: Populate cross-origin location access SecurityError messages. (Closed)

Created:
7 years, 5 months ago by Mike West
Modified:
7 years, 5 months ago
CC:
blink-reviews, Nils Barth (inactive), kojih, jsbell+bindings_chromium.org, eae+blinkwatch, abarth-chromium, marja+watch_chromium.org, dglazkov+blink, adamk+blink_chromium.org, mkwst+watchlist_chromium.org, Nate Chapin, do-not-use
Visibility:
Public.

Description

Populate cross-origin location access SecurityError messages. We currently add a message to the console each time a Location object is accessed cross-origin, in addition to throwing a SecurityError exception. We should allow developers to suppress the console message by catching and properly handling any exception that's generated. This patch adds the ability to pipe a message through 'setDOMException()' such that it's applied as the exception's message property. When we deny access to a Location object, we can use this new method, and avoid writing an unsuppressable message out to the console. BUG=17325 R=abarth@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=154564

Patch Set 1 #

Total comments: 6

Patch Set 2 : rebaseline. #

Patch Set 3 : rerebaseline. #

Patch Set 4 : Rebase. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+26 lines, -176 lines) Patch
M LayoutTests/http/tests/inspector/console-cross-origin-iframe-logging.html View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/inspector/console-cross-origin-iframe-logging-expected.txt View 1 1 chunk +0 lines, -4 lines 0 comments Download
M LayoutTests/http/tests/plugins/cross-frame-object-access-expected.txt View 1 2 1 chunk +1 line, -5 lines 0 comments Download
M LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt View 1 chunk +0 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt View 1 chunk +0 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt View 1 chunk +0 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt View 1 chunk +0 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt View 1 1 chunk +0 lines, -11 lines 0 comments Download
M LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt View 1 1 chunk +0 lines, -24 lines 0 comments Download
M LayoutTests/http/tests/security/cross-frame-access-location-get-override-expected.txt View 1 1 chunk +0 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt View 1 1 chunk +5 lines, -10 lines 0 comments Download
M LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt View 1 chunk +0 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-hash-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-host-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-hostname-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-nonstandardProperty-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-pathname-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-protocol-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-reload-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-assign-location-search-expected.txt View 1 chunk +1 line, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xss-DENIED-defineProperty-expected.txt View 1 1 chunk +0 lines, -42 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location-expected.txt View 1 chunk +2 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-base-href-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-javascript-link-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-cross-domain-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M Source/bindings/v8/V8Binding.h View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M Source/bindings/v8/V8Binding.cpp View 1 2 3 1 chunk +5 lines, -0 lines 0 comments Download
M Source/bindings/v8/V8Initializer.cpp View 1 2 3 1 chunk +3 lines, -2 lines 0 comments Download

Messages

Total messages: 18 (0 generated)
Mike West
Still have some rebaselining to do, but what do you think about this change, Adam?
7 years, 5 months ago (2013-07-17 18:12:03 UTC) #1
abarth-chromium
https://codereview.chromium.org/19564003/diff/1/Source/bindings/v8/V8Initializer.cpp File Source/bindings/v8/V8Initializer.cpp (right): https://codereview.chromium.org/19564003/diff/1/Source/bindings/v8/V8Initializer.cpp#newcode110 Source/bindings/v8/V8Initializer.cpp:110: setDOMException(SecurityError, targetWindow->crossDomainAccessErrorMessage(activeDOMWindow()).utf8().data(), v8::Isolate::GetCurrent()); Why utf8().data()? Can't we just pass ...
7 years, 5 months ago (2013-07-17 18:27:58 UTC) #2
Mike West
On 2013/07/17 18:27:58, abarth wrote: > https://codereview.chromium.org/19564003/diff/1/Source/bindings/v8/V8Initializer.cpp > File Source/bindings/v8/V8Initializer.cpp (right): > > https://codereview.chromium.org/19564003/diff/1/Source/bindings/v8/V8Initializer.cpp#newcode110 > ...
7 years, 5 months ago (2013-07-17 18:37:36 UTC) #3
Mike West
Actually +arv
7 years, 5 months ago (2013-07-17 18:38:10 UTC) #4
abarth-chromium
DOMException::m_message is a String...
7 years, 5 months ago (2013-07-17 18:40:36 UTC) #5
Mike West
On 2013/07/17 18:40:36, abarth wrote: > DOMException::m_message is a String... Oh. Hrm. Then why the ...
7 years, 5 months ago (2013-07-17 18:43:22 UTC) #6
arv (Not doing code reviews)
https://codereview.chromium.org/19564003/diff/1/LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt File LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt (right): https://codereview.chromium.org/19564003/diff/1/LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt#newcode2 LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt:2: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing ...
7 years, 5 months ago (2013-07-17 18:48:55 UTC) #7
arv (Not doing code reviews)
Lets clean up the char* vs String. It looks like my bad. On Wed, Jul ...
7 years, 5 months ago (2013-07-17 18:50:14 UTC) #8
Mike West
Cool. I'll hold on this until https://codereview.chromium.org/19684003/lands. Thanks! https://codereview.chromium.org/19564003/diff/1/LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt File LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt (right): https://codereview.chromium.org/19564003/diff/1/LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt#newcode2 LayoutTests/http/tests/security/cross-frame-access-location-put-expected.txt:2: SecurityError: ...
7 years, 5 months ago (2013-07-18 07:41:23 UTC) #9
Mike West
Hello again! I've rebased this patch on top of arv@'s String conversion. Would you mind ...
7 years, 5 months ago (2013-07-19 06:44:05 UTC) #10
abarth-chromium
Code change LGTM. I didn't review the changes to the tests.
7 years, 5 months ago (2013-07-19 08:03:10 UTC) #11
haraken
Given the code change is OK, the test changes look OK. LGTM.
7 years, 5 months ago (2013-07-19 08:50:42 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/19564003/22001
7 years, 5 months ago (2013-07-19 09:21:24 UTC) #13
commit-bot: I haz the power
Retried try job too often on linux_blink_rel for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_blink_rel&number=93
7 years, 5 months ago (2013-07-19 09:59:42 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/19564003/22001
7 years, 5 months ago (2013-07-19 10:15:00 UTC) #15
commit-bot: I haz the power
Retried try job too often on win_blink_rel for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=win_blink_rel&number=74
7 years, 5 months ago (2013-07-19 10:50:52 UTC) #16
Mike West
Committed patchset #4 manually as r154564 (presubmit successful).
7 years, 5 months ago (2013-07-19 11:19:05 UTC) #17
arv (Not doing code reviews)
7 years, 5 months ago (2013-07-19 16:50:13 UTC) #18
Message was sent while issue was closed. 
LGTM

Powered by Google App Engine
This is Rietveld 408576698