Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1998743002: Apply ScrLike truncation to base href attribute's URL (Closed)

Created:
4 years, 7 months ago by Tom Sepez
Modified:
4 years, 6 months ago
Reviewers:
Mike West
CC:
blink-reviews, blink-reviews-html_chromium.org, chromium-reviews, dglazkov+blink, kinuko+watch
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Apply ScrLike truncation to base href attribute's URL Otherwise, the same techniques can be applied to it as with other kinds of injected URLs. Committed: https://crrev.com/b60f49a81f8dc8d9b9b88cb2707a25751acd9682 Cr-Commit-Position: refs/heads/master@{#396931}

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+5 lines, -2 lines) Patch
A + third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-unterminated.html View 1 chunk +1 line, -1 line 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-unterminated-expected.txt View 1 chunk +3 lines, -0 lines 1 comment Download
M third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 9 (3 generated)
Tom Sepez
Mike, for review. Minor oversight here in passing the right flag when filtering the attribute.
4 years, 7 months ago (2016-05-19 17:49:22 UTC) #2
Tom Sepez
https://codereview.chromium.org/1998743002/diff/1/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-unterminated-expected.txt File third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-unterminated-expected.txt (right): https://codereview.chromium.org/1998743002/diff/1/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-unterminated-expected.txt#newcode2 third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/base-href-unterminated-expected.txt:2: ALERT: This is a safe script. Note: This runs ...
4 years, 7 months ago (2016-05-19 17:50:59 UTC) #3
Mike West
LGTM! Sorry for the delay on this tiny CL, I was OOO.
4 years, 6 months ago (2016-05-30 11:03:12 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1998743002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1998743002/1
4 years, 6 months ago (2016-05-31 16:39:18 UTC) #6
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 6 months ago (2016-05-31 21:14:11 UTC) #7
commit-bot: I haz the power
4 years, 6 months ago (2016-05-31 21:16:18 UTC) #9
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/b60f49a81f8dc8d9b9b88cb2707a25751acd9682
Cr-Commit-Position: refs/heads/master@{#396931}

Powered by Google App Engine
This is Rietveld 408576698