Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issue 2007133004: Disallow navigation to documents not explicitly listed as web accessible. (Closed)

Created:
4 years, 7 months ago by nasko
Modified:
4 years, 6 months ago
CC:
chromium-reviews, chromium-apps-reviews_chromium.org, extensions-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Disallow navigation to documents not explicitly listed as web accessible. The existing check for web accessible resources is inadequate and allows navigations to non-whitelisted pages to succeed. This patch ensures that the document is listed explicitly in the manifest when a navigation is performed to it. BUG=576867 Committed: https://crrev.com/5cf9d45c437b7b2d899e46f2f324c147a2743eb7 Cr-Commit-Position: refs/heads/master@{#397066}

Patch Set 1 #

Patch Set 2 : Move check appropriately. #

Patch Set 3 : Temporarily remove GuestView check to gauge impact on tests. #

Patch Set 4 : Rearrange the checks a bit better. #

Patch Set 5 : Add a fix for subframes in extension pages. #

Patch Set 6 : Update ExtensionProtocolTest.IncognitoRequest expectations. #

Patch Set 7 : Fix up subframe cases. #

Total comments: 6

Patch Set 8 : Fix issues from code review. #

Messages

Total messages: 14 (6 generated)
nasko
Hey Antony, Can you review this CL for me? Thanks in advance! Nasko
4 years, 6 months ago (2016-05-27 23:05:14 UTC) #2
asargent_no_longer_on_chrome
lgtm https://codereview.chromium.org/2007133004/diff/120001/chrome/browser/extensions/extension_protocols_unittest.cc File chrome/browser/extensions/extension_protocols_unittest.cc (right): https://codereview.chromium.org/2007133004/diff/120001/chrome/browser/extensions/extension_protocols_unittest.cc#newcode349 chrome/browser/extensions/extension_protocols_unittest.cc:349: // All MAIN_FRAME and SUB_FRAME requests should succeed. ...
4 years, 6 months ago (2016-05-31 18:17:38 UTC) #3
nasko
https://codereview.chromium.org/2007133004/diff/120001/chrome/browser/extensions/extension_protocols_unittest.cc File chrome/browser/extensions/extension_protocols_unittest.cc (right): https://codereview.chromium.org/2007133004/diff/120001/chrome/browser/extensions/extension_protocols_unittest.cc#newcode349 chrome/browser/extensions/extension_protocols_unittest.cc:349: // All MAIN_FRAME and SUB_FRAME requests should succeed. On ...
4 years, 6 months ago (2016-05-31 23:16:17 UTC) #4
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2007133004/140001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/2007133004/140001
4 years, 6 months ago (2016-05-31 23:17:02 UTC) #6
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
4 years, 6 months ago (2016-06-01 01:26:27 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2007133004/140001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/2007133004/140001
4 years, 6 months ago (2016-06-01 05:30:55 UTC) #11
commit-bot: I haz the power
Committed patchset #8 (id:140001)
4 years, 6 months ago (2016-06-01 05:35:07 UTC) #12
commit-bot: I haz the power
4 years, 6 months ago (2016-06-01 05:36:19 UTC) #14
Message was sent while issue was closed.
Patchset 8 (id:??) landed as
https://crrev.com/5cf9d45c437b7b2d899e46f2f324c147a2743eb7
Cr-Commit-Position: refs/heads/master@{#397066}

Powered by Google App Engine
This is Rietveld 408576698