Issue 211853002: Revert 169711 "Prevent web content from forging File entries in ..."

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 211853002: Revert 169711 "Prevent web content from forging File entries in ..." (Closed)

Created:
6 years, 9 months ago by dcheng

Modified:
6 years, 9 months ago

Reviewers:
dcheng

CC:
blink-reviews

Base URL:
svn://svn.chromium.org/blink/

Visibility:
Public.

More Reviews

Description

Revert 169711 "Prevent web content from forging File entries in ..." As it turns out, we only needed to patch the Chrome side. > Prevent web content from forging File entries in drag and drop. > > There are two separate bugs that this and the corresponding Chrome patch > aim to address: > - On Linux, files and URLs are transferred in the same MIME type, so > it's impossible to tell if a filename was set by a trusted source or > forged by web content. > - DownloadURL triggers the download of potentially cross-origin content. > On some platforms, such as Windows, the resulting download is treated > as a file drag by Chrome, allowing web content to read cross origin > content. > > In order to prevent web content from doing this, drags initiated by a > renderer will be marked as tainted. When tainted drags are over web > content, Blink will only allow the resulting filename to be used for > navigation, with Chrome enforcing this with the sandbox policy. > > Unfortunately, this does break some potentially interesting use cases > like being able to drag an attachment from Gmail to a file input, but > those will have to be separately addressed, if possible. > > BUG=346135 > R=abarth@chromium.org, tony@chromium.org > > Review URL: https://codereview.chromium.org/193803002 TBR=dcheng@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=169979

Patch Set 1 #

Created: 6 years, 9 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+8 lines, -28 lines)			Patch
M	trunk/Source/core/clipboard/DataObject.h	View	2 chunks	+0 lines, -6 lines	0 comments	Download
M	trunk/Source/core/page/DragController.cpp	View	2 chunks	+2 lines, -2 lines	0 comments	Download
M	trunk/Source/core/page/DragData.h	View	2 chunks	+2 lines, -3 lines	0 comments	Download
M	trunk/Source/core/page/DragData.cpp	View	1 chunk	+4 lines, -9 lines	0 comments	Download
M	trunk/Source/web/WebDragData.cpp	View	1 chunk	+0 lines, -6 lines	0 comments	Download
M	trunk/public/platform/WebDragData.h	View	1 chunk	+0 lines, -2 lines	0 comments	Download

Messages

Total messages: 2 (0 generated)

Expand Messages | Collapse Messages

Message was sent while issue was closed.

Committed patchset #1 manually as r169979.

Expand Messages | Collapse Messages