Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(320)

Issue 2154213003: Prevent 'javascript:' URL execution in sandboxed frame. (Closed)

Created:
4 years, 5 months ago by Mike West
Modified:
4 years, 5 months ago
CC:
blink-reviews, blink-reviews-html_chromium.org, chromium-reviews, dglazkov+blink
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Prevent 'javascript:' URL execution in sandboxed frame. [1] notes that Chrome is violating step 1 of [2] by allowing `<iframe sandbox=allow-scripts src="javascript:alert(1)">` to execute JavaScript in an origin distinct from its parent (due to sandboxing). This patch closes that gap with Firefox. [1]: https://github.com/w3c/webappsec-secure-contexts/issues/26#issuecomment-214801969 [2]: https://html.spec.whatwg.org/multipage/browsers.html#javascript-protocol BUG=629083 R=jochen@chromium.org Committed: https://crrev.com/b20beeee90777c7a7cf3ed05fd1946938175a8a1 Cr-Commit-Position: refs/heads/master@{#406255}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+22 lines, -0 lines) Patch
A third_party/WebKit/LayoutTests/http/tests/security/sandboxed-iframe-javascript-url.html View 1 chunk +20 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp View 1 chunk +2 lines, -0 lines 0 comments Download

Messages

Total messages: 11 (6 generated)
Mike West
WDYT, Jochen? The test is pretty terrible, but I don't have better ideas.
4 years, 5 months ago (2016-07-18 14:25:36 UTC) #2
jochen (gone - plz use gerrit)
lgtm
4 years, 5 months ago (2016-07-19 12:20:49 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2154213003/1
4 years, 5 months ago (2016-07-19 12:42:36 UTC) #8
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 5 months ago (2016-07-19 12:47:50 UTC) #9
commit-bot: I haz the power
4 years, 5 months ago (2016-07-19 12:50:25 UTC) #11
Message was sent while issue was closed.
Patchset 1 (id:??) landed as
https://crrev.com/b20beeee90777c7a7cf3ed05fd1946938175a8a1
Cr-Commit-Position: refs/heads/master@{#406255}

Powered by Google App Engine
This is Rietveld 408576698