|
|
Created:
4 years, 5 months ago by cruise1008 Modified:
4 years, 5 months ago Reviewers:
CC:
chromium-reviews Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
Descriptionnew issue has created and moved to https://codereview.chromium.org/2167573003/.
please check that issue and review and discuss about the feature.
Thank you.
As we have changed the account to use company email "alipay", belong to Alibaba inc..
#######
Add one step to verify the signature in intent for chrome while the intent has a scheme for the app.
BUG=629713
TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature,
the chrome won't start activity of the fake app.
e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".
optimized intent(add sha256):
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".
the method is compatible for all chrome.
Patch Set 1 #Patch Set 2 : refine code style #Patch Set 3 : refine code style #
Total comments: 2
Messages
Total messages: 16 (11 generated)
Description was changed from ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG = 629055 TEST = start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app.: ========== to ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG = 629055 TEST = start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add finger256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;finger256=38:9B:49:F7:83:2F:53:E9:01:79:23:22:0A:A8:5E:14:DF:AA:48:86:EC:D7:42:88:18:BF:33:95:43:CF:49:8A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
I recommend that you re-upload the patch with your @alibaba-inc.com email. Alibaba employees are already allowed to submit patches to Chromium. If you must use your @gmail.com email, then please sign the individual agreement in https://cla.developers.google.com/. Whichever method your choose, please put your email address and name in the AUTHORS file: https://cs.chromium.org/chromium/src/AUTHORS
Description was changed from ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG = 629055 TEST = start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add finger256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;finger256=38:9B:49:F7:83:2F:53:E9:01:79:23:22:0A:A8:5E:14:DF:AA:48:86:EC:D7:42:88:18:BF:33:95:43:CF:49:8A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG = 629055 TEST = start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add finger256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
Description was changed from ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG = 629055 TEST = start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add finger256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG = 629055 TEST = start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
On 2016/07/18 17:41:35, Rouslan (ツ) wrote: > I recommend that you re-upload the patch with your @alibaba-inc.com email. > Alibaba employees are already allowed to submit patches to Chromium. If you must > use your @gmail.com email, then please sign the individual agreement in > https://cla.developers.google.com/. > > Whichever method your choose, please put your email address and name in the > AUTHORS file: > > https://cs.chromium.org/chromium/src/AUTHORS Thank you for your advice, I am not familiar with these steps, could you please tell the detail how to login with non google account? I tried but failed, had no idea.
Description was changed from ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG = 629055 TEST = start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
Description was changed from ========== add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
esprehn@chromium.org changed reviewers: + esprehn@chromium.org
Can you explain how this works in the change description? What are we hashing? How will the links work if the app is updated? What should developers do to use this feature? https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src... File chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java (right): https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src... chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:148: fingerPrint = fingerprint.replaceAll(":", ""); I don't think other parts of the platform make this optional, can we just not allow colons? https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src... chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:158: return OverrideUrlLoadingResult.NO_OVERRIDE; Why would there be a exception? Can you scope this to what actually throws?
esprehn@chromium.org changed reviewers: - esprehn@chromium.org
Message was sent while issue was closed.
Description was changed from ========== Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
Description was changed from ========== Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== new issue has created and moved to https://codereview.chromium.org/2160193002/. please check that issue and review and discuss about the feature. Thank you. ####### Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
Description was changed from ========== new issue has created and moved to https://codereview.chromium.org/2160193002/. please check that issue and review and discuss about the feature. Thank you. ####### Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== new issue has created and moved to https://codereview.chromium.org/2160193002/. please check that issue and review and discuss about the feature. Thank you. As we have changed the account to use company email "alipay", belong to Alibaba inc.. ####### Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ==========
On 2016/07/19 05:52:12, esprehn wrote: > Can you explain how this works in the change description? What are we hashing? > How will the links work if the app is updated? What should developers do to use > this feature? > > https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src... > File > chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java > (right): > > https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src... > chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:148: > fingerPrint = fingerprint.replaceAll(":", ""); > I don't think other parts of the platform make this optional, can we just not > allow colons? > > https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src... > chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:158: > return OverrideUrlLoadingResult.NO_OVERRIDE; > Why would there be a exception? Can you scope this to what actually throws? thanks a lot for your attention , I have changed the code as you point out. But I am sorry to tell you I have move the stuff to https://codereview.chromium.org/2160193002/, could you follow here and discuss more? Thank you.
Closing this code review in favor of http://crrev.com/2160193002, which has been uploaded in order to use author's @alipay.com email address.
Message was sent while issue was closed.
Description was changed from ========== new issue has created and moved to https://codereview.chromium.org/2160193002/. please check that issue and review and discuss about the feature. Thank you. As we have changed the account to use company email "alipay", belong to Alibaba inc.. ####### Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629055 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== to ========== new issue has created and moved to https://codereview.chromium.org/2167573003/. please check that issue and review and discuss about the feature. Thank you. As we have changed the account to use company email "alipay", belong to Alibaba inc.. ####### Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. BUG=629713 TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature, the chrome won't start activity of the fake app. e.g. original intent: "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end". optimized intent(add sha256): "intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end". the method is compatible for all chrome. ========== |