Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(3)

Issue 2183423002: Only do security checks on javascript: URLs for frames for loading (Closed)

Created:
2 years, 9 months ago by jochen (gone - plz use gerrit)
Modified:
2 years, 2 months ago
CC:
blink-reviews, blink-reviews-html_chromium.org, chromium-reviews, dglazkov+blink
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Only do security checks on javascript: URLs for frames for loading During layout, we don't know what origin set the URL, so we can't do the check. On the other hand, assert that we can actually do the check for loading. BUG=628942, 618138 R=dcheng@chromium.org,dominicc@chromium.org

Patch Set 1 #

Total comments: 5

Patch Set 2 : updates #

Patch Set 3 : updates #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+21 lines, -5 lines) Patch
M third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp View 1 1 chunk +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/core/html/HTMLFrameElementBase.h View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp View 1 2 3 chunks +18 lines, -4 lines 1 comment Download

Messages

Total messages: 28 (13 generated)
jochen (gone - plz use gerrit)
2 years, 9 months ago (2016-07-27 09:17:56 UTC) #1
dcheng
Incidentally, I think this would also address https://bugs.chromium.org/p/chromium/issues/detail?id=618138 https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp File third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp (right): https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp#newcode60 third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp:60: if ...
2 years, 9 months ago (2016-07-27 15:15:58 UTC) #6
jochen (gone - plz use gerrit)
https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp File third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp (right): https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp#newcode60 third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp:60: if (reason == WillLoadURL && protocolIsJavaScript(completeURL)) { On 2016/07/27 ...
2 years, 9 months ago (2016-07-27 15:19:37 UTC) #8
jochen (gone - plz use gerrit)
also referenced your bug from the CL desc
2 years, 9 months ago (2016-07-27 15:20:22 UTC) #11
dcheng
https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp File third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp (right): https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp#newcode60 third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp:60: if (reason == WillLoadURL && protocolIsJavaScript(completeURL)) { On 2016/07/27 ...
2 years, 9 months ago (2016-07-27 15:39:06 UTC) #12
jochen (gone - plz use gerrit)
On 2016/07/27 at 15:39:06, dcheng wrote: > https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp > File third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp (right): > > https://codereview.chromium.org/2183423002/diff/1/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp#newcode60 ...
2 years, 9 months ago (2016-07-27 18:31:09 UTC) #15
dominicc (has gone to gerrit)
Naive question: Would it be better to just always give non-display: none; iframes layout objects, ...
2 years, 9 months ago (2016-07-28 01:22:57 UTC) #16
jochen (gone - plz use gerrit)
On 2016/07/28 at 01:22:57, dominicc wrote: > Naive question: Would it be better to just ...
2 years, 9 months ago (2016-07-28 06:55:48 UTC) #17
dcheng
On 2016/07/28 06:55:48, jochen wrote: > On 2016/07/28 at 01:22:57, dominicc wrote: > > Naive ...
2 years, 9 months ago (2016-07-28 06:57:56 UTC) #18
jochen (gone - plz use gerrit)
On 2016/07/28 at 06:57:56, dcheng wrote: > On 2016/07/28 06:55:48, jochen wrote: > > On ...
2 years, 9 months ago (2016-07-28 07:09:02 UTC) #19
jochen (gone - plz use gerrit)
updated
2 years, 9 months ago (2016-07-28 07:16:33 UTC) #21
dcheng
https://codereview.chromium.org/2183423002/diff/40001/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp File third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp (right): https://codereview.chromium.org/2183423002/diff/40001/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp#newcode192 third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp:192: if (!m_URL.isEmpty()) { OK, so I thought this would ...
2 years, 9 months ago (2016-07-28 08:55:03 UTC) #25
jochen (gone - plz use gerrit)
On 2016/07/28 at 08:55:03, dcheng wrote: > https://codereview.chromium.org/2183423002/diff/40001/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp > File third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp (right): > > https://codereview.chromium.org/2183423002/diff/40001/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp#newcode192 ...
2 years, 9 months ago (2016-07-28 08:56:13 UTC) #26
dcheng
On 2016/07/28 08:56:13, jochen wrote: > On 2016/07/28 at 08:55:03, dcheng wrote: > > > ...
2 years, 9 months ago (2016-07-29 08:41:47 UTC) #27
jochen (gone - plz use gerrit)
2 years, 9 months ago (2016-08-01 12:20:25 UTC) #28
so back to WillLoadURL?

Powered by Google App Engine
This is Rietveld 408576698