Chromium Code Reviews
Help | Chromium Project | Sign in
(18)

Issue 2323273003: Ignore Javascript urls dropped on tabs (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
6 months, 2 weeks ago by elawrence
Modified:
6 months, 1 week ago
Reviewers:
*Peter Kasting, dcheng
CC:
tfarina
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Ignore Javascript urls dropped on tabs When a Javascript: url is dropped on a tab, it executes in the security context of the selected tab, representing a script injection attack ("Dropjacking"). We will match other browsers and disallow such drops. BUG=639750 Committed: https://crrev.com/d1a8cbeec4d9f9520a4bb1f4db6d3f62900ee709 Cr-Commit-Position: refs/heads/master@{#418620}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Address nits #

Messages

Total messages: 30 (15 generated)
elawrence
Please take a look. Thanks!
6 months, 2 weeks ago (2016-09-09 17:57:24 UTC) #7
dcheng
What happens if the URL is dropped on web content area instead of the tab ...
6 months, 2 weeks ago (2016-09-09 20:30:09 UTC) #9
Peter Kasting
Can this be tested? LGTM otherwise. https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc File chrome/browser/ui/views/tabs/tab_strip.cc (right): https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc#newcode1632 chrome/browser/ui/views/tabs/tab_strip.cc:1632: if ((drop_info_->url).SchemeIs(url::kJavaScriptScheme)) Nit: ...
6 months, 2 weeks ago (2016-09-09 20:43:06 UTC) #10
elawrence
On 2016/09/09 20:30:09, dcheng wrote: > What happens if the URL is dropped on web ...
6 months, 2 weeks ago (2016-09-09 22:03:21 UTC) #11
dcheng
On 2016/09/09 22:03:21, elawrence wrote: > On 2016/09/09 20:30:09, dcheng wrote: > > What happens ...
6 months, 2 weeks ago (2016-09-09 22:49:40 UTC) #12
elawrence
>> However, when dropping a JavaScript URL, by the time you get here, >> dragData->asURL() ...
6 months, 1 week ago (2016-09-12 21:18:07 UTC) #13
elawrence
On 2016/09/09 20:43:06, Peter Kasting wrote: > Can this be tested? > > LGTM otherwise. ...
6 months, 1 week ago (2016-09-12 21:42:42 UTC) #14
elawrence
https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc File chrome/browser/ui/views/tabs/tab_strip.cc (right): https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc#newcode1632 chrome/browser/ui/views/tabs/tab_strip.cc:1632: if ((drop_info_->url).SchemeIs(url::kJavaScriptScheme)) On 2016/09/09 20:43:06, Peter Kasting wrote: > ...
6 months, 1 week ago (2016-09-12 21:42:59 UTC) #15
Peter Kasting
On 2016/09/12 21:42:42, elawrence wrote: > On 2016/09/09 20:43:06, Peter Kasting wrote: > > Can ...
6 months, 1 week ago (2016-09-13 02:37:59 UTC) #16
elawrence
> Do we have drag-and-drop tests in general? I'm reluctant to block such a simple ...
6 months, 1 week ago (2016-09-13 20:00:49 UTC) #17
Peter Kasting
On 2016/09/13 20:00:49, elawrence wrote: > > Do we have drag-and-drop tests in general? I'm ...
6 months, 1 week ago (2016-09-13 20:08:07 UTC) #18
elawrence
> If it's not easy to add tests for this, I would consider just landing ...
6 months, 1 week ago (2016-09-14 17:07:32 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2323273003/20001
6 months, 1 week ago (2016-09-14 18:32:10 UTC) #26
commit-bot: I haz the power
Committed patchset #2 (id:20001)
6 months, 1 week ago (2016-09-14 18:39:27 UTC) #28
commit-bot: I haz the power
6 months, 1 week ago (2016-09-14 18:42:43 UTC) #30
Message was sent while issue was closed.
Patchset 2 (id:??) landed as
https://crrev.com/d1a8cbeec4d9f9520a4bb1f4db6d3f62900ee709
Cr-Commit-Position: refs/heads/master@{#418620}
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld d1a128a62