Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(113)

Issue 2323273003: Ignore Javascript urls dropped on tabs (Closed)

Created:
4 years, 3 months ago by elawrence
Modified:
4 years, 3 months ago
Reviewers:
*Peter Kasting, dcheng
CC:
tfarina
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Ignore Javascript urls dropped on tabs When a Javascript: url is dropped on a tab, it executes in the security context of the selected tab, representing a script injection attack ("Dropjacking"). We will match other browsers and disallow such drops. BUG=639750 Committed: https://crrev.com/d1a8cbeec4d9f9520a4bb1f4db6d3f62900ee709 Cr-Commit-Position: refs/heads/master@{#418620}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Address nits #

Unified diffs Side-by-side diffs Delta from patch set Stats (+7 lines, -4 lines) Patch
M chrome/browser/ui/views/tabs/tab_strip.cc View 1 2 chunks +7 lines, -4 lines 0 comments Download

Messages

Total messages: 30 (15 generated)
elawrence
Please take a look. Thanks!
4 years, 3 months ago (2016-09-09 17:57:24 UTC) #7
dcheng
What happens if the URL is dropped on web content area instead of the tab ...
4 years, 3 months ago (2016-09-09 20:30:09 UTC) #9
Peter Kasting
Can this be tested? LGTM otherwise. https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc File chrome/browser/ui/views/tabs/tab_strip.cc (right): https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc#newcode1632 chrome/browser/ui/views/tabs/tab_strip.cc:1632: if ((drop_info_->url).SchemeIs(url::kJavaScriptScheme)) Nit: ...
4 years, 3 months ago (2016-09-09 20:43:06 UTC) #10
elawrence
On 2016/09/09 20:30:09, dcheng wrote: > What happens if the URL is dropped on web ...
4 years, 3 months ago (2016-09-09 22:03:21 UTC) #11
dcheng
On 2016/09/09 22:03:21, elawrence wrote: > On 2016/09/09 20:30:09, dcheng wrote: > > What happens ...
4 years, 3 months ago (2016-09-09 22:49:40 UTC) #12
elawrence
>> However, when dropping a JavaScript URL, by the time you get here, >> dragData->asURL() ...
4 years, 3 months ago (2016-09-12 21:18:07 UTC) #13
elawrence
On 2016/09/09 20:43:06, Peter Kasting wrote: > Can this be tested? > > LGTM otherwise. ...
4 years, 3 months ago (2016-09-12 21:42:42 UTC) #14
elawrence
https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc File chrome/browser/ui/views/tabs/tab_strip.cc (right): https://codereview.chromium.org/2323273003/diff/1/chrome/browser/ui/views/tabs/tab_strip.cc#newcode1632 chrome/browser/ui/views/tabs/tab_strip.cc:1632: if ((drop_info_->url).SchemeIs(url::kJavaScriptScheme)) On 2016/09/09 20:43:06, Peter Kasting wrote: > ...
4 years, 3 months ago (2016-09-12 21:42:59 UTC) #15
Peter Kasting
On 2016/09/12 21:42:42, elawrence wrote: > On 2016/09/09 20:43:06, Peter Kasting wrote: > > Can ...
4 years, 3 months ago (2016-09-13 02:37:59 UTC) #16
elawrence
> Do we have drag-and-drop tests in general? I'm reluctant to block such a simple ...
4 years, 3 months ago (2016-09-13 20:00:49 UTC) #17
Peter Kasting
On 2016/09/13 20:00:49, elawrence wrote: > > Do we have drag-and-drop tests in general? I'm ...
4 years, 3 months ago (2016-09-13 20:08:07 UTC) #18
elawrence
> If it's not easy to add tests for this, I would consider just landing ...
4 years, 3 months ago (2016-09-14 17:07:32 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2323273003/20001
4 years, 3 months ago (2016-09-14 18:32:10 UTC) #26
commit-bot: I haz the power
Committed patchset #2 (id:20001)
4 years, 3 months ago (2016-09-14 18:39:27 UTC) #28
commit-bot: I haz the power
4 years, 3 months ago (2016-09-14 18:42:43 UTC) #30
Message was sent while issue was closed.
Patchset 2 (id:??) landed as
https://crrev.com/d1a8cbeec4d9f9520a4bb1f4db6d3f62900ee709
Cr-Commit-Position: refs/heads/master@{#418620}

Powered by Google App Engine
This is Rietveld 408576698