Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(503)

Issue 2371993003: Throw when blocking top-level navigation. (Closed)

Created:
4 years, 2 months ago by Mike West
Modified:
4 years, 2 months ago
CC:
blink-reviews, chromium-reviews
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Throw when blocking top-level navigation. In a sandboxed <iframe>, setting 'top.location' currently blocks the resulting navigation, but does not throw. This doesn't match the HTML spec (see https://html.spec.whatwg.org/#location-object-navigate and https://html.spec.whatwg.org/#navigating-across-documents:allowed-to-navigate), nor does it match Firefox's behavior. This patch changes our implementation to throw a SecurityError in these cases. BUG=650232 Committed: https://crrev.com/ce8199558bd1cc8737c4349fc0937860b380da3c Cr-Commit-Position: refs/heads/master@{#421807}

Patch Set 1 #

Patch Set 2 : Test. #

Patch Set 3 : Test #

Patch Set 4 : Test. #

Total comments: 2

Patch Set 5 : Test. #

Total comments: 1

Messages

Total messages: 34 (23 generated)
Mike West
Jochen, Eric, mind taking a look at this? Thanks! -mike
4 years, 2 months ago (2016-09-27 14:17:34 UTC) #4
jochen (gone - plz use gerrit)
can you verify that the exception that is thrown is not cross-origin?
4 years, 2 months ago (2016-09-27 14:46:42 UTC) #7
Mike West
On 2016/09/27 at 14:46:42, jochen wrote: > can you verify that the exception that is ...
4 years, 2 months ago (2016-09-27 16:28:47 UTC) #12
jochen (gone - plz use gerrit)
On 2016/09/27 at 16:28:47, mkwst wrote: > On 2016/09/27 at 14:46:42, jochen wrote: > > ...
4 years, 2 months ago (2016-09-27 19:32:33 UTC) #13
jochen (gone - plz use gerrit)
On 2016/09/27 at 16:28:47, mkwst wrote: > On 2016/09/27 at 14:46:42, jochen wrote: > > ...
4 years, 2 months ago (2016-09-27 19:32:33 UTC) #14
Mike West
https://codereview.chromium.org/2371993003/diff/60001/third_party/WebKit/LayoutTests/W3CImportExpectations File third_party/WebKit/LayoutTests/W3CImportExpectations (right): https://codereview.chromium.org/2371993003/diff/60001/third_party/WebKit/LayoutTests/W3CImportExpectations#newcode368 third_party/WebKit/LayoutTests/W3CImportExpectations:368: imported/wpt/html/browsers/history/the-location-interface/security_location_0.sub.htm [ Skip ] This test now fails because ...
4 years, 2 months ago (2016-09-28 12:26:13 UTC) #21
Mike West
https://codereview.chromium.org/2371993003/diff/80001/third_party/WebKit/LayoutTests/imported/wpt/html/browsers/history/the-location-interface/security_location_0.sub-expected.txt File third_party/WebKit/LayoutTests/imported/wpt/html/browsers/history/the-location-interface/security_location_0.sub-expected.txt (right): https://codereview.chromium.org/2371993003/diff/80001/third_party/WebKit/LayoutTests/imported/wpt/html/browsers/history/the-location-interface/security_location_0.sub-expected.txt#newcode2 third_party/WebKit/LayoutTests/imported/wpt/html/browsers/history/the-location-interface/security_location_0.sub-expected.txt:2: FAIL Accessing location object from different origins doesn't raise ...
4 years, 2 months ago (2016-09-29 11:37:26 UTC) #28
jochen (gone - plz use gerrit)
lgtm
4 years, 2 months ago (2016-09-29 12:20:54 UTC) #29
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2371993003/80001
4 years, 2 months ago (2016-09-29 13:50:28 UTC) #31
commit-bot: I haz the power
Committed patchset #5 (id:80001)
4 years, 2 months ago (2016-09-29 13:56:14 UTC) #32
commit-bot: I haz the power
4 years, 2 months ago (2016-09-29 13:58:09 UTC) #34
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
https://crrev.com/ce8199558bd1cc8737c4349fc0937860b380da3c
Cr-Commit-Position: refs/heads/master@{#421807}

Powered by Google App Engine
This is Rietveld 408576698