Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(105)

Issue 2411473002: [merge to m54] Prevent interpretating userinfo as url scheme when editing bookmarks (Closed)

Created:
1 year, 2 months ago by awhalley
Modified:
1 year, 2 months ago
Reviewers:
CC:
chromium-reviews
Target Ref:
refs/pending/branch-heads/2840
Project:
chromium
Visibility:
Public.

Description

[merge to m54] Prevent interpretating userinfo as url scheme when editing bookmarks Chrome's Edit Bookmark dialog formats urls for display such that a url of http://javascript:scripttext@host.com is later converted to a javascript url scheme, allowing persistence of a script injection attack within the user's bookmarks. This fix prevents such misinterpretations by always showing the scheme when a userinfo component is present within the url. BUG=639126 Review-Url: https://codereview.chromium.org/2368593002 Cr-Commit-Position: refs/heads/master@{#422467} (cherry picked from commit fa34e547d6ee25ea0692436ba7462ed0a0ef45f4) Committed: https://chromium.googlesource.com/chromium/src/+/2775e31152857adc2bb9775b03212d1356541b4b

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+88 lines, -8 lines) Patch
M chrome/browser/ui/bookmarks/bookmark_utils.h View 1 chunk +2 lines, -3 lines 0 comments Download
M chrome/browser/ui/bookmarks/bookmark_utils.cc View 1 chunk +12 lines, -5 lines 0 comments Download
M chrome/browser/ui/cocoa/bookmarks/bookmark_editor_controller_unittest.mm View 1 chunk +39 lines, -0 lines 0 comments Download
M chrome/browser/ui/views/bookmarks/bookmark_editor_view_unittest.cc View 2 chunks +35 lines, -0 lines 0 comments Download
Trybot results:

Messages

Total messages: 2 (1 generated)
awhalley
1 year, 2 months ago (2016-10-10 21:52:52 UTC) #2
Message was sent while issue was closed.
Committed patchset #1 (id:1) manually as
2775e31152857adc2bb9775b03212d1356541b4b.

Powered by Google App Engine
This is Rietveld 0eb02b776