Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(306)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2526323004: Remove XSS from chrome://downloads (Closed)

Created:
4 years ago by robwu
Modified:
4 years ago
Reviewers:
Dan Beam
CC:
chromium-reviews, asanka, michaelpg+watch-md-ui_chromium.org, arv+watch_chromium.org, dbeam+watch-downloads_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Remove XSS from chrome://downloads BUG=668653 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation Committed: https://crrev.com/6d9a7916b48581f72fda060a1210ebef7f89b229 Cr-Commit-Position: refs/heads/master@{#435104}

Patch Set 1 #

Patch Set 2 : Declare dependency on util for HTMLEscape #

Total comments: 2

Patch Set 3 : Run chrome/browser/resources/vulcanize.py #

Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -3 lines) Patch
M chrome/browser/resources/md_downloads/compiled_resources2.gyp View 1 1 chunk +1 line, -0 lines 0 comments Download
M chrome/browser/resources/md_downloads/crisper.js View 1 2 1 chunk +2 lines, -2 lines 0 comments Download
M chrome/browser/resources/md_downloads/item.js View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 22 (14 generated)
robwu
4 years ago (2016-11-25 11:12:28 UTC) #5
robwu
dbeam@ Ping. This is easy to review, so PTAL.
4 years ago (2016-11-29 00:00:07 UTC) #12
Dan Beam
https://codereview.chromium.org/2526323004/diff/20001/chrome/browser/resources/md_downloads/item.js File chrome/browser/resources/md_downloads/item.js (right): https://codereview.chromium.org/2526323004/diff/20001/chrome/browser/resources/md_downloads/item.js#newcode119 chrome/browser/resources/md_downloads/item.js:119: return loadTimeData.getStringF('controlledByUrl', url, HTMLEscape(name)); why escape just name?
4 years ago (2016-11-29 04:29:53 UTC) #13
robwu
https://codereview.chromium.org/2526323004/diff/20001/chrome/browser/resources/md_downloads/item.js File chrome/browser/resources/md_downloads/item.js (right): https://codereview.chromium.org/2526323004/diff/20001/chrome/browser/resources/md_downloads/item.js#newcode119 chrome/browser/resources/md_downloads/item.js:119: return loadTimeData.getStringF('controlledByUrl', url, HTMLEscape(name)); On 2016/11/29 04:29:53, Dan Beam ...
4 years ago (2016-11-29 08:26:22 UTC) #14
Dan Beam
lgtm
4 years ago (2016-11-29 19:17:24 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2526323004/40001
4 years ago (2016-11-29 21:17:52 UTC) #18
commit-bot: I haz the power
Committed patchset #3 (id:40001)
4 years ago (2016-11-29 23:21:49 UTC) #20
commit-bot: I haz the power
4 years ago (2016-11-29 23:26:58 UTC) #22
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/6d9a7916b48581f72fda060a1210ebef7f89b229
Cr-Commit-Position: refs/heads/master@{#435104}

Powered by Google App Engine
This is Rietveld 408576698