Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/362677)
3 years, 11 months ago
(2017-01-12 13:50:27 UTC)
#8
Description was changed from ========== Experiment with restricting form submission with open elements. HTML's parsing ...
3 years, 11 months ago
(2017-01-12 15:15:50 UTC)
#9
Description was changed from
==========
Experiment with restricting form submission with open elements.
HTML's parsing mechanism will automatically close form controls at the
end of a file. This is fine from a parsing perspective, but the behavior
does enable dangling markup attacks, such as those described in
http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks/ and
section 2 of http://lcamtuf.coredump.cx/postxss/.
This patch adds metrics to measure how often this happens in the wild,
and adds an experiment which changes the behavior to prevent form
submission in the presence of form control elements which were closed
by reaching the end-of-file.
BUG=680462
==========
to
==========
Experiment with restricting form submission with open elements.
HTML's parsing mechanism will automatically close form controls at the
end of a file. This is fine from a parsing perspective, but the behavior
does enable dangling markup attacks, such as those described in
http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks/ and
section 2 of http://lcamtuf.coredump.cx/postxss/.
Based on some discussion at https://github.com/whatwg/html/issues/2253,
this patch adds metrics to measure how often this happens in the wild
for `<textarea>` and `<select>` elements, adding an experiment which
prevents form submission in the presence of those elements if they're
closed by reaching the end-of-file.
BUG=680462
==========
Mike West
The CQ bit was checked by mkwst@chromium.org to run a CQ dry run
3 years, 11 months ago
(2017-01-12 15:23:18 UTC)
#10
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_android_rel_ng/builds/211993)
3 years, 11 months ago
(2017-01-12 16:21:02 UTC)
#13
Description was changed from ========== Experiment with restricting form submission with open elements. HTML's parsing ...
3 years, 11 months ago
(2017-01-13 08:12:19 UTC)
#14
Description was changed from
==========
Experiment with restricting form submission with open elements.
HTML's parsing mechanism will automatically close form controls at the
end of a file. This is fine from a parsing perspective, but the behavior
does enable dangling markup attacks, such as those described in
http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks/ and
section 2 of http://lcamtuf.coredump.cx/postxss/.
Based on some discussion at https://github.com/whatwg/html/issues/2253,
this patch adds metrics to measure how often this happens in the wild
for `<textarea>` and `<select>` elements, adding an experiment which
prevents form submission in the presence of those elements if they're
closed by reaching the end-of-file.
BUG=680462
==========
to
==========
Experiment with restricting form submission with open elements.
HTML's parsing mechanism will automatically close form controls at the
end of a file. This is fine from a parsing perspective, but the behavior
does enable dangling markup attacks, such as those described in
http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks/ and
section 2 of http://lcamtuf.coredump.cx/postxss/.
Based on some discussion at https://github.com/whatwg/html/issues/2253,
this patch adds metrics to measure how often this happens in the wild
for `<textarea>` and `<select>` elements, and an experimental flag which
prevents form submission in the presence of those elements if they're
closed by reaching the end-of-file.
BUG=680462
==========
Mike West
The CQ bit was checked by mkwst@chromium.org to run a CQ dry run
3 years, 11 months ago
(2017-01-13 08:12:52 UTC)
#15
Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/341552)
3 years, 11 months ago
(2017-01-13 11:01:26 UTC)
#22
CQ is committing da patch. Bot data: {"patchset_id": 60001, "attempt_start_ts": 1484305958473830, "parent_rev": "994437489ea2c9aaf7fac316a90bf4dffeedf7b2", "commit_rev": "ab7a0ee9d3485c19da8b50af2d1cfc95fd6e4a98"}
3 years, 11 months ago
(2017-01-13 13:30:46 UTC)
#26
CQ is committing da patch.
Bot data: {"patchset_id": 60001, "attempt_start_ts": 1484305958473830,
"parent_rev": "994437489ea2c9aaf7fac316a90bf4dffeedf7b2", "commit_rev":
"ab7a0ee9d3485c19da8b50af2d1cfc95fd6e4a98"}
commit-bot: I haz the power
Description was changed from ========== Experiment with restricting form submission with open elements. HTML's parsing ...
3 years, 11 months ago
(2017-01-13 13:31:21 UTC)
#27
Message was sent while issue was closed.
Description was changed from
==========
Experiment with restricting form submission with open elements.
HTML's parsing mechanism will automatically close form controls at the
end of a file. This is fine from a parsing perspective, but the behavior
does enable dangling markup attacks, such as those described in
http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks/ and
section 2 of http://lcamtuf.coredump.cx/postxss/.
Based on some discussion at https://github.com/whatwg/html/issues/2253,
this patch adds metrics to measure how often this happens in the wild
for `<textarea>` and `<select>` elements, and an experimental flag which
prevents form submission in the presence of those elements if they're
closed by reaching the end-of-file.
BUG=680462
==========
to
==========
Experiment with restricting form submission with open elements.
HTML's parsing mechanism will automatically close form controls at the
end of a file. This is fine from a parsing perspective, but the behavior
does enable dangling markup attacks, such as those described in
http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks/ and
section 2 of http://lcamtuf.coredump.cx/postxss/.
Based on some discussion at https://github.com/whatwg/html/issues/2253,
this patch adds metrics to measure how often this happens in the wild
for `<textarea>` and `<select>` elements, and an experimental flag which
prevents form submission in the presence of those elements if they're
closed by reaching the end-of-file.
BUG=680462
Review-Url: https://codereview.chromium.org/2628723004
Cr-Commit-Position: refs/heads/master@{#443544}
Committed:
https://chromium.googlesource.com/chromium/src/+/ab7a0ee9d3485c19da8b50af2d1c...
==========
commit-bot: I haz the power
Committed patchset #4 (id:60001) as https://chromium.googlesource.com/chromium/src/+/ab7a0ee9d3485c19da8b50af2d1cfc95fd6e4a98
3 years, 11 months ago
(2017-01-13 13:31:22 UTC)
#28
Issue 2628723004: Experiment with restricting form submission with open elements.
(Closed)
Created 3 years, 11 months ago by Mike West
Modified 3 years, 11 months ago
Reviewers: Charlie Harrison, jochen (gone - plz use gerrit)
Base URL:
Comments: 0