DescriptionExperiment with blocking resolution of HTTP URLs containing '\n' and '<'.
Following up on the metrics added in https://codereview.chromium.org/2629393002,
this patch adds a flag that will prevent URL resolution if the URL string
contains a raw newline and less than sign. It also refines the metrics by
excluding non-HTTP (e.g. `data:`, `javascript:`, `file:`) URLs, as those are quite
likely to contain `<`, and quite unlikely to result in exfiltration (as they don't
hit the network).
Let's see how the data looks.
Intent to Implement: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/rOs6YRyBEpw/D3pzVwGJAgAJ
BUG=680970
Review-Url: https://codereview.chromium.org/2634893003
Cr-Commit-Position: refs/heads/master@{#444040}
Committed: https://chromium.googlesource.com/chromium/src/+/cd87dfc6f638a6d64b2311d35a58cb1969116915
Patch Set 1 #Patch Set 2 : yay #Patch Set 3 : yay #Patch Set 4 : Culling. #
Messages
Total messages: 26 (22 generated)
|