Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Issue 2643083003: Show form not secure warnings for blob and filesystem URLs. (Closed)

Created:
3 years, 11 months ago by meacer
Modified:
3 years, 10 months ago
Reviewers:
estark
CC:
chromium-reviews
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Show form not secure warnings for blob and filesystem URLs. These URLs do not define a secure context by themselves. They can be created by HTTP URLs in which case they should be treated same as HTTP URLs. Additionally, there is a spoofing risk associated with these URLs, so mark them as "not secure". Note that this CL excludes data: URLs. data URLs are being marked as not secure in https://crrev.com/2648353005, regardless of whether they display a password/credit card field or not. BUG=680810 Review-Url: https://codereview.chromium.org/2643083003 Cr-Commit-Position: refs/heads/master@{#449072} Committed: https://chromium.googlesource.com/chromium/src/+/39f049e94f28f0c26dba4aae5fe7d2818d4c570d

Patch Set 1 #

Total comments: 8

Patch Set 2 : More tests #

Patch Set 3 : Rebase #

Patch Set 4 : Remove data URLs #

Patch Set 5 : Rebase #

Patch Set 6 : Rebase #

Patch Set 7 : Fix tests #

Unified diffs Side-by-side diffs Delta from patch set Stats (+188 lines, -16 lines) Patch
M chrome/browser/ssl/security_state_tab_helper_browser_tests.cc View 1 2 3 4 5 6 4 chunks +127 lines, -12 lines 0 comments Download
M components/security_state/core/security_state.cc View 1 2 3 4 5 2 chunks +8 lines, -4 lines 0 comments Download
M components/security_state/core/security_state_unittest.cc View 1 2 3 4 5 4 chunks +53 lines, -0 lines 0 comments Download

Messages

Total messages: 37 (26 generated)
meacer
PTAL?
3 years, 11 months ago (2017-01-19 21:49:00 UTC) #2
estark
lgtm w/ nits. Thanks for taking this! https://codereview.chromium.org/2643083003/diff/1/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc File chrome/browser/ssl/security_state_tab_helper_browser_tests.cc (right): https://codereview.chromium.org/2643083003/diff/1/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc#newcode958 chrome/browser/ssl/security_state_tab_helper_browser_tests.cc:958: // Tests ...
3 years, 11 months ago (2017-01-19 22:42:51 UTC) #3
meacer
https://codereview.chromium.org/2643083003/diff/1/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc File chrome/browser/ssl/security_state_tab_helper_browser_tests.cc (right): https://codereview.chromium.org/2643083003/diff/1/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc#newcode958 chrome/browser/ssl/security_state_tab_helper_browser_tests.cc:958: // Tests that when a visible password field is ...
3 years, 11 months ago (2017-01-20 00:06:26 UTC) #4
meacer
Rebased and landing.
3 years, 11 months ago (2017-01-20 20:17:22 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2643083003/40001
3 years, 11 months ago (2017-01-20 20:17:33 UTC) #8
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/350601) mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, ...
3 years, 11 months ago (2017-01-20 20:54:50 UTC) #10
meacer
On 2017/01/20 20:54:50, commit-bot: I haz the power wrote: > Try jobs failed on following ...
3 years, 11 months ago (2017-01-24 01:04:39 UTC) #11
meacer
On 2017/01/24 01:04:39, Mustafa Emre Acer wrote: > On 2017/01/20 20:54:50, commit-bot: I haz the ...
3 years, 11 months ago (2017-01-24 02:19:53 UTC) #12
meacer
Okay, tests fixed, so landing this.
3 years, 10 months ago (2017-02-08 20:03:22 UTC) #31
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2643083003/120001
3 years, 10 months ago (2017-02-08 20:04:27 UTC) #34
commit-bot: I haz the power
3 years, 10 months ago (2017-02-08 20:10:58 UTC) #37
Message was sent while issue was closed.
Committed patchset #7 (id:120001) as
https://chromium.googlesource.com/chromium/src/+/39f049e94f28f0c26dba4aae5fe7...

Powered by Google App Engine
This is Rietveld 408576698