Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(310)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2787123005: Block data URL navigations with RenderFrameImpl::DecidePolicyForNavigation (Closed)

Created:
3 years, 8 months ago by meacer
Modified:
3 years, 8 months ago
Reviewers:
dcheng
CC:
chromium-reviews, subresource-filter-reviews_chromium.org, extensions-reviews_chromium.org, Avi (use Gerrit), creis+watch_chromium.org, nasko+codewatch_chromium.org, jam, darin-cc_chromium.org, ajwong+watch_chromium.org, blink-reviews, chromium-apps-reviews_chromium.org, kinuko+watch
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

Block data URL navigations BUG= CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Patch Set 1 #

Patch Set 2 : Fix tests, allow same page navigations #

Patch Set 3 : Add feature flag and fix error pages #

Patch Set 4 : Undo PDF fix for chromecast #

Patch Set 5 : Fix tests #

Patch Set 6 : Fix webview tests #

Patch Set 7 : Exclude browsertest from chromecast builds #

Patch Set 8 : nasko comments and lint #

Patch Set 9 : Fix tests #

Patch Set 10 : Rebase and dcheng comments #

Patch Set 11 : Deps #

Patch Set 12 : Rebase #

Patch Set 13 : Build.gn #

Patch Set 14 : Fix timing out tests #

Patch Set 15 : Attempt another fix #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1216 lines, -256 lines) Patch
M chrome/android/javatests/src/org/chromium/chrome/browser/PopupTest.java View 2 chunks +2 lines, -2 lines 0 comments Download
M chrome/browser/apps/guest_view/web_view_browsertest.cc View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +6 lines, -0 lines 0 comments Download
M chrome/browser/tab_contents/navigation_metrics_recorder.cc View 2 chunks +2 lines, -0 lines 0 comments Download
M chrome/browser/tab_contents/navigation_metrics_recorder_browsertest.cc View 1 3 chunks +15 lines, -50 lines 0 comments Download
M chrome/renderer/autofill/password_generation_agent_browsertest.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 1 chunk +1 line, -1 line 0 comments Download
M chrome/test/android/javatests/src/org/chromium/chrome/test/MultiActivityTestBase.java View 2 chunks +6 lines, -4 lines 0 comments Download
M chrome/test/data/android/popup_test.html View 1 chunk +3 lines, -3 lines 0 comments Download
M chrome/test/data/extensions/platform_apps/web_view/shim/main.js View 1 2 3 4 5 6 7 8 9 2 chunks +24 lines, -0 lines 0 comments Download
M content/browser/BUILD.gn View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +2 lines, -0 lines 0 comments Download
A content/browser/frame_host/data_url_navigation_browsertest.cc View 1 2 3 4 5 6 7 8 9 1 chunk +836 lines, -0 lines 0 comments Download
A content/browser/frame_host/data_url_navigation_throttle.h View 1 chunk +32 lines, -0 lines 0 comments Download
A content/browser/frame_host/data_url_navigation_throttle.cc View 1 2 3 4 5 6 7 8 9 10 1 chunk +62 lines, -0 lines 0 comments Download
M content/browser/frame_host/navigation_handle_impl.h View 1 2 3 4 5 6 7 1 chunk +5 lines, -0 lines 0 comments Download
M content/browser/frame_host/navigation_handle_impl.cc View 1 2 3 4 5 6 7 8 9 10 11 3 chunks +8 lines, -8 lines 0 comments Download
M content/browser/web_contents/web_contents_impl_browsertest.cc View 1 2 3 4 5 6 7 8 9 2 chunks +1 line, -85 lines 0 comments Download
M content/public/common/content_features.h View 1 2 3 4 5 6 7 8 9 1 chunk +2 lines, -0 lines 0 comments Download
M content/public/common/content_features.cc View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +7 lines, -0 lines 0 comments Download
M content/public/test/render_view_test.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 1 chunk +1 line, -8 lines 0 comments Download
M content/public/test/test_navigation_observer.cc View 1 chunk +1 line, -0 lines 0 comments Download
M content/renderer/BUILD.gn View 1 2 3 4 5 6 7 8 9 10 11 12 1 chunk +1 line, -0 lines 0 comments Download
M content/renderer/DEPS View 1 2 3 4 5 6 7 8 9 10 11 12 1 chunk +1 line, -0 lines 0 comments Download
M content/renderer/render_frame_impl.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 5 chunks +38 lines, -1 line 0 comments Download
M content/test/BUILD.gn View 1 2 3 4 5 6 7 8 9 10 11 2 chunks +5 lines, -0 lines 0 comments Download
A content/test/data/data_url_navigations.html View 1 2 3 4 5 6 7 8 9 1 chunk +101 lines, -0 lines 0 comments Download
M extensions/browser/guest_view/web_view/web_view_apitest.cc View 1 2 3 4 5 6 7 8 9 1 chunk +5 lines, -0 lines 0 comments Download
A extensions/test/data/web_view/apitest/guest_data_url.html View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +17 lines, -0 lines 0 comments Download
M extensions/test/data/web_view/apitest/main.js View 1 2 3 4 5 6 7 8 9 4 chunks +32 lines, -0 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html View 1 chunk +0 lines, -39 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt View 1 chunk +0 lines, -4 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open.html View 1 chunk +0 lines, -47 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt View 1 chunk +0 lines, -4 lines 0 comments Download

Messages

Total messages: 60 (59 generated)
meacer
3 years, 8 months ago (2017-04-18 22:10:52 UTC) #59 
dcheng: I forked this CL from the main one so as not to add noise to that CL.
I'm not going to land this, it's just for running tryjobs.

As I mentioned yesterday, I moved the checks to DecidePolicyForNavigation which
broke tests that use RenderViewTest::LoadHTML. It's broken because data URLs
loaded with it are treated as content initiated.

So I tried a couple of things:
- Patchset #13: Use RenderFrameImpl::Navigate. This broke another set of tests:
https://codereview.chromium.org/2787123005/diff2/240001:260001/content/public...
- Patchset #14 (latest): Use LoadHTMLWithURLOverride. This broken a smaller
number of tests that I'm looking into right now:
https://codereview.chromium.org/2787123005/diff2/260001:280001/content/public...

Wanted to send this out in case you have any suggestions about faking a browser
initiated navigation in RenderViewTest::LoadHTML. Thanks!

Powered by Google App Engine
This is Rietveld 408576698