|
|
Created:
3 years, 7 months ago by Tom Sepez Modified:
3 years, 4 months ago Reviewers:
Mike West CC:
blink-reviews, blink-reviews-html_chromium.org, chromium-reviews, dglazkov+blink, kinuko+watch, loading-reviews+parser_chromium.org Target Ref:
refs/heads/master Project:
chromium Visibility:
Public. |
DescriptionXSSAuditor: truncate form action attribute like other src-like attributes
Adds a missing flag.
As a result of adding the flag, the issue that inspired the test
form-action-token-fragment.html becomes moot. We're no longer
considering any part of the path/query/fragment, so they won't
influence behaviour.
See https://codereview.chromium.org/1179633002 for context. The
problem was the the auditor would sometimes fire on fragment
prefix matches (when right) and sometimes not (when wrong),
and might leak info as a result.
We fixed it last time by not firing until the entire fragment was right.
We fix it this time by always firing, even when the prefix is wrong.
As a result, the removed test as written would fail even
though things are safe.
BUG=719092
Patch Set 1 #Patch Set 2 : rebase, update expectation #
Messages
Total messages: 36 (28 generated)
The CQ bit was checked by tsepez@chromium.org to run a CQ dry run
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so deducing the token isn't possible. ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so deducing the token isn't possible. Bug: 719092 ==========
tsepez@chromium.org changed reviewers: + mkwst@chromium.org
Mike, for review.
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so deducing the token isn't possible. Bug: 719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so forcing the token isn't possible. Bug: 719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so forcing the token isn't possible. Bug: 719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so forcing the token isn't possible. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so forcing the token isn't possible. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so forcing the token isn't possible. See https://codereview.chromium.org/1179633002 for context. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. It always fires now, even when the guess is wrong, so forcing the token isn't possible. See https://codereview.chromium.org/1179633002 for context. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. See https://codereview.chromium.org/1179633002 for context. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. See https://codereview.chromium.org/1179633002 for context. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong). We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test would fail even though things are safe. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong). We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test would fail even though things are safe. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong). We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the fragment, so it can't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong). We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong). We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong). We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong), and might leak info as a result. We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong), and might leak info as a result. We fixed it last time by not firing until the entire prefix was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong), and might leak info as a result. We fixed it last time by not firing until the entire fragment was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ==========
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong), and might leak info as a result. We fixed it last time by not firing until the entire fragment was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong), and might leak info as a result. We fixed it last time by not firing until the entire fragment was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
The CQ bit was checked by mkwst@chromium.org to run a CQ dry run
LGTM, assuming that the red bots are issues with the bots and not issues with the patch (I spot-checked a few...)
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
The CQ bit was checked by tsepez@chromium.org
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
Description was changed from ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong), and might leak info as a result. We fixed it last time by not firing until the entire fragment was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. Bug=719092 ========== to ========== XSSAuditor: truncate form action attribute like other src-like attributes Adds a missing flag. As a result of adding the flag, the issue that inspired the test form-action-token-fragment.html becomes moot. We're no longer considering any part of the path/query/fragment, so they won't influence behaviour. See https://codereview.chromium.org/1179633002 for context. The problem was the the auditor would sometimes fire on fragment prefix matches (when right) and sometimes not (when wrong), and might leak info as a result. We fixed it last time by not firing until the entire fragment was right. We fix it this time by always firing, even when the prefix is wrong. As a result, the removed test as written would fail even though things are safe. BUG=719092 ==========
The CQ bit was checked by tsepez@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from mkwst@chromium.org Link to the patchset: https://codereview.chromium.org/2868973003/#ps20001 (title: "rebase, update expectation")
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by tsepez@chromium.org
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...) |