Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(193)

Issue 2900713003: [Password Manager, merge to M-59] Make filling robust against changing url by JavaScript. (Closed)

Created:
3 years, 7 months ago by dvadym
Modified:
3 years, 7 months ago
Reviewers:
CC:
chromium-reviews, mlamouri+watch-content_chromium.org, jam, vabr+watchlistpasswordmanager_chromium.org, rouslan+autofill_chromium.org, rogerm+autofillwatch_chromium.org, sebsg+autofillwatch_chromium.org, browser-components-watch_chromium.org, mathp+autofillwatch_chromium.org, darin-cc_chromium.org, vabr+watchlistautofill_chromium.org, estade+watch_chromium.org, gcasto+watchlist_chromium.org
Target Ref:
refs/branch-heads/3071
Project:
chromium
Visibility:
Public.

Description

[Password Manager, merge to M-59] Make filling robust against changing url by JavaScript. When PasswordAutofillAgent receives filling data from the browser, it checks that origin of this data is the same of the current frame origin. If JavaScript changes origin between PasswordAutofillAgent discovers a password form and when it receives filling, filling fails. This CL replaces checking by origin to by checking by signon_realm (signon_realm=scheme:origin:port), which is a primary key for retrieving credentials from the store, so it doesn't change any security guarantees. TBR=kolos@chromium.org BUG=723679 Review-Url: https://codereview.chromium.org/2893633002 Cr-Original-Commit-Position: refs/heads/master@{#472839} Review-Url: https://codereview.chromium.org/2900713003 . Cr-Commit-Position: refs/branch-heads/3071@{#648} Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641} Committed: https://chromium.googlesource.com/chromium/src/+/3454ffaef5cb228f599efe8158bd1bc41fb479eb

Patch Set 1 #

Patch Set 2 : fix merge #

Unified diffs Side-by-side diffs Delta from patch set Stats (+23 lines, -8 lines) Patch
M chrome/renderer/autofill/password_autofill_agent_browsertest.cc View 1 1 chunk +11 lines, -0 lines 0 comments Download
M components/autofill/content/renderer/password_autofill_agent.cc View 2 chunks +3 lines, -4 lines 0 comments Download
M components/autofill/content/renderer/password_form_conversion_utils.h View 1 chunk +3 lines, -0 lines 0 comments Download
M components/autofill/content/renderer/password_form_conversion_utils.cc View 2 chunks +6 lines, -4 lines 0 comments Download

Messages

Total messages: 3 (2 generated)
dvadym
3 years, 7 months ago (2017-05-22 12:25:23 UTC) #3
Message was sent while issue was closed.
Committed patchset #2 (id:20001) manually as
3454ffaef5cb228f599efe8158bd1bc41fb479eb (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698