Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issue 300543002: Allow filename suggestions via a[download] for data URIs (Closed)

Created:
6 years, 7 months ago by asanka
Modified:
6 years, 6 months ago
CC:
blink-reviews, blink-reviews-html_chromium.org, dglazkov+blink
Visibility:
Public.

Description

Allow filename suggestions via a[download] for data URIs Currently filename suggestions specified via a[download] are only honored if the interface origin is allowed to read content retrieved from the target resource origin. An embedder may enforce additional restrictions such as only honoring the suggested name if there are no cross-origin redirects encountered while fetching the resource. The suggested filename determination algorithm at http://www.w3.org/TR/html5/links.html#downloading-resources allows an exception for data URIs. They should be considered same-origin as the interface. This isn't currently the case since the origin of a data URI is considerd to be unique and is not same-origin with anything since they lack a server-based naming authority. This CL implements the exception for data URIs so that they are considered same-origin as their containing document for the purpose of handling the suggested filename for a[download]. BUG=373182 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=176085

Patch Set 1 #

Patch Set 2 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+3 lines, -3 lines) Patch
A + LayoutTests/http/tests/security/anchor-download-allow-data.html View 1 chunk +1 line, -1 line 0 comments Download
A + LayoutTests/http/tests/security/anchor-download-allow-data-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M Source/core/html/HTMLAnchorElement.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 11 (0 generated)
asanka
6 years, 6 months ago (2014-05-28 17:24:02 UTC) #1
asanka
+abarth as well. Regarding SecurityOrigin::canRequest(): Why doesn't it allow data: URIs? I've added an explicit ...
6 years, 6 months ago (2014-05-29 16:26:37 UTC) #2
eseidel
abarth is the right reviewer for this, but he is OOO for another week or ...
6 years, 6 months ago (2014-05-29 16:33:08 UTC) #3
asanka
On 2014/05/29 16:33:08, eseidel wrote: > abarth is the right reviewer for this, but he ...
6 years, 6 months ago (2014-05-29 22:22:48 UTC) #4
Tom Sepez
> +tsepez : Do you know why SecurityOrigin::canRequest() doesn't allow data: URIs? Sorry, I don't ...
6 years, 6 months ago (2014-05-29 22:25:59 UTC) #5
asanka
Thanks everyone. I've updated the CL description with an explanation of the current behavior and ...
6 years, 6 months ago (2014-05-30 16:27:18 UTC) #6
abhaymcauuv
On 2014/05/30 16:27:18, asanka wrote: > Thanks everyone. I've updated the CL description with an ...
6 years, 6 months ago (2014-06-12 08:22:06 UTC) #7
abarth-chromium
lgtm
6 years, 6 months ago (2014-06-13 02:59:46 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/asanka@chromium.org/300543002/20001
6 years, 6 months ago (2014-06-13 03:00:02 UTC) #9
commit-bot: I haz the power
Change committed as 176085
6 years, 6 months ago (2014-06-13 04:02:43 UTC) #10
asanka
6 years, 6 months ago (2014-06-13 15:03:53 UTC) #11
Message was sent while issue was closed.
On 2014/06/13 02:59:46, abarth wrote:
> lgtm

Thank you!

Powered by Google App Engine
This is Rietveld 408576698