Issue 351163002: Prevent sandboxed iframes from bypassing WebSocket mixed content checks.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 351163002: Prevent sandboxed iframes from bypassing WebSocket mixed content checks. (Closed)

Created:
6 years, 6 months ago by Mike West

Modified:
6 years, 6 months ago

Reviewers:
tyoshino (SeeGerritForStatus)

CC:
blink-reviews

Base URL:
svn://svn.chromium.org/blink/trunk

Project:
blink

Visibility:
Public.

More Reviews

Description

Prevent sandboxed iframes from bypassing WebSocket mixed content checks. This patch ensures that we check both the current context and the top-level browsing context when evaluating whether or not an insecure websocket connection should be blocked as mixed content. BUG=389040 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=177070

Patch Set 1 #

Patch Set 2 : Test. #

Created: 6 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+27 lines, -5 lines)			Patch
A +	LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-sandbox-in-secure-page.html	View		2 chunks	+2 lines, -1 line	0 comments	Download
A +	LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-sandbox-in-secure-page-expected.txt	View	1	1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-throw-on-construction.js	View		1 chunk	+3 lines, -1 line	0 comments	Download
A	LayoutTests/http/tests/security/mixedContent/websocket/resources/sandboxed-expect-throw-on-construction.html	View		1 chunk	+11 lines, -0 lines	0 comments	Download
M	Source/modules/websockets/MainThreadWebSocketChannel.cpp	View		1 chunk	+3 lines, -0 lines	0 comments	Download
M	Source/modules/websockets/NewWebSocketChannelImpl.cpp	View		1 chunk	+7 lines, -2 lines	0 comments	Download

Messages

Total messages: 5 (0 generated)

Expand Messages | Collapse Messages

Mike West

Takeshi-san, would you mind taking a look at this patch? -mike

6 years, 6 months ago (2014-06-26 08:47:20 UTC) #1

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/351163002/20001

6 years, 6 months ago (2014-06-27 04:45:06 UTC) #4

Message was sent while issue was closed.

Change committed as 177070

Expand Messages | Collapse Messages