Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(20)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 431273006: Fixing the case where mixed content checking for insecure form submission in secure origins is brea… (Closed)

Created:
6 years, 4 months ago by mhm
Modified:
6 years, 4 months ago
Reviewers:
jww, adamk
CC:
blink-reviews, blink-reviews-html_chromium.org, dglazkov+blink
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Fixing the case where mixed content checking for insecure form submission in secure origins is breaking when using invisible DOMs. An invisible DOM (i.e. DOM without a frame) causes the mixed content checking for insecure form submission to crash the current tab. This is because the DOM is not associated with any frame. A follow up bug (https://crbug.com/399810) was filed to address another corner case where mixed content checking can be bypassed when you replace the current DOM with this invisible DOM. BUG=398066 R=jww NOTRY=true Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=179530

Patch Set 1 #

Total comments: 6

Patch Set 2 : Addressing jww comments #

Total comments: 8

Patch Set 3 : Typos #

Patch Set 4 : Addressing adamk comments #

Unified diffs Side-by-side diffs Delta from patch set Stats (+40 lines, -1 line) Patch
A LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html View 1 chunk +23 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM-expected.txt View 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/resources/frame-with-invisible-DOM-with-insecure-form.html View 1 1 chunk +15 lines, -0 lines 0 comments Download
M Source/core/html/HTMLFormElement.cpp View 1 2 3 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 18 (0 generated)
mhm
Hey jww@ can you please have a look at this for me.
6 years, 4 months ago (2014-08-01 23:16:07 UTC) #1
jww
lgtm modulo nits. Obviously wait for adamk, though. https://codereview.chromium.org/431273006/diff/1/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html File LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html (right): https://codereview.chromium.org/431273006/diff/1/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html#newcode20 LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html:20: window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-invisible-DOM-with-insecure-form.html"); ...
6 years, 4 months ago (2014-08-01 23:20:52 UTC) #2
mhm
adamk@ can you please owner review this for me. https://codereview.chromium.org/431273006/diff/1/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html File LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html (right): https://codereview.chromium.org/431273006/diff/1/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html#newcode20 LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-invisible-DOM.html:20: ...
6 years, 4 months ago (2014-08-01 23:28:45 UTC) #3
jww
On 2014/08/01 23:28:45, mhm wrote: > adamk@ can you please owner review this for me. ...
6 years, 4 months ago (2014-08-01 23:33:42 UTC) #4
jww
https://codereview.chromium.org/431273006/diff/20001/Source/core/html/HTMLFormElement.cpp File Source/core/html/HTMLFormElement.cpp (right): https://codereview.chromium.org/431273006/diff/20001/Source/core/html/HTMLFormElement.cpp#newcode506 Source/core/html/HTMLFormElement.cpp:506: // Blink needs to check if the form is ...
6 years, 4 months ago (2014-08-01 23:35:43 UTC) #5
adamk
I think there's a typo for the followup bug in your CL description... https://codereview.chromium.org/431273006/diff/20001/Source/core/html/HTMLFormElement.cpp File ...
6 years, 4 months ago (2014-08-01 23:43:29 UTC) #6
mhm
adamk@ I think it is time for DOM wizard skills jww@ is referring to :-) ...
6 years, 4 months ago (2014-08-02 00:08:52 UTC) #7
adamk
On 2014/08/02 at 00:08:52, mohammed wrote: > adamk@ I think it is time for DOM ...
6 years, 4 months ago (2014-08-02 00:16:18 UTC) #8
mhm
Apologies adamk@ I saw them after sending the reply. I addressed them in this patch. ...
6 years, 4 months ago (2014-08-04 15:15:44 UTC) #9
adamk
lgtm
6 years, 4 months ago (2014-08-04 16:15:38 UTC) #10
mhm
The CQ bit was checked by mohammed@chromium.org
6 years, 4 months ago (2014-08-04 16:55:13 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mohammed@chromium.org/431273006/60001
6 years, 4 months ago (2014-08-04 16:55:24 UTC) #12
commit-bot: I haz the power
FYI, CQ is re-trying this CL (attempt #1). The failing builders are: linux_blink_dbg on tryserver.blink ...
6 years, 4 months ago (2014-08-04 18:02:04 UTC) #13
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
6 years, 4 months ago (2014-08-04 18:45:03 UTC) #14
commit-bot: I haz the power
Try jobs failed on following builders: win_blink_rel on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/win_blink_rel/builds/20579)
6 years, 4 months ago (2014-08-04 18:45:04 UTC) #15
mhm
The CQ bit was checked by mohammed@chromium.org
6 years, 4 months ago (2014-08-05 21:31:42 UTC) #16
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mohammed@chromium.org/431273006/60001
6 years, 4 months ago (2014-08-05 21:33:17 UTC) #17
commit-bot: I haz the power
6 years, 4 months ago (2014-08-05 21:35:28 UTC) #18
Message was sent while issue was closed. 
Change committed as 179530

Powered by Google App Engine
This is Rietveld 408576698