Issue 644663003: Apply XSSAuditor to html5 import (i.e. <link rel="import">) tags.

Issue 644663003: Apply XSSAuditor to html5 import (i.e. <link rel="import">) tags. (Closed)

Created:
6 years, 2 months ago by Tom Sepez

Modified:
6 years, 2 months ago

Reviewers:
Mike West

CC:
blink-reviews, dglazkov+blink, blink-reviews-html_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/blink.git@master

Project:
blink

Visibility:
Public.

More Reviews

Description

This is a case of included content that we had neglected to filter. The complexity of the CL is in granting an exemption to same-origin content, which implies applying the same tests to an href attribute that formerly only applied to src attributes. But we don't want to give a pass to all href attributes irrespective of tag, so we need more flags. BUG=421166 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=183552

Patch Set 1 #

Total comments: 1

Patch Set 2 : Remove parameter name. #

Created: 6 years, 2 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+83 lines, -6 lines)			Patch
A +	LayoutTests/http/tests/security/xssAuditor/html5-import.html	View		1 chunk	+1 line, -1 line	0 comments	Download
A	LayoutTests/http/tests/security/xssAuditor/html5-import-CORS.html	View		1 chunk	+17 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/security/xssAuditor/html5-import-CORS-expected.txt	View		1 chunk	+3 lines, -0 lines	0 comments	Download
A +	LayoutTests/http/tests/security/xssAuditor/html5-import-expected.txt	View		1 chunk	+1 line, -2 lines	0 comments	Download
A	LayoutTests/http/tests/security/xssAuditor/html5-import-safe.html	View		1 chunk	+17 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/security/xssAuditor/html5-import-safe-expected.txt	View		1 chunk	+11 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/security/xssAuditor/resources/safe-html.html	View		1 chunk	+6 lines, -0 lines	0 comments	Download
M	Source/core/html/parser/XSSAuditor.h	View	1	2 chunks	+7 lines, -1 line	0 comments	Download
M	Source/core/html/parser/XSSAuditor.cpp	View		4 chunks	+20 lines, -2 lines	0 comments	Download

Messages

Total messages: 7 (2 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Tom Sepez

https://codereview.chromium.org/644663003/diff/1/Source/core/html/parser/XSSAuditor.h File Source/core/html/parser/XSSAuditor.h (right): https://codereview.chromium.org/644663003/diff/1/Source/core/html/parser/XSSAuditor.h#newcode107 Source/core/html/parser/XSSAuditor.h:107: bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName&, const String& replacementValue = ...

6 years, 2 months ago (2014-10-09 19:31:02 UTC) #3

Mike West

This LGTM. You're right, though, that it's creeping up towards the edge of being more ...

6 years, 2 months ago (2014-10-10 04:05:11 UTC) #4

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/644663003/210001

6 years, 2 months ago (2014-10-10 16:36:15 UTC) #6

commit-bot: I haz the power

6 years, 2 months ago (2014-10-10 18:12:50 UTC) #7

Message was sent while issue was closed.

Committed patchset #2 (id:210001) as 183552

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages