Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(17)

Issue 917313004: Only accept HTTP and HTTPS urls for opensearch descriptor. (Closed)

Created:
4 years, 7 months ago by meacer
Modified:
4 years, 6 months ago
Reviewers:
Peter Kasting
CC:
chromium-reviews, jln (very slow on Chromium)
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Only accept HTTP and HTTPS urls for opensearch descriptor. This CL prevents http: or https: urls from referring to file: urls as search descriptor xmls. Allowing urls to refer to other urls with the same scheme has been considered (e.g. a file: url referring to an OSDD xml from a file: url), but this currently doesn't work for file: urls because of http://b/863583, so is not implemented here. BUG=429838 Committed: https://crrev.com/c4b8fd74e67dfb23ef150c6aa313cb506746f06f Cr-Commit-Position: refs/heads/master@{#317723}

Patch Set 1 #

Patch Set 2 : Add test #

Total comments: 3

Patch Set 3 : Document file:// url behavior, some style changes. #

Patch Set 4 : Fix build #

Patch Set 5 : Fix include #

Unified diffs Side-by-side diffs Delta from patch set Stats (+120 lines, -1 line) Patch
M chrome/browser/ui/search_engines/search_engine_tab_helper.cc View 1 2 1 chunk +5 lines, -1 line 0 comments Download
A chrome/browser/ui/search_engines/search_engine_tab_helper_browsertest.cc View 1 2 3 4 1 chunk +114 lines, -0 lines 0 comments Download
M chrome/chrome_tests.gypi View 1 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 23 (8 generated)
meacer
PTAL, thanks!
4 years, 7 months ago (2015-02-18 21:48:58 UTC) #2
Peter Kasting
https://codereview.chromium.org/917313004/diff/20001/chrome/browser/ui/search_engines/search_engine_tab_helper.cc File chrome/browser/ui/search_engines/search_engine_tab_helper.cc (right): https://codereview.chromium.org/917313004/diff/20001/chrome/browser/ui/search_engines/search_engine_tab_helper.cc#newcode113 chrome/browser/ui/search_engines/search_engine_tab_helper.cc:113: if (!osdd_url.is_valid() || !osdd_url.SchemeIsHTTPOrHTTPS()) I feel like perhaps file: ...
4 years, 7 months ago (2015-02-18 21:58:56 UTC) #3
meacer
https://codereview.chromium.org/917313004/diff/20001/chrome/browser/ui/search_engines/search_engine_tab_helper.cc File chrome/browser/ui/search_engines/search_engine_tab_helper.cc (right): https://codereview.chromium.org/917313004/diff/20001/chrome/browser/ui/search_engines/search_engine_tab_helper.cc#newcode113 chrome/browser/ui/search_engines/search_engine_tab_helper.cc:113: if (!osdd_url.is_valid() || !osdd_url.SchemeIsHTTPOrHTTPS()) On 2015/02/18 21:58:56, Peter Kasting ...
4 years, 7 months ago (2015-02-18 22:25:11 UTC) #4
Peter Kasting
On 2015/02/18 22:25:11, Mustafa Emre Acer wrote: > https://codereview.chromium.org/917313004/diff/20001/chrome/browser/ui/search_engines/search_engine_tab_helper.cc > File chrome/browser/ui/search_engines/search_engine_tab_helper.cc (right): > > ...
4 years, 7 months ago (2015-02-18 22:35:57 UTC) #5
meacer
On 2015/02/18 22:35:57, Peter Kasting wrote: > On 2015/02/18 22:25:11, Mustafa Emre Acer wrote: > ...
4 years, 7 months ago (2015-02-18 22:48:05 UTC) #6
TheJH
On 2015/02/18 22:25:11, Mustafa Emre Acer wrote: > Hmm, that would still allow file:// urls ...
4 years, 7 months ago (2015-02-21 01:15:02 UTC) #7
meacer
That's a good point. Perhaps we should block that too (if possible at all), but ...
4 years, 7 months ago (2015-02-21 01:31:29 UTC) #8
meacer
https://codereview.chromium.org/917313004/diff/20001/chrome/browser/ui/search_engines/search_engine_tab_helper.cc File chrome/browser/ui/search_engines/search_engine_tab_helper.cc (right): https://codereview.chromium.org/917313004/diff/20001/chrome/browser/ui/search_engines/search_engine_tab_helper.cc#newcode113 chrome/browser/ui/search_engines/search_engine_tab_helper.cc:113: if (!osdd_url.is_valid() || !osdd_url.SchemeIsHTTPOrHTTPS()) On 2015/02/18 22:25:11, Mustafa Emre ...
4 years, 6 months ago (2015-02-23 20:37:37 UTC) #9
Peter Kasting
OK. LGTM then.
4 years, 6 months ago (2015-02-23 20:52:38 UTC) #10
meacer
Thanks.
4 years, 6 months ago (2015-02-23 21:07:53 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/917313004/40001
4 years, 6 months ago (2015-02-23 21:08:31 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/917313004/60001
4 years, 6 months ago (2015-02-23 22:25:39 UTC) #17
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/917313004/80001
4 years, 6 months ago (2015-02-24 00:16:25 UTC) #21
commit-bot: I haz the power
Committed patchset #5 (id:80001)
4 years, 6 months ago (2015-02-24 01:30:19 UTC) #22
commit-bot: I haz the power
4 years, 6 months ago (2015-02-24 01:31:29 UTC) #23
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
https://crrev.com/c4b8fd74e67dfb23ef150c6aa313cb506746f06f
Cr-Commit-Position: refs/heads/master@{#317723}

Powered by Google App Engine
This is Rietveld 408576698