/[blink]
Chromium logo

Revision 176084


Jump to revision: Previous Next
Author: pdr@chromium.org
Date: Fri Jun 13 03:22:36 2014 UTC (8 years, 11 months ago)
Changed paths: 9
Log Message:
Enforce SVG image security rules

SVG images have unique security rules that prevent them from loading
any external resources. This patch enforces these rules in
ResourceFetcher::canRequest for all non-data-uri resources. This locks
down our SVG resource handling and fixes two security bugs.

In the case of SVG images that reference other images, we had a bug
where a cached subresource would be used directly from the cache.
This has been fixed because the canRequest check occurs before we use
cached resources.

In the case of SVG images that use CSS imports, we had a bug where
imports were blindly requested. This has been fixed by stopping all
non-data-uri requests in SVG images.

With this patch we now match Gecko's behavior on both testcases.

BUG=380885, 382296

Review URL: https://codereview.chromium.org/320763002

Changed paths

Path Details
Directorytrunk/LayoutTests/http/tests/security/resources/css-import.css added
Directorytrunk/LayoutTests/http/tests/security/resources/image-with-css-import.svg added
Directorytrunk/LayoutTests/http/tests/security/resources/image-wrapper-with-no-image.svg added
Directorytrunk/LayoutTests/http/tests/security/resources/image-wrapper.svg modified , text changed , props changed
Directorytrunk/LayoutTests/http/tests/security/svg-image-with-cached-remote-image-expected.html added
Directorytrunk/LayoutTests/http/tests/security/svg-image-with-cached-remote-image.html added
Directorytrunk/LayoutTests/http/tests/security/svg-image-with-css-import-expected.html added
Directorytrunk/LayoutTests/http/tests/security/svg-image-with-css-import.html added
Directorytrunk/Source/core/fetch/ResourceFetcher.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help