/[blink]
Chromium logo

Revision 179240


Jump to revision: Previous Next
Author: tsepez@chromium.org
Date: Wed Jul 30 17:05:24 2014 UTC (8 years, 9 months ago)
Changed paths: 22
Log Message:
Implement NavigationScheduler::schedulePageBlock() as a redirect to empty substitute data.

This replaces the long-standing kludge of navigating to "data:," so that
we preserve the URL of the page that was blocked. Otherwise, cross-origin
detection of the XSSAuditor is possible via a variety of techniques owing
to the change in the URL.

We lose the benefit of the unique origin, however. I don't think actually
provides any benefit, if only blank content is going into the replacement
page. As a consequence, the parent frame will successfully see same-origin
content in some of the tests. The cross-origin test remains unmodified, 
showing that there aren't new leaks (full-block-script-tag-cross-domain).

The upside is I can remove a lot of logic that was introduced recently to
preserve pages for view-source of the blocked page.  The window-open-block-mode
test is such an example.  There will be more cleanup possible on the
chrome side once this CL lands.

BUG=396544

Review URL: https://codereview.chromium.org/414223004

Changed paths

Path Details
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-base-href-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-iframe-javascript-url-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-javascript-link-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-link-onclick-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-with-source-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/window-open-block-mode-expected.txt deleted
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/window-open-block-mode.html deleted
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-03-expected.txt modified , text changed
Directorytrunk/LayoutTests/http/tests/security/xssAuditor/xss-protection-parsing-04-expected.txt modified , text changed
Directorytrunk/Source/core/loader/NavigationScheduler.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help