Allow framebusting when the target and the destination are same-origin [chromium/src : master]

0 views
Skip to first unread message

Nate Chapin (Gerrit)

unread,
Jan 19, 2018, 7:53:57 PM1/19/18
to blink-revi...@chromium.org, blink-...@chromium.org, Mike West, Commit Bot, chromium...@chromium.org

mkwst: PTAL

View Change

    To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-Project: chromium/src
    Gerrit-Branch: master
    Gerrit-MessageType: comment
    Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
    Gerrit-Change-Number: 877407
    Gerrit-PatchSet: 3
    Gerrit-Owner: Nate Chapin <jap...@chromium.org>
    Gerrit-Reviewer: Mike West <mk...@chromium.org>
    Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
    Gerrit-CC: Commit Bot <commi...@chromium.org>
    Gerrit-Comment-Date: Sat, 20 Jan 2018 00:53:53 +0000
    Gerrit-HasComments: No
    Gerrit-HasLabels: No

    Mike West (Gerrit)

    unread,
    Jan 20, 2018, 2:57:25 AM1/20/18
    to Nate Chapin, blink-revi...@chromium.org, blink-...@chromium.org, Commit Bot, chromium...@chromium.org

    LGTM, thanks!

    Patch set 3:Code-Review +1

    View Change

    2 comments:

    To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-Project: chromium/src
    Gerrit-Branch: master
    Gerrit-MessageType: comment
    Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
    Gerrit-Change-Number: 877407
    Gerrit-PatchSet: 3
    Gerrit-Owner: Nate Chapin <jap...@chromium.org>
    Gerrit-Reviewer: Mike West <mk...@chromium.org>
    Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
    Gerrit-CC: Commit Bot <commi...@chromium.org>
    Gerrit-Comment-Date: Sat, 20 Jan 2018 07:57:18 +0000
    Gerrit-HasComments: Yes
    Gerrit-HasLabels: Yes

    Nate Chapin (Gerrit)

    unread,
    Jan 22, 2018, 1:40:27 PM1/22/18
    to blink-revi...@chromium.org, blink-...@chromium.org, Mike West, Commit Bot, chromium...@chromium.org

    View Change

    2 comments:

      • Nit: s/for the target/with the target/ sounds marginally better to my ear.

      • Done

    To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-Project: chromium/src
    Gerrit-Branch: master
    Gerrit-MessageType: comment
    Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
    Gerrit-Change-Number: 877407
    Gerrit-PatchSet: 4
    Gerrit-Owner: Nate Chapin <jap...@chromium.org>
    Gerrit-Reviewer: Mike West <mk...@chromium.org>
    Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
    Gerrit-CC: Commit Bot <commi...@chromium.org>
    Gerrit-Comment-Date: Mon, 22 Jan 2018 18:40:25 +0000
    Gerrit-HasComments: Yes
    Gerrit-HasLabels: No

    Nate Chapin (Gerrit)

    unread,
    Jan 22, 2018, 1:40:29 PM1/22/18
    to blink-revi...@chromium.org, blink-...@chromium.org, Mike West, Commit Bot, chromium...@chromium.org

    Patch set 4:Commit-Queue +2

    View Change

      To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

      Gerrit-Project: chromium/src
      Gerrit-Branch: master
      Gerrit-MessageType: comment
      Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
      Gerrit-Change-Number: 877407
      Gerrit-PatchSet: 4
      Gerrit-Owner: Nate Chapin <jap...@chromium.org>
      Gerrit-Reviewer: Mike West <mk...@chromium.org>
      Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
      Gerrit-CC: Commit Bot <commi...@chromium.org>
      Gerrit-Comment-Date: Mon, 22 Jan 2018 18:40:27 +0000
      Gerrit-HasComments: No
      Gerrit-HasLabels: Yes

      Commit Bot (Gerrit)

      unread,
      Jan 22, 2018, 1:40:32 PM1/22/18
      to Nate Chapin, blink-revi...@chromium.org, blink-...@chromium.org, Mike West, chromium...@chromium.org

      CQ is trying the patch.

      Note: The patchset sent to CQ was uploaded after this CL was approved.
      "Address comments, rebase" https://chromium-review.googlesource.com/c/877407/4

      Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/chromium-review.googlesource.com/877407/4

      Bot data: {"action": "start", "triggered_at": "2018-01-22T18:40:27.0Z", "cq_cfg_revision": "a668b5363cd374a29ca0f46124c226e2e2aa21d9", "revision": "eb08c88976de24f2b77ae32c708f062fe35f7a7a"}

      View Change

        To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

        Gerrit-Project: chromium/src
        Gerrit-Branch: master
        Gerrit-MessageType: comment
        Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
        Gerrit-Change-Number: 877407
        Gerrit-PatchSet: 4
        Gerrit-Owner: Nate Chapin <jap...@chromium.org>
        Gerrit-Reviewer: Mike West <mk...@chromium.org>
        Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
        Gerrit-CC: Commit Bot <commi...@chromium.org>
        Gerrit-Comment-Date: Mon, 22 Jan 2018 18:40:31 +0000
        Gerrit-HasComments: No
        Gerrit-HasLabels: No

        Commit Bot (Gerrit)

        unread,
        Jan 22, 2018, 4:18:25 PM1/22/18
        to Nate Chapin, blink-revi...@chromium.org, blink-...@chromium.org, Mike West, chromium...@chromium.org
        Try jobs failed on following builders:
          android_n5x_swarming_rel on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_n5x_swarming_rel/builds/345080)

        View Change

          To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

          Gerrit-Project: chromium/src
          Gerrit-Branch: master
          Gerrit-MessageType: comment
          Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
          Gerrit-Change-Number: 877407
          Gerrit-PatchSet: 4
          Gerrit-Owner: Nate Chapin <jap...@chromium.org>
          Gerrit-Reviewer: Mike West <mk...@chromium.org>
          Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
          Gerrit-CC: Commit Bot <commi...@chromium.org>
          Gerrit-Comment-Date: Mon, 22 Jan 2018 21:18:24 +0000
          Gerrit-HasComments: No
          Gerrit-HasLabels: No

          Nate Chapin (Gerrit)

          unread,
          Jan 22, 2018, 4:21:29 PM1/22/18
          to blink-revi...@chromium.org, blink-...@chromium.org, Mike West, Commit Bot, chromium...@chromium.org

          Patch set 4:Commit-Queue +2

          View Change

            To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

            Gerrit-Project: chromium/src
            Gerrit-Branch: master
            Gerrit-MessageType: comment
            Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
            Gerrit-Change-Number: 877407
            Gerrit-PatchSet: 4
            Gerrit-Owner: Nate Chapin <jap...@chromium.org>
            Gerrit-Reviewer: Mike West <mk...@chromium.org>
            Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Commit Bot <commi...@chromium.org>
            Gerrit-Comment-Date: Mon, 22 Jan 2018 21:21:24 +0000
            Gerrit-HasComments: No
            Gerrit-HasLabels: Yes

            Commit Bot (Gerrit)

            unread,
            Jan 22, 2018, 4:21:40 PM1/22/18
            to Nate Chapin, blink-revi...@chromium.org, blink-...@chromium.org, Mike West, chromium...@chromium.org

            CQ is trying the patch.

            Note: The patchset sent to CQ was uploaded after this CL was approved.
            "Address comments, rebase" https://chromium-review.googlesource.com/c/877407/4

            Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/chromium-review.googlesource.com/877407/4

            Bot data: {"action": "start", "triggered_at": "2018-01-22T21:21:24.0Z", "cq_cfg_revision": "a668b5363cd374a29ca0f46124c226e2e2aa21d9", "revision": "eb08c88976de24f2b77ae32c708f062fe35f7a7a"}

            View Change

              To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

              Gerrit-Project: chromium/src
              Gerrit-Branch: master
              Gerrit-MessageType: comment
              Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
              Gerrit-Change-Number: 877407
              Gerrit-PatchSet: 4
              Gerrit-Owner: Nate Chapin <jap...@chromium.org>
              Gerrit-Reviewer: Mike West <mk...@chromium.org>
              Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
              Gerrit-CC: Commit Bot <commi...@chromium.org>
              Gerrit-Comment-Date: Mon, 22 Jan 2018 21:21:39 +0000
              Gerrit-HasComments: No
              Gerrit-HasLabels: No

              Commit Bot (Gerrit)

              unread,
              Jan 22, 2018, 5:44:54 PM1/22/18
              to Nate Chapin, blink-revi...@chromium.org, blink-...@chromium.org, Mike West, chromium...@chromium.org

              Commit Bot merged this change.

              View Change

              Approvals: Mike West: Looks good to me Nate Chapin: Commit 
              Allow framebusting when the target and the destination are same-origin

              Bug: 624061
              Test: http/tests/security/frameNavigation/xss-ALLOWED-same-origin-top-navigation-without-user-gesture.html
              Change-Id: I78909ab0726b85881225de413302886479761a8f
              Reviewed-on: https://chromium-review.googlesource.com/877407
              Commit-Queue: Nate Chapin <jap...@chromium.org>
              Reviewed-by: Mike West <mk...@chromium.org>
              Cr-Commit-Position: refs/heads/master@{#531022}
              ---
              A third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/resources/iframe-that-performs-same-origin-top-navigation-without-user-gesture.html
              A third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-same-origin-top-navigation-without-user-gesture-expected.txt
              A third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-same-origin-top-navigation-without-user-gesture.html
              M third_party/WebKit/Source/core/frame/LocalFrame.cpp
              4 files changed, 48 insertions(+), 2 deletions(-)


              To view, visit change 877407. To unsubscribe, or for help writing mail filters, visit settings.

              Gerrit-Project: chromium/src
              Gerrit-Branch: master
              Gerrit-MessageType: merged
              Gerrit-Change-Id: I78909ab0726b85881225de413302886479761a8f
              Gerrit-Change-Number: 877407
              Gerrit-PatchSet: 5
              Gerrit-Owner: Nate Chapin <jap...@chromium.org>
              Gerrit-Reviewer: Commit Bot <commi...@chromium.org>
              Gerrit-Reviewer: Mike West <mk...@chromium.org>
              Gerrit-Reviewer: Nate Chapin <jap...@chromium.org>
              Reply all
              Reply to author
              Forward
              0 new messages