Joe Downing (Gerrit)

unread,

Mar 31, 2026, 3:53:23 PM (3 days ago) Mar 31

to Yuwei Huang, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org

Attention needed from Yuwei Huang

Joe Downing voted and added 1 comment

Votes added by Joe Downing

Commit-Queue

+1

1 comment

Patchset-level comments

File-level comment, Patchset 6 (Latest):

Joe Downing . resolved

PTAL!

Open in Gerrit

Related details

Attention is currently required from:

Yuwei Huang

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Yuwei Huang (Gerrit)

unread,

Mar 31, 2026, 4:18:46 PM (3 days ago) Mar 31

to Joe Downing, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org

Attention needed from Joe Downing

Yuwei Huang voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Joe Downing

Submit Requirements:

Code-Coverage
Code-Owners

Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Joe Downing (Gerrit)

unread,

Mar 31, 2026, 4:22:07 PM (3 days ago) Mar 31

to Yuwei Huang, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org

Joe Downing voted and added 1 comment

Votes added by Joe Downing

Commit-Queue

+2

1 comment

Patchset-level comments

File-level comment, Patchset 6 (Latest):

Joe Downing . resolved

Thanks!

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Mar 31, 2026, 4:25:00 PM (3 days ago) Mar 31

to Joe Downing, Yuwei Huang, chromium...@chromium.org, chromotin...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

[remoting]: Reject XML stanzas with DTDs in SignalStrategy.

This change adds a pre-parsing check to SignalStrategy::ParseStanzaXml
to reject XML payloads containing <!DOCTYPE to prevent the underlying
unhardened Expat XML parser from processing untrusted DTDs.

Bug: 497828214

Change-Id: I224b1048c3d1b1f504e96c3f40a301e782f85665

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7717605

Commit-Queue: Joe Downing <joe...@chromium.org>

Reviewed-by: Yuwei Huang <yuw...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#1608066}

Files:

M remoting/signaling/ftl_signal_strategy_unittest.cc
M remoting/signaling/signal_strategy.cc

Change size: S

Delta: 2 files changed, 23 insertions(+), 0 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Yuwei Huang

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[remoting]: Reject XML stanzas with DTDs in SignalStrategy. [chromium/src : main]

Joe Downing (Gerrit)

Joe Downing voted and added 1 comment

Votes added by Joe Downing

1 comment

Related details

Yuwei Huang (Gerrit)

Yuwei Huang voted Code-Review+1

Related details

Joe Downing (Gerrit)

Joe Downing voted and added 1 comment

Votes added by Joe Downing

1 comment

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information