Jack Franklin (Gerrit)

unread,

May 21, 2026, 11:29:19 AM (3 days ago) May 21

to Alina Varkki, devtools-fro...@luci-project-accounts.iam.gserviceaccount.com, devtools-rev...@chromium.org

Attention needed from Alina Varkki

Jack Franklin voted and added 1 comment

Votes added by Jack Franklin

Auto-Submit

+1

1 comment

Patchset-level comments

File-level comment, Patchset 3 (Latest):

Jack Franklin . resolved

PTAL

Open in Gerrit

Related details

Attention is currently required from:

Alina Varkki

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Alina Varkki (Gerrit)

unread,

May 22, 2026, 10:12:17 AM (2 days ago) May 22

to Jack Franklin, devtools-fro...@luci-project-accounts.iam.gserviceaccount.com, devtools-rev...@chromium.org

Attention needed from Jack Franklin

Alina Varkki voted

Code-Review	+1
Commit-Queue	+2

Open in Gerrit

Related details

Attention is currently required from:

Jack Franklin

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Nikolay Vitkov (Gerrit)

unread,

May 22, 2026, 10:47:01 AM (2 days ago) May 22

to Jack Franklin, Alina Varkki, devtools-fro...@luci-project-accounts.iam.gserviceaccount.com, devtools-rev...@chromium.org

Attention needed from Alina Varkki and Jack Franklin

Nikolay Vitkov voted

Code-Review	+1
Commit-Queue	+2

Open in Gerrit

Related details

Attention is currently required from:

Alina Varkki
Jack Franklin

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Alex Rudenko (Gerrit)

unread,

May 22, 2026, 10:47:11 AM (2 days ago) May 22

to Jack Franklin, Nikolay Vitkov, Alina Varkki, devtools-fro...@luci-project-accounts.iam.gserviceaccount.com, devtools-rev...@chromium.org

Attention needed from Alina Varkki and Jack Franklin

Alex Rudenko added 1 comment

File buildtools

Line 1, Patchset 4 (Latest):Subproject commit 4aacaa165bb602de929db8c20a7aaa02b166e706

Alex Rudenko . unresolved

please revert

Open in Gerrit

Related details

Attention is currently required from:

Alina Varkki
Jack Franklin

Submit Requirements:

Code-Owners
Code-Review

No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Piotr Paulski (Gerrit)

unread,

May 22, 2026, 10:47:21 AM (2 days ago) May 22

to Jack Franklin, Alex Rudenko, Nikolay Vitkov, Alina Varkki, devtools-fro...@luci-project-accounts.iam.gserviceaccount.com, devtools-rev...@chromium.org

Attention needed from Alina Varkki, Jack Franklin and Nikolay Vitkov

Piotr Paulski voted

Code-Review	+1
Commit-Queue	+2

Open in Gerrit

Related details

Attention is currently required from:

Alina Varkki
Jack Franklin
Nikolay Vitkov

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Jack Franklin (Gerrit)

unread,

May 22, 2026, 10:48:23 AM (2 days ago) May 22

to Piotr Paulski, Alex Rudenko, Nikolay Vitkov, Alina Varkki, devtools-fro...@luci-project-accounts.iam.gserviceaccount.com, devtools-rev...@chromium.org

Attention needed from Alex Rudenko, Alina Varkki, Nikolay Vitkov and Piotr Paulski

Jack Franklin voted and added 1 comment

Votes added by Jack Franklin

Auto-Submit

+1

1 comment

File buildtools

Line 1, Patchset 4:Subproject commit 4aacaa165bb602de929db8c20a7aaa02b166e706

Alex Rudenko . resolved

please revert

Jack Franklin

Done

Open in Gerrit

Related details

Attention is currently required from:

Alex Rudenko
Alina Varkki
Nikolay Vitkov
Piotr Paulski

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Alex Rudenko (Gerrit)

unread,

May 22, 2026, 10:48:30 AM (2 days ago) May 22

to Jack Franklin, Piotr Paulski, Nikolay Vitkov, Alina Varkki, devtools-fro...@luci-project-accounts.iam.gserviceaccount.com, devtools-rev...@chromium.org

Attention needed from Alina Varkki, Jack Franklin, Nikolay Vitkov and Piotr Paulski

Alex Rudenko voted

Code-Review	+1
Commit-Queue	+2

Open in Gerrit

Related details

Attention is currently required from:

Alina Varkki
Jack Franklin
Nikolay Vitkov
Piotr Paulski

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

devtools-frontend-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

unread,

May 22, 2026, 11:30:50 AM (2 days ago) May 22

to Jack Franklin, Alex Rudenko, Piotr Paulski, Nikolay Vitkov, Alina Varkki, devtools-rev...@chromium.org

devtools-fro...@luci-project-accounts.iam.gserviceaccount.com submitted the change

Change information

Commit message:

AI: Fix cross-origin data leak in AccessibilityAgent

Update AccessibilityAgent and its markdown renderer to verify that
resolved DOM nodes belong to the main frame. This prevents the agent
from being manipulated via prompt injection into extracting sensitive
data (such as ARIA attributes or computed styles) from cross-origin
iframes.

This change includes:
- A frame ID check in AccessibilityAgent.#resolvePathToNode.
- A frame ID check in AccessibilityAgentMarkdownRenderer.#linkifyPath.

Fixed: 513783632

Change-Id: I08694e9078703fdf96dcb198d1e901dcf9daf22b

Reviewed-on: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/7868180

Auto-Submit: Jack Franklin <jacktf...@chromium.org>

Reviewed-by: Alex Rudenko <alexr...@chromium.org>

Commit-Queue: Alex Rudenko <alexr...@chromium.org>

Files:

M front_end/models/ai_assistance/agents/AccessibilityAgent.test.ts
M front_end/models/ai_assistance/agents/AccessibilityAgent.ts
M front_end/panels/ai_assistance/components/AccessibilityAgentMarkdownRenderer.test.ts
M front_end/panels/ai_assistance/components/AccessibilityAgentMarkdownRenderer.ts

Change size: M

Delta: 4 files changed, 90 insertions(+), 6 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Alex Rudenko

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

AI: Fix cross-origin data leak in AccessibilityAgent [devtools/devtools-frontend : main]

Jack Franklin (Gerrit)

Jack Franklin voted and added 1 comment

Votes added by Jack Franklin

1 comment

Related details

Alina Varkki (Gerrit)

Alina Varkki voted

Related details

Nikolay Vitkov (Gerrit)

Nikolay Vitkov voted

Related details

Alex Rudenko (Gerrit)

Alex Rudenko added 1 comment

Related details

Piotr Paulski (Gerrit)

Piotr Paulski voted

Related details

Jack Franklin (Gerrit)

Jack Franklin voted and added 1 comment

Votes added by Jack Franklin

1 comment

Related details

Alex Rudenko (Gerrit)

Alex Rudenko voted

Related details

devtools-frontend-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

devtools-fro...@luci-project-accounts.iam.gserviceaccount.com submitted the change

Change information