Simon Hangl (Gerrit)

unread,

Nov 4, 2025, 8:39:24 AM (2 days ago) Nov 4

to Olga Korokhina, Rune Lillesveen, Code Review Nudger, Simon Hangl, AI Code Reviewer, Nico Weber, Abigail Klein, Chris Thompson, Robbie McElrath, AyeAye, Menard, Alexis, chromium...@chromium.org, (Julie)Jeongeun Kim, Kevin Babbitt, Kevin McNee, James Maclean, Chromium LUCI CQ, oshima...@chromium.org, abigailbk...@google.com, apavlo...@chromium.org, blink-rev...@chromium.org, blink-re...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chromium-a...@chromium.org, dtseng...@chromium.org, extension...@chromium.org, francisjp...@google.com, josiah...@chromium.org, kinuko...@chromium.org, kyungjunle...@google.com, loading-rev...@chromium.org, lucasrada...@google.com, nektar...@chromium.org, pdf-r...@chromium.org, yuzo+...@chromium.org

Attention needed from Abigail Klein, Chris Thompson, Nico Weber, Olga Korokhina, Robbie McElrath and Simon Hangl

Simon Hangl voted and added 1 comment

Votes added by Simon Hangl

Code-Review

+1

1 comment

Patchset-level comments

File-level comment, Patchset 18 (Latest):

Simon Hangl . resolved

LGTM

Open in Gerrit

Related details

Attention is currently required from:

Abigail Klein
Chris Thompson
Nico Weber
Olga Korokhina
Robbie McElrath
Simon Hangl

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Nico Weber (Gerrit)

unread,

Nov 4, 2025, 9:10:13 AM (2 days ago) Nov 4

to Olga Korokhina, Simon Hangl, Rune Lillesveen, Code Review Nudger, Simon Hangl, AI Code Reviewer, Nico Weber, Abigail Klein, Chris Thompson, Robbie McElrath, AyeAye, Menard, Alexis, chromium...@chromium.org, (Julie)Jeongeun Kim, Kevin Babbitt, Kevin McNee, James Maclean, Chromium LUCI CQ, oshima...@chromium.org, abigailbk...@google.com, apavlo...@chromium.org, blink-rev...@chromium.org, blink-re...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chromium-a...@chromium.org, dtseng...@chromium.org, extension...@chromium.org, francisjp...@google.com, josiah...@chromium.org, kinuko...@chromium.org, kyungjunle...@google.com, loading-rev...@chromium.org, lucasrada...@google.com, nektar...@chromium.org, pdf-r...@chromium.org, yuzo+...@chromium.org

Attention needed from Abigail Klein, Chris Thompson, Olga Korokhina, Robbie McElrath and Simon Hangl

Nico Weber added 1 comment

Patchset-level comments

File-level comment, Patchset 18 (Latest):

Nico Weber . resolved

Is it possible to test this?

Does the linked bug have to be private?

(https://www.chromium.org/issue-tracking/googler-guidelines/ "Bugs should be open by default, unless there is specific information that should be restricted to Googlers. Chromium is an open-source project.")

Open in Gerrit

Related details

Attention is currently required from:

Abigail Klein
Chris Thompson

satisfied_requirement

unsatisfied_requirement

open

diffy

Olga Korokhina (Gerrit)

unread,

Nov 4, 2025, 9:27:41 AM (2 days ago) Nov 4

to Simon Hangl, Rune Lillesveen, Code Review Nudger, Simon Hangl, AI Code Reviewer, Nico Weber, Abigail Klein, Chris Thompson, Robbie McElrath, AyeAye, Menard, Alexis, chromium...@chromium.org, (Julie)Jeongeun Kim, Kevin Babbitt, Kevin McNee, James Maclean, Chromium LUCI CQ, oshima...@chromium.org, abigailbk...@google.com, apavlo...@chromium.org, blink-rev...@chromium.org, blink-re...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chromium-a...@chromium.org, dtseng...@chromium.org, extension...@chromium.org, francisjp...@google.com, josiah...@chromium.org, kinuko...@chromium.org, kyungjunle...@google.com, loading-rev...@chromium.org, lucasrada...@google.com, nektar...@chromium.org, pdf-r...@chromium.org, yuzo+...@chromium.org

Attention needed from Abigail Klein, Chris Thompson, Robbie McElrath and Simon Hangl

Olga Korokhina added 4 comments

Commit Message

Line 7, Patchset 17:Move inline CSS to fix blob iframe CSP errors

Rune Lillesveen . resolved

This is no longer accurate.

Olga Korokhina

Indeed, thank you, adjusted.

Line 10, Patchset 17:

with Blob resource in existing css file. Inline styles for <pre> wrapping text in ifame moved to html.css making it available on any rendered page, this eliminates CSP security error fired if policies for styles do not include 'unsafe-inline'. Solves several known issues with blobs as iFrame source.

Rune Lillesveen . resolved

Need to update the description to match the actual change.
Note that you should wrap the lines of the commit message at ~72 chars.

Olga Korokhina

Fixed, thank you.

File third_party/blink/renderer/core/html/text_document.cc

Line 40, Patchset 16: // attribute This style attribute should be allowed regardless of the CSP

Rune Lillesveen . resolved

Missing '.'

Olga Korokhina

Copy-pasted :) Fixed, thank you.

Line 41, Patchset 16: // headers sent with the text file. This is safe since the all non-text

Rune Lillesveen . resolved

remove "the"

Olga Korokhina

Removed, thank you.

Open in Gerrit

Related details

Attention is currently required from:

Abigail Klein
Chris Thompson
Robbie McElrath
Simon Hangl

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Olga Korokhina (Gerrit)

unread,

Nov 4, 2025, 9:30:23 AM (2 days ago) Nov 4

to Simon Hangl, Rune Lillesveen, Code Review Nudger, Simon Hangl, AI Code Reviewer, Nico Weber, Abigail Klein, Chris Thompson, Robbie McElrath, AyeAye, Menard, Alexis, chromium...@chromium.org, (Julie)Jeongeun Kim, Kevin Babbitt, Kevin McNee, James Maclean, Chromium LUCI CQ, oshima...@chromium.org, abigailbk...@google.com, apavlo...@chromium.org, blink-rev...@chromium.org, blink-re...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chromium-a...@chromium.org, dtseng...@chromium.org, extension...@chromium.org, francisjp...@google.com, josiah...@chromium.org, kinuko...@chromium.org, kyungjunle...@google.com, loading-rev...@chromium.org, lucasrada...@google.com, nektar...@chromium.org, pdf-r...@chromium.org, yuzo+...@chromium.org

Attention needed from Abigail Klein, Chris Thompson, Robbie McElrath and Simon Hangl

Olga Korokhina voted Commit-Queue+2

Commit-Queue

+2

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Nov 4, 2025, 10:06:26 AM (2 days ago) Nov 4

to Olga Korokhina, Simon Hangl, Rune Lillesveen, Code Review Nudger, Simon Hangl, AI Code Reviewer, Nico Weber, Abigail Klein, Chris Thompson, Robbie McElrath, AyeAye, Akihiro Ota, Menard, Alexis, chromium...@chromium.org, (Julie)Jeongeun Kim, Kevin Babbitt, Kevin McNee, James Maclean, oshima...@chromium.org, abigailbk...@google.com, apavlo...@chromium.org, blink-rev...@chromium.org, blink-re...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chromium-a...@chromium.org, dtseng...@chromium.org, extension...@chromium.org, francisjp...@google.com, josiah...@chromium.org, kinuko...@chromium.org, kyungjunle...@google.com, loading-rev...@chromium.org, lucasrada...@google.com, nektar...@chromium.org, pdf-r...@chromium.org, yuzo+...@chromium.org

Chromium LUCI CQ submitted the change with unreviewed changes

Unreviewed changes

18 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:

```
The name of the file: third_party/blink/renderer/core/html/text_document.cc
Insertions: 2, Deletions: 2.

@@ -37,8 +37,8 @@
   SetCompatibilityMode(kNoQuirksMode);
   LockCompatibilityMode();
   // Text documents are rendered using a UA-inserted <pre> tag with a style
-  // attribute This style attribute should be allowed regardless of the CSP
-  // headers sent with the text file. This is safe since the all non-text
+  // attribute. This style attribute should be allowed regardless of the CSP
+  // headers sent with the text file. This is safe since all non-text
   // rendered content, that would have been blocked, is inserted by the UA.
   GetExecutionContext()
       ->GetContentSecurityPolicy()
```

Change information

Commit message:

Override TextDocument CSP headers to fix blob iframe CSP errors

Change eliminates the CSP error caused by inline css classes in
TextDocument's <pre> wrapper for iFrame by overriding the headers.


Solves several known issues with blobs as iFrame source.

Bug: 336209144
Change-Id: I98abb62b8a6ec8557e4dae34bb665c478b279806
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7031803
Reviewed-by: Simon Hangl <sim...@google.com>
Commit-Queue: Olga Korokhina <koro...@google.com>
Reviewed-by: Rune Lillesveen <fut...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1540021}

Files:

M third_party/blink/renderer/core/html/text_document.cc

Change size: XS

Delta: 1 file changed, 9 insertions(+), 0 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Rune Lillesveen, +1 by Simon Hangl

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

Override TextDocument CSP headers to fix blob iframe CSP errors [chromium/src : main]

Simon Hangl (Gerrit)

Simon Hangl voted and added 1 comment

Votes added by Simon Hangl

1 comment

Related details

Nico Weber (Gerrit)

Nico Weber added 1 comment

Related details

Olga Korokhina (Gerrit)

Olga Korokhina added 4 comments

Related details

Olga Korokhina (Gerrit)

Olga Korokhina voted Commit-Queue+2

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change with unreviewed changes

Unreviewed changes

Change information