| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
| Code-Review | +1 |
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
| Code-Review | +1 |
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
[M150] Validate browser-initiated file uploads
Original change's description:
> Validate browser-initiated file uploads
>
> This CL introduces token-based tracking and validation for files
> uploaded by the browser process to the network service.
>
> We introduce `BrowserFileAccessCallbacks` to `SimpleURLLoader`, allowing
> the browser to register file paths with `ChildProcessSecurityPolicy`.
> `ScopedBrowserFileAccess` manages token lifetimes for file paths
> originating from navigations (e.g., Web Share Target).
>
> Finally, `NetworkContextClientBaseImpl::HandleFileUploadRequest` is
> updated to validate the tokens using `CanBrowserReadFile()` when the
> originating process is the browser. This entire mechanism is gated
> behind the `kFileUploadTokenRegistration` feature flag, which is
> enabled by default.
>
> Bug: 497428001
> Change-Id: I8a06849dc69b19d3fa71c62ba2ed63813db686fa
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7968017
> Reviewed-by: Alex Moshchuk <ale...@chromium.org>
> Auto-Submit: Nidhi Jaju <nidh...@chromium.org>
> Commit-Queue: Nidhi Jaju <nidh...@chromium.org>
> Reviewed-by: Takashi Toyoshima <toyo...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1657089}
(cherry picked from commit 1fc7b5f1b300973956c4edcb7e3f8f8d56a56e6a)
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |