about:blank" or "about:srcdoc" with query string or fragment should be potentially trustworthy #81
Comments
|
This sounds reasonable. HTML does some checks for about:blank too and I've wondered about this same thing, but never gotten around to writing tests and such. (Fetch does do the thing you suggest at https://fetch.spec.whatwg.org/#concept-scheme-fetch and I suspect we want to adopt the same language.) |
pull bot
pushed a commit
to Mu-L/chromium
that referenced
this issue
Dec 3, 2020
This CL adds comments & TODOs, reorganizes a bit the code and adds tests in order to make comparison against the specification easier [1] [2] [3] and to prepare follow-up patches that will require approvals from API owners. There is no behavior change. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-origin [2] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [3] w3c/webappsec-secure-contexts#81 Bug: 1119740 Change-Id: Id1b379964a7724d7d53a279fbb5a187cb6a5453f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2560953 Reviewed-by: Matthias Körber <[email protected]> Reviewed-by: Łukasz Anforowicz <[email protected]> Reviewed-by: Matt Falkenhagen <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Frédéric Wang <[email protected]> Cr-Commit-Position: refs/heads/master@{#833034}
|
Did you write tests for this by any chance @fred-wang? I can take care of updating the specification. |
|
@annevk Only internal c++ tests for chromium. |
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Jan 20, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Jan 21, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mariospr
added a commit
to brave/brave-core
that referenced
this issue
Jan 25, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Jan 26, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Jan 27, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Jan 27, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 3, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 4, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
mkarolin
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 5, 2021
Any other about: URL is now considered unsecure according to the spec linked from the upstream commit's description (see [1]) Chromium change: https://source.chromium.org/chromium/chromium/src/+/58fcd77538b8bc6989b2e3290b789f864ddf4dd9 commit 58fcd77538b8bc6989b2e3290b789f864ddf4dd9 Author: Frédéric Wang <[email protected]> Date: Thu Dec 3 00:47:31 2020 +0000 Limit about: URLs that are treated as potentially trustworthy Per [1], only about:blank and about:srcdoc URLs should be treated as potentially trustworthy, but Chromium currently accepts all about: URLs. This CL aligns with the current spec, with the additional assumption that query and fragment components are accepted too [2]. This change is not web-visible. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [2] w3c/webappsec-secure-contexts#81 Bug: 1153335, 1153336
@annevk IIUC, one reviewer mentioned this is probably not web-observable, so not sure we need to or can write WPT tests... |
|
It should be possible to navigate a browsing context to I do think that as I mentioned elsewhere this should probably not end up as a secure context because of that, but rather because of who did the navigating. So ultimately this might indeed not be testable much. |
mjfroman
pushed a commit
to mjfroman/moz-libwebrtc-third-party
that referenced
this issue
Oct 14, 2022
This CL adds comments & TODOs, reorganizes a bit the code and adds tests in order to make comparison against the specification easier [1] [2] [3] and to prepare follow-up patches that will require approvals from API owners. There is no behavior change. [1] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-origin [2] https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url [3] w3c/webappsec-secure-contexts#81 Bug: 1119740 Change-Id: Id1b379964a7724d7d53a279fbb5a187cb6a5453f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2560953 Reviewed-by: Matthias Körber <[email protected]> Reviewed-by: Łukasz Anforowicz <[email protected]> Reviewed-by: Matt Falkenhagen <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Frédéric Wang <[email protected]> Cr-Commit-Position: refs/heads/master@{#833034} GitOrigin-RevId: 063077da1caa6e4407e3d95a74164dc5b7543e43
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy
I think the spec is not really explicit here (compare with other places where we talk about host component or scheme), but I understand the intention is to accept query string or fragment too.
So maybe it should be
(Note: Chromium currently just checks if the scheme is "about" but ideally it should use these
https://source.chromium.org/chromium/chromium/src/+/master:url/gurl.h;l=216;drc=5607fbe5f50d8539be9f26e36a5c2517fc18fad7
which accepts query string or fragment.)
The text was updated successfully, but these errors were encountered: