Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

amp-lightbox: Propagate trust from action->event #25112

Merged
merged 1 commit into from Oct 24, 2019
Merged

amp-lightbox: Propagate trust from action->event #25112

merged 1 commit into from Oct 24, 2019

Conversation

dreamofabear
Copy link

Partial for #24894.

Ensure that the same trust level open/close/toggle action is called with is passed to the resulting open/close event to prevent trust escalation. Similar to #24425.

/to @alanorozco

@dreamofabear dreamofabear mentioned this pull request Oct 17, 2019
Closed
7 tasks
@dreamofabear dreamofabear marked this pull request as ready for review October 17, 2019 21:57
@dreamofabear
Copy link
Author

@alanorozco Friendly ping. :)

alanorozco
alanorozco approved these changes Oct 23, 2019
View reviewed changes
extensions/amp-lightbox/0.1/amp-lightbox.js
@@ -181,8 +181,8 @@ class AmpLightbox extends AMP.BaseElement {
this.action_ = Services.actionServiceForDoc(this.element);
this.maybeSetTransparentBody_();

this.registerDefaultAction(unused => this.open_(), 'open');
this.registerAction('close', this.close.bind(this));
this.registerDefaultAction(i => this.open_(i.trust), 'open');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

micronit: destructure?

({trust}) => this.open_(trust)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO dot syntax is more readable here, especially for a single property. :)

@dreamofabear dreamofabear merged commit a6feca0 into ampproject:master Oct 24, 2019
@dreamofabear dreamofabear deleted the plumb-trust-lightbox branch October 24, 2019 15:41
micajuine-ho pushed a commit to micajuine-ho/amphtml that referenced this pull request Dec 27, 2019
Plumb trust in amp-lightbox. (ampproject#25112)
ad2466a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alanorozco alanorozco alanorozco approved these changes

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dreamofabear @alanorozco @googlebot