Reject non-http URLs for url member #174
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
It looks like https://github.com/web-platform-tests/wpt/blob/master/web-share/canShare.tentative.https.html still checks that we're able to share data URLs. Would that test need to be updated as well? |
|
The webkit patch allows data urls. @marcoscaceres do you also consider them problematic? |
|
I think that this needs more treatment than this alone. It needs to acknowledge the risk that share targets could retrieve content from the URL, and that they might follow redirects (or be subject to DNS tweaking) in order to exploit their position in the network to access information that might otherwise be protected by firewalls and similar. If the application also passes on that information, that leads to an unexpected information leakage. I don't think that it is appropriate to say that this is sufficient to address #173. |
|
@ericwilligers, about data: URLs, yes, as if they get dereferenced and previewed, then you can get into a situation like: @whsieh, what was the rationale for still allowing @martinthomson agree, definitely need to add a security considerations section for apps ingesting these URLs. As you suggested, we are just one link a weak chain here and OSs and apps able to inject need to be more careful. |
|
@martinthomson, I added your comment above more or less verbatim as they capture the risk quite nicely from a bunch of different angles. Please feel free to suggest additional changes. |
|
I file w3ctag/security-questionnaire#96 to capture our cautionary tale of trusting URLs and thinking receiving parties will be careful with what they are receiving. |
I believe the rationale for still allowing the |
|
@whsieh, for the share targets you tested, is sharing a http(s) url that redirects a problem? If not, is sharing the following simply equivalent to sharing a http(s) url that redirects, and not equivalent to sharing a |
This is not a problem (at least, on Cocoa platforms) because neither the share targets (Messages and Mail in this case) nor the UA attempt to load the data URL as web content and then send the web content to the recipient. |
Co-authored-by: Martin Thomson <mt@lowentropy.net>
ewilligers
approved these changes
Sep 16, 2020
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Sep 24, 2020
Spec: https://w3c.github.io/web-share/#share-method If a share() request is active when share() is called again, the new share request fails immediately. w3c/web-share#113 In content shell, the OS-integration for the share service is not present. Instead of crashing in tests, we report a not implemented error. WPT web-share/share-sharePromise-internal-slot.https.html now passes (It previously crashed.) Protocols other that http and https are no longer supported by share() or canShare(). w3c/web-share#174 canShare is being discussed in w3c/web-share#177 Bug: 1002337, 1002514, 1131755 Change-Id: I4ec9f6eb03373fd5c6db1881df906a8df36ca4ff
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Sep 24, 2020
Spec: https://w3c.github.io/web-share/#share-method If a share() request is active when share() is called again, the new share request fails immediately. w3c/web-share#113 In content shell, the OS-integration for the share service is not present. Instead of crashing in tests, we report a not implemented error. WPT web-share/share-sharePromise-internal-slot.https.html now passes - it previously crashed. w3c/web-share#183 improves consistency between the test and the spec. Protocols other that http and https are no longer supported by share() or canShare(). w3c/web-share#174 canShare is being discussed in w3c/web-share#177 Bug: 1002337, 1002514, 1131755 Change-Id: I4ec9f6eb03373fd5c6db1881df906a8df36ca4ff
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Sep 24, 2020
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Sep 24, 2020
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Sep 24, 2020
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligers@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Cr-Commit-Position: refs/heads/master@{#810180}
blueboxd
pushed a commit
to blueboxd/chromium-legacy
that referenced
this pull request
Sep 24, 2020
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligers@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Cr-Commit-Position: refs/heads/master@{#810180}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Sep 24, 2020
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligers@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Cr-Commit-Position: refs/heads/master@{#810180}
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Sep 26, 2020
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligers@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Cr-Commit-Position: refs/heads/master@{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Sep 28, 2020
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligerschromium.org> Reviewed-by: Glen Robertson <glenrobchromium.org> Auto-Submit: Eric Willigers <ericwilligerschromium.org> Cr-Commit-Position: refs/heads/master{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755 UltraBlame original commit: 527027b783378db7e3c1fcdd908e718799400989
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Sep 28, 2020
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligerschromium.org> Reviewed-by: Glen Robertson <glenrobchromium.org> Auto-Submit: Eric Willigers <ericwilligerschromium.org> Cr-Commit-Position: refs/heads/master{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755 UltraBlame original commit: 527027b783378db7e3c1fcdd908e718799400989
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Sep 28, 2020
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligerschromium.org> Reviewed-by: Glen Robertson <glenrobchromium.org> Auto-Submit: Eric Willigers <ericwilligerschromium.org> Cr-Commit-Position: refs/heads/master{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755 UltraBlame original commit: 527027b783378db7e3c1fcdd908e718799400989
sidvishnoi
pushed a commit
to sidvishnoi/gecko-webmonetization
that referenced
this pull request
Oct 1, 2020
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligers@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Cr-Commit-Position: refs/heads/master@{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755
marcoscaceres
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Apr 26, 2021
data: URLs are no longer supported by Web Share API. w3c/web-share#174 This is tested by automated tests. The manual test in obsolete, it is not valid or needed. closes #202 Co-authored-by: Eric Willigers <ericwilligers@chromium.org>
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Apr 27, 2021
…https.html, a=testonly Automatic update from web-platform-tests Web Share: Retire share-url-data-manual.https.html (#28654) data: URLs are no longer supported by Web Share API. w3c/web-share#174 This is tested by automated tests. The manual test in obsolete, it is not valid or needed. closes #202 Co-authored-by: Eric Willigers <ericwilligers@chromium.org> -- wpt-commits: 2eb3853c6bb77eed4a3b5de3b6042b72463efd65 wpt-pr: 28654
mjfroman
pushed a commit
to mjfroman/moz-libwebrtc-third-party
that referenced
this pull request
Oct 14, 2022
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligers@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Cr-Commit-Position: refs/heads/master@{#810180} GitOrigin-RevId: 060b7f1b2de01048a934bc4aca41973edaf4d12c
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #173
For normative changes, the following tasks have been completed:
Implementation commitment: