Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove browsing context name on cross origin navigation #9870

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
6 participants
@chromium-wpt-export-bot
Copy link
Collaborator

chromium-wpt-export-bot commented Mar 6, 2018

When updating the history after a cross-origin navigation, the HTML
Standard says: "If the browsing context is a top-level browsing context,
but not an auxiliary browsing context, then set the browsing context's
name to the empty string."

Currently we are not doing this which means there's potential
information leak.

Spec: https://html.spec.whatwg.org/multipage/browsers.html#resetBCName
I2S: https://groups.google.com/a/chromium.org/d/msg/blink-dev/fhUIycdlINU/RLVEOKaNAwAJ
Webkit change: https://trac.webkit.org/changeset/209076/webkit

Fixed a bug where 's with a name attribute specified lost the name
because they don't have an owner or opener but they have a name
attribute, webviews where losing the name on the initial navigation
commit.

This is a resubmit of https://chromium.googlesource.com/chromium/src.git/+/57e5929e121f8f081a80a2faaf68b00552cf7e72
which had to get reverted because of this issue.

Bug: 706350
Change-Id: Iddb7fd1659c986552c86b70a9790c5ae33f7d2ef
Reviewed-on: https://chromium-review.googlesource.com/778160
WPT-Export-Revision: ef90c23ef76568d1e783fb0fd88624f88ab52eca

@wpt-pr-bot
Copy link
Collaborator

wpt-pr-bot left a comment

Already reviewed downstream.

@w3c-bots

This comment has been minimized.

Copy link

w3c-bots commented Mar 6, 2018

Build PASSED

Started: 2018-03-23 15:47:06
Finished: 2018-03-23 15:54:44

View more information about this build on:

@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-778160 branch 3 times, most recently from 45efd30 to a31dba1 Mar 12, 2018

@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-778160 branch 2 times, most recently from e84bcf3 to 5b2b2bc Mar 19, 2018

@wpt-pr-bot wpt-pr-bot added the infra label Mar 20, 2018

Remove browsing context name on cross origin navigation
When updating the history after a cross-origin navigation, the HTML
Standard says: "If the browsing context is a top-level browsing context,
but not an auxiliary browsing context, then set the browsing context's
name to the empty string."

Currently we are not doing this which means there's potential
information leak.

Spec: https://html.spec.whatwg.org/multipage/browsers.html#resetBCName
I2S: https://groups.google.com/a/chromium.org/d/msg/blink-dev/fhUIycdlINU/RLVEOKaNAwAJ
Webkit change:  https://trac.webkit.org/changeset/209076/webkit

Fixed a bug where <webview>'s with a name attribute specified lost the name
because they don't have an owner or opener but they have a name
attribute, webviews where losing the name on the initial navigation
commit.

This is a resubmit of https://chromium.googlesource.com/chromium/src.git/+/57e5929e121f8f081a80a2faaf68b00552cf7e72
which had to get reverted because of this issue.

Bug: 706350
Change-Id: Iddb7fd1659c986552c86b70a9790c5ae33f7d2ef
@KyleJu

This comment has been minimized.

Copy link

KyleJu commented Feb 5, 2019

Close this PR because thi is a Stale chromium-export PR/branche.

@KyleJu KyleJu closed this Feb 5, 2019

@KyleJu KyleJu deleted the chromium-export-cl-778160 branch Feb 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.