Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 594215 Disable page-initiated main frame navigations to data URLs
Starred by 25 users Project Member Reported by meacer@chromium.org, Mar 11 2016 Back to list
Status: Fixed
Owner:
Closed: Apr 22
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug


Sign in to add a comment
We've seen somewhat convincing spoofing attacks using data: and blob: urls where the url looks unfamiliar and convincing enough to trick users. Other than initiating downloads, there seems to be no good reason a page should be able to navigate to such urls (http://go/crbug-pseudo-urls)

Usage isn't high: Per Navigation.MainFrameSchemeDifferentPage, %0.04 of all urls is to data: schemes. The number is almost zero for blob: scheme.

We'll still allow direct navigations where the user types the URL. We also want to allow downloads that are initiated by pages.

 
Comment 1 by creis@chromium.org, Mar 11 2016
This is for main frame navigations only, right?

I think we'll need an Intent email on blink-dev for this when the time comes.
Comment 2 by meacer@chromium.org, Mar 11 2016
Summary: Disable page-initiated main frame navigations to pseudo URLs such as data: and blob: (was: Disable page initiated navigations to pseudo URLs such as data: and blob:)
Correct, only for main frame navigations (updated the title). I can send an email to blink-dev once we figure out some of the details.

One of the outstanding questions is whether we can reliably distinguish downloads from other redirects. It looks like determining whether a navigation will end up with a download requires actually navigating to the URL, is that right?
Cc: asanka@chromium.org
+asanka for answering download question in #2. 

For some downloads we do get some of the data to do MIME sniffing. But I wonder if we could have some reasonable heuristics here.

[Note: I like this overall idea if that matters].
Comment 4 by asanka@chromium.org, Mar 14 2016
We can predict what will happen based on the MIME type of the response. The effective MIME type is what's specified explicitly for data: and blob: URLs. We don't support sniffing data: and blob: responses.

The decision is codified in MimeTypeResourceHandler::SelectNextHandler(). The high-level logic is:

  * If :
       - a request's resource type is MAIN_FRAME or SUB_FRAME AND
       - the MIME type is not supported natively by the renderer (determined by mime_util::IsSupportedMimeType()) AND
       - the MIME type is not supported by any enabled plugin
    Then: download the response.

That said, this isn't strictly correct layering. The logic in MimeTypeResourceHandler is trying to predict what the renderer would do if the browser were to send the response over. Prior to the browser-side navigation work, the correct way to determine if something was a download would've been to wait for the renderer to decide what to do with the response. If the renderer refused to deal with the response AND the request was for a MAIN_FRAME or SUB_FRAME resource type, then we can consider downloading the response instead. I'm not sure what the correct thing to do is with browser-side navigation without duplicating the 'can the renderer handle this response' logic in both the browser and the renderer.

Comment 5 by meacer@chromium.org, Mar 24 2016
Thanks asanka. How do redirects to subresources fall into this? More specifically, if a.com opens |data:text/html;charset=utf-8,<head><META http-equiv="refresh" content="0;URL=http://example.com/download.png">|, it seems like we'll need to allow the data url to load and then initiate the download. But then we end up displaying the data url in the first place. Is there anything clever we could do there?

Speaking of MIME types, another option is to still allow navigations to static content such as images (data:image/*). We don't have data on what mime types are being displayed via data/blob urls, but I'm guessing most are images.

Comment 6 by meacer@chromium.org, Mar 24 2016
Cc: meacer@chromium.org f...@chromium.org creis@chromium.org nasko@chromium.org jsc...@chromium.org
Issue 484691 has been merged into this issue.
One strong compatibility measure is that if an <A> element has the Download attribute (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a) then we know it's going to be a download. We also know in advance if the user does "Save Link As." 

Compatibility-wise, IE8+ and Edge do not allow navigation to Data/Blob URIs either at the top-level or in frames (e.g. https://bayden.com/test/data.htm). But you can download them via "Save Target As" or via the DOWNLOAD attribute on A Elements.
Comment 8 by vakh@chromium.org, Apr 1 2016
Cc: vakh@chromium.org
Comment 9 by vakh@chromium.org, Apr 22 2016
Issue 605216 has been merged into this issue.
Cc: jialiul@chromium.org
Comment 11 by vakh@chromium.org, Jul 15 2016
Issue 625941 has been merged into this issue.
Cc: nparker@chromium.org
+Nathan for FYI.

We've seen renewed interest by phishers to use data URLs to host phishing attacks. In some instances it's really hard for us to protect users because Safe Browsing needs a URL to blacklist ;).

Is there an update on this bug? Thanks!
I'm going to send a blink intent to deprecate and remove soon.
Issue 649941 has been merged into this issue.
Issue 646770 has been merged into this issue.
Blockedon: 652381
Cc: brettw@chromium.org
Issue 652060 has been merged into this issue.
Note: When you move forward with implementation here, be sure to test that data and blob URLs still work inside <webview> and Android WebView.  Those look like main frames but often have data URLs or blob URLs loaded into them by their embedders.  (They also don't have an address bar, so the same phishing risk doesn't apply.)

(We just encountered this problem on another bug, so I thought I'd give a heads up.)
Blocking: 654755
Labels: -Pri-2 Pri-1
Raising to P1 since data:urls are being actively used by phishers.
Issue 661602 has been merged into this issue.
Project Member Comment 22 by bugdroid1@chromium.org, Nov 7
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a63dba9631de50cc36d24b38ec2e63f6423c6bb8

commit a63dba9631de50cc36d24b38ec2e63f6423c6bb8
Author: meacer <meacer@chromium.org>
Date: Mon Nov 07 19:34:37 2016

Add filesystem scheme to navigation histograms.

BUG= 594215 

Review-Url: https://codereview.chromium.org/2476993002
Cr-Commit-Position: refs/heads/master@{#430346}

[modify] https://crrev.com/a63dba9631de50cc36d24b38ec2e63f6423c6bb8/components/navigation_metrics/navigation_metrics.cc
[modify] https://crrev.com/a63dba9631de50cc36d24b38ec2e63f6423c6bb8/tools/metrics/histograms/histograms.xml

Components: -Security>UX
Labels: Team-Security-UX
Cc: dmargolis@google.com
Ping. How's the data looking? :)
Cc: emilyschechter@chromium.org
We don't yet have the data we wanted, but there is an alternative: http://go/data-blob-verbose-state (sorry, Google internal for now)

The tl;dr is we can display "Not secure" chips in the omnibox for data:, blob: and friends. It's much less disruptive and can be done today.
Cc: -palmer@chromium.org
Blockedon: 680822
Blocking: 684011
Cc: pmeenan@chromium.org
Will navigations still be supported from extensions and over the remote dev tools interface?  Not a big deal but WebPageTest uses a data URI for mobile testing for the starting page (navigated from remote debug) and just want to have an alternative ready if the intent is to break that as well.
Does DevTools create a browser-initiated navigation? Or does it just invoke some JS API in the renderer to get it to navigate? If the latter, we will have to investigate how not to break that scenario.
I have a use case for data-URLs in main frames. From the console, a quick way to test HTML/SVG/XML documents.

For example, to see how the currently inspected element looks like in isolation, I run the following snippet and if the result looks good I save it (or do view-source + copy).

open('data:text/html,' + encodeURIComponent($0.outerHTML));

I hope that the above use case continues to be supported.
Re #33, is 

   open('about:blank').document.write($0.outerHTML);

a reasonable workaround for the moment?
Eric, it would work for previewing, but not for saving the source (Ctrl-S) or view-source.

I could use copy($0.outerHTML) and then paste it to a file, but the source may already have been changed in between the calls, and it also modifies my clipboard.
Blink intent to deprecate thread: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/GbVcuwg_QjM

Re 30#:
> Will navigations still be supported from extensions and over the remote dev tools interface?

If we only block content initiated navigations (and not all top frame navigations), extensions should keep working as long as they use APIs like chrome.tabs.create that initiate direct navigations.

I use top-level blob URL to achieve the live demo function in my blog, e.g.  http://www.cnblogs.com/ziyunfei/p/5558712.html just click the top-right buttons on each code block.
l446240525@: Is there any particular reason you can't iframe the blob URLs? You can create a simple page whose only purpose is to iframe the generated blob URL (e.g. by passing the blob guid)
> You can create a simple page whose only purpose is to iframe the generated blob URL

Thanks! It's a good idea, I'll try to do that when the time comes.
Project Member Comment 40 by bugdroid1@chromium.org, Mar 7
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b29954e8ac243142eaedbcc3c6e54d480373ee38

commit b29954e8ac243142eaedbcc3c6e54d480373ee38
Author: meacer <meacer@chromium.org>
Date: Tue Mar 07 21:21:52 2017

Add a warning for the deprecation of content-initiated data URL navigations

This CL adds a console warning when a page navigates the top level frame to a
data URL.

The browser tests are added to WebContentsImpl tests to be consistent with
the view-source URL tests.

This CL also updates most of the layout tests to avoid loading data URLs at
the top level. The only exceptions are xss-DENIED-* tests which will be updated
when the actual blocking happens.

BUG= 594215 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2694903007
Cr-Commit-Position: refs/heads/master@{#455226}

[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/content/browser/frame_host/navigation_handle_impl.cc
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/content/browser/web_contents/web_contents_impl_browsertest.cc
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-frame.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-popup.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-blur.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-opener-focus.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/move-event-handler-between-framehosts.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/onunload-clears-onbeforeunload.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/onunload-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/onunload-not-on-body-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/onunload-not-on-body.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/onunload-window-property-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/onunload-window-property.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/onunload.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/page-visibility-unload.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/pageshow-pagehide-on-back-uncached.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-mouse-click-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-mouse-click.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/resources/move-event-handler-between-framehosts-popup.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/resources/onunload-clears-onbeforeunload-success.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/resources/onunload-single-alert-success.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/events/resources/page-visibility-alert-success.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/files/null-origin-string.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/files/resources/notify-no-crash.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/button-state-restore.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/multiple-form-submission-protection-mouse.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/radio/state-restore-radio-group.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/resources/multiple-form-submission-protection-post-target.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/saved-state-adoptNode-crash.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/select/select-state-restore.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/state-restore-hidden.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/state-restore-to-non-autocomplete-form.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/state-restore-to-non-edited-controls.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/forms/state-save-of-detached-control.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/frames/location-redirect-user-gesture-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/frames/location-redirect-user-gesture.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/history-back-initial-vs-final-url-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/history-back-initial-vs-final-url.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-no-hash-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-no-hash.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-with-hash-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-with-hash.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/resources/alert-then-back.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/resources/back-on-load.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/history/saves-state-after-fragment-nav.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/form-state-restore-with-frames.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/redirect-with-open-subframe-2.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/redirect-with-open-subframe.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/reload-zero-byte-plugin-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/reload-zero-byte-plugin.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/scroll-position-restoration-without-premature-clamping.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/scroll-position-restored-on-back-at-load-event.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/geolocation-api/clear-watch-invalid-id-crash-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/geolocation-api/clear-watch-invalid-id-crash.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/geolocation-api/notimer-after-unload-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/geolocation-api/notimer-after-unload.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/appcache/fail-on-update.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/appcache/resources/notify-no-crash.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/loading/onload-vs-immediate-refresh.pl
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/loading/resources/notify-success-on-load.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/misc/resource-timing-iframe-restored-from-history.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/misc/resources/alert-then-back.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/misc/resources/notify-success.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/misc/timer-vs-loading.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/security/originHeader/origin-header-for-data-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/security/originHeader/origin-header-for-data.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/send-on-abort-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/send-on-abort.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/inspector/tracing/resources/hello.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/inspector/tracing/timeline-misc/timeline-load-event.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/media/adopt-node-crash.html
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/plugins/plugin-initiate-popup-window-expected.txt
[modify] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/plugins/plugin-initiate-popup-window.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/resources/back.html
[add] https://crrev.com/b29954e8ac243142eaedbcc3c6e54d480373ee38/third_party/WebKit/LayoutTests/resources/notify-success.html

Blockedon: 699277
Project Member Comment 42 by bugdroid1@chromium.org, Mar 8
Labels: merge-merged-2987
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/28845e05d13bf0da3e4d8b2f483c9f537f6562dd

commit 28845e05d13bf0da3e4d8b2f483c9f537f6562dd
Author: Mustafa Acer <meacer@chromium.org>
Date: Wed Mar 08 20:50:21 2017

[Merge M-57] Add a warning for the deprecation of content-initiated data URL navigations

This CL adds a console warning when a page navigates the top level frame to a
data URL.

The browser tests are added to WebContentsImpl tests to be consistent with
the view-source URL tests.

This CL also updates most of the layout tests to avoid loading data URLs at
the top level. The only exceptions are xss-DENIED-* tests which will be updated
when the actual blocking happens.

BUG= 594215 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2694903007
Cr-Commit-Position: refs/heads/master@{#455226}
(cherry picked from commit b29954e8ac243142eaedbcc3c6e54d480373ee38)

Review-Url: https://codereview.chromium.org/2741513002 .
Cr-Commit-Position: refs/branch-heads/2987@{#801}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}

[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/content/browser/frame_host/navigation_handle_impl.cc
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/content/browser/web_contents/web_contents_impl_browsertest.cc
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Geolocation/clear-watch-invalid-id-crash-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Geolocation/notimer-after-unload-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-frame.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-popup.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-blur.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-opener-focus.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/move-event-handler-between-framehosts.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/onunload-clears-onbeforeunload.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/onunload-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/onunload-not-on-body-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/onunload-not-on-body.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/onunload-window-property-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/onunload-window-property.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/onunload.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/page-visibility-unload.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/pageshow-pagehide-on-back-uncached.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-mouse-click-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-mouse-click.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/resources/move-event-handler-between-framehosts-popup.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/resources/onunload-clears-onbeforeunload-success.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/resources/onunload-single-alert-success.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/events/resources/page-visibility-alert-success.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/files/null-origin-string.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/files/resources/notify-no-crash.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/button-state-restore.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/multiple-form-submission-protection-mouse.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/radio/state-restore-radio-group.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/resources/multiple-form-submission-protection-post-target.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/saved-state-adoptNode-crash.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/select/select-state-restore.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/state-restore-hidden.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/state-restore-to-non-autocomplete-form.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/state-restore-to-non-edited-controls.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/forms/state-save-of-detached-control.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/frames/location-redirect-user-gesture-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/frames/location-redirect-user-gesture.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/history-back-initial-vs-final-url-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/history-back-initial-vs-final-url.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-no-hash-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-no-hash.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-with-hash-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-with-hash.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/resources/alert-then-back.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/resources/back-on-load.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/history/saves-state-after-fragment-nav.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/form-state-restore-with-frames.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/redirect-with-open-subframe-2.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/redirect-with-open-subframe.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/reload-zero-byte-plugin-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/reload-zero-byte-plugin.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/scroll-position-restoration-without-premature-clamping.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/scroll-position-restored-on-back-at-load-event.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/geolocation-api/clear-watch-invalid-id-crash.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/geolocation-api/notimer-after-unload.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/appcache/fail-on-update.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/appcache/resources/notify-no-crash.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/loading/onload-vs-immediate-refresh.pl
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/loading/resources/notify-success-on-load.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/misc/resource-timing-iframe-restored-from-history.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/misc/resources/alert-then-back.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/misc/resources/notify-success.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/misc/timer-vs-loading.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/security/originHeader/origin-header-for-data-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/security/originHeader/origin-header-for-data.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/send-on-abort-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/send-on-abort.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/inspector/tracing/resources/hello.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/inspector/tracing/timeline-misc/timeline-load-event.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/media/adopt-node-crash.html
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/plugins/plugin-initiate-popup-window-expected.txt
[modify] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/plugins/plugin-initiate-popup-window.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/resources/back.html
[add] https://crrev.com/28845e05d13bf0da3e4d8b2f483c9f537f6562dd/third_party/WebKit/LayoutTests/resources/notify-success.html

Project Member Comment 43 by bugdroid1@chromium.org, Mar 8
Labels: merge-merged-3029
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c2f35d38c64165cd85b8600f939b801b9281f53e

commit c2f35d38c64165cd85b8600f939b801b9281f53e
Author: Mustafa Acer <meacer@chromium.org>
Date: Wed Mar 08 20:59:09 2017

[Merge to M-58] Add a warning for the deprecation of content-initiated data URL navigations

This CL adds a console warning when a page navigates the top level frame to a
data URL.

The browser tests are added to WebContentsImpl tests to be consistent with
the view-source URL tests.

This CL also updates most of the layout tests to avoid loading data URLs at
the top level. The only exceptions are xss-DENIED-* tests which will be updated
when the actual blocking happens.

BUG= 594215 , 699277 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2694903007
Cr-Commit-Position: refs/heads/master@{#455226}
(cherry picked from commit b29954e8ac243142eaedbcc3c6e54d480373ee38)

Review-Url: https://codereview.chromium.org/2734783010 .
Cr-Commit-Position: refs/branch-heads/3029@{#68}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}

[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/content/browser/frame_host/navigation_handle_impl.cc
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/content/browser/web_contents/web_contents_impl_browsertest.cc
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-frame.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-popup.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-blur.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-opener-focus.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/move-event-handler-between-framehosts.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/onunload-clears-onbeforeunload.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/onunload-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/onunload-not-on-body-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/onunload-not-on-body.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/onunload-window-property-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/onunload-window-property.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/onunload.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/page-visibility-unload.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/pageshow-pagehide-on-back-uncached.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-mouse-click-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-mouse-click.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/resources/move-event-handler-between-framehosts-popup.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/resources/onunload-clears-onbeforeunload-success.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/resources/onunload-single-alert-success.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/events/resources/page-visibility-alert-success.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/files/null-origin-string.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/files/resources/notify-no-crash.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/button-state-restore.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/multiple-form-submission-protection-mouse.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/radio/state-restore-radio-group.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/resources/multiple-form-submission-protection-post-target.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/saved-state-adoptNode-crash.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/select/select-state-restore.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/state-restore-hidden.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/state-restore-to-non-autocomplete-form.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/state-restore-to-non-edited-controls.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/forms/state-save-of-detached-control.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/frames/location-redirect-user-gesture-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/frames/location-redirect-user-gesture.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/history-back-initial-vs-final-url-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/history-back-initial-vs-final-url.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-no-hash-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-no-hash.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-with-hash-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/history-length-append-subframe-with-hash.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/resources/alert-then-back.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/resources/back-on-load.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/history/saves-state-after-fragment-nav.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/form-state-restore-with-frames.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/redirect-with-open-subframe-2.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/redirect-with-open-subframe.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/reload-zero-byte-plugin-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/reload-zero-byte-plugin.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/scroll-position-restoration-without-premature-clamping.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/scroll-position-restored-on-back-at-load-event.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/geolocation-api/clear-watch-invalid-id-crash-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/geolocation-api/clear-watch-invalid-id-crash.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/geolocation-api/notimer-after-unload-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/geolocation-api/notimer-after-unload.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/appcache/fail-on-update.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/appcache/resources/notify-no-crash.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/loading/onload-vs-immediate-refresh.pl
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/loading/resources/notify-success-on-load.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/misc/resource-timing-iframe-restored-from-history.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/misc/resources/alert-then-back.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/misc/resources/notify-success.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/misc/timer-vs-loading.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/security/originHeader/origin-header-for-data-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/security/originHeader/origin-header-for-data.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/send-on-abort-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/send-on-abort.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/inspector/tracing/resources/hello.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/inspector/tracing/timeline-misc/timeline-load-event.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/media/adopt-node-crash.html
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/plugins/plugin-initiate-popup-window-expected.txt
[modify] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/plugins/plugin-initiate-popup-window.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/resources/back.html
[add] https://crrev.com/c2f35d38c64165cd85b8600f939b801b9281f53e/third_party/WebKit/LayoutTests/resources/notify-success.html

Blockedon: 651895
Project Member Comment 45 by bugdroid1@chromium.org, Mar 27
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1facd6324b98a4bfde0ecbad78491198f5dcc681

commit 1facd6324b98a4bfde0ecbad78491198f5dcc681
Author: Mustafa Acer <meacer@chromium.org>
Date: Mon Mar 27 21:19:25 2017

Convert line endings from Windows to Unix in test file

BUG= 594215 
R=lgarron@chromium.org

Review-Url: https://codereview.chromium.org/2779803002 .
Cr-Commit-Position: refs/heads/master@{#459881}

[modify] https://crrev.com/1facd6324b98a4bfde0ecbad78491198f5dcc681/chrome/test/data/popup_blocker/popup-blocked-to-post-blank.html

Project Member Comment 46 by bugdroid1@chromium.org, Mar 31
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/86b0c6ec76fc6adfad37a4f22a500e89fa23175c

commit 86b0c6ec76fc6adfad37a4f22a500e89fa23175c
Author: meacer <meacer@chromium.org>
Date: Fri Mar 31 19:40:30 2017

Prevent tests using data URLs from being broken by data URL deprecation

These test will be broken when content initiated top frame data
URL navigations are blocked. Move them away from data URLs.

BUG= 594215 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2772983003
Cr-Commit-Position: refs/heads/master@{#461184}

[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/browser/ui/blocked_content/popup_blocker_browsertest.cc
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/browser/ui/browser_browsertest.cc
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/click_modifier/href.html
[add] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/click_modifier/new_window.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/click_modifier/window_open.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-blocked-to-post-blank.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-fake-click-on-anchor.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-fake-click-on-anchor2.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-fake-click-on-anchor3.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-many.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-on-unload.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-simulated-click-on-anchor.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-simulated-click-on-anchor2.html
[add] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-success.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-window-open-noopener.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/chrome/test/data/popup_blocker/popup-window-open.html
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/components/subresource_filter/content/browser/content_subresource_filter_driver_factory_unittest.cc
[modify] https://crrev.com/86b0c6ec76fc6adfad37a4f22a500e89fa23175c/content/browser/frame_host/navigation_controller_impl_browsertest.cc

Project Member Comment 47 by bugdroid1@chromium.org, Apr 4
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f44eeb03c89211aa7018c8cc536f9cab3bbe3def

commit f44eeb03c89211aa7018c8cc536f9cab3bbe3def
Author: meacer <meacer@chromium.org>
Date: Tue Apr 04 18:44:46 2017

Prevent autocomplete tests from being broken by data URL deprecation.

Content-initiated main-frame navigations to data URLs are being blocked
in crbug.com/594215. The tests fixed here were form-posting to themselves
which are data URLs and are going to be broken. Change form targets to
about:blank URLs instead.

BUG= 594215 

Review-Url: https://codereview.chromium.org/2797443004
Cr-Commit-Position: refs/heads/master@{#461786}

[modify] https://crrev.com/f44eeb03c89211aa7018c8cc536f9cab3bbe3def/chrome/browser/autofill/autofill_server_browsertest.cc
[modify] https://crrev.com/f44eeb03c89211aa7018c8cc536f9cab3bbe3def/chrome/renderer/autofill/form_autocomplete_browsertest.cc

Project Member Comment 48 by bugdroid1@chromium.org, Apr 5
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4add44729fbb67e384a602c9d26dc12245058025

commit 4add44729fbb67e384a602c9d26dc12245058025
Author: meacer <meacer@chromium.org>
Date: Wed Apr 05 00:23:58 2017

Prevent layout tests from being broken by data URL deprecation.

Content-initiated main-frame navigations to data URLs are being blocked
in crbug.com/594215.

BUG= 594215 

Review-Url: https://codereview.chromium.org/2792213002
Cr-Commit-Position: refs/heads/master@{#461912}

[modify] https://crrev.com/4add44729fbb67e384a602c9d26dc12245058025/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html
[modify] https://crrev.com/4add44729fbb67e384a602c9d26dc12245058025/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-with-own-policy-window-open.html
[modify] https://crrev.com/4add44729fbb67e384a602c9d26dc12245058025/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-can-navigate-expected.txt
[modify] https://crrev.com/4add44729fbb67e384a602c9d26dc12245058025/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-can-navigate.html
[modify] https://crrev.com/4add44729fbb67e384a602c9d26dc12245058025/third_party/WebKit/LayoutTests/http/tests/security/sandboxed-opener-can-close-window-expected.txt
[modify] https://crrev.com/4add44729fbb67e384a602c9d26dc12245058025/third_party/WebKit/LayoutTests/http/tests/security/sandboxed-opener-can-close-window.html

Project Member Comment 49 by bugdroid1@chromium.org, Apr 5
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e91f49f4a95353dce39091e84376fc75787934f6

commit e91f49f4a95353dce39091e84376fc75787934f6
Author: meacer <meacer@chromium.org>
Date: Wed Apr 05 00:34:34 2017

Prevent bookmarklet and unload tests from being broken by data URL deprecation.

Content-initiated main-frame navigations to data URLs are being blocked
in crbug.com/594215.

BUG= 594215 

Review-Url: https://codereview.chromium.org/2795903002
Cr-Commit-Position: refs/heads/master@{#461916}

[modify] https://crrev.com/e91f49f4a95353dce39091e84376fc75787934f6/chrome/browser/unload_browsertest.cc
[modify] https://crrev.com/e91f49f4a95353dce39091e84376fc75787934f6/content/browser/bookmarklet_browsertest.cc

Project Member Comment 50 by bugdroid1@chromium.org, Apr 5
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0aaeb2dcfffd5bc8bdce71eaf645fea6f477b22d

commit 0aaeb2dcfffd5bc8bdce71eaf645fea6f477b22d
Author: meacer <meacer@chromium.org>
Date: Wed Apr 05 21:08:22 2017

Prevent Android webview tests from being broken by data URL deprecation

Content-initiated main-frame navigations to data URLs are being blocked
in crbug.com/594215. This CL changes several tests that use data URLs.

BUG= 594215 

Review-Url: https://codereview.chromium.org/2797893002
Cr-Commit-Position: refs/heads/master@{#462212}

[modify] https://crrev.com/0aaeb2dcfffd5bc8bdce71eaf645fea6f477b22d/android_webview/javatests/src/org/chromium/android_webview/test/AwContentsClientShouldOverrideUrlLoadingTest.java
[modify] https://crrev.com/0aaeb2dcfffd5bc8bdce71eaf645fea6f477b22d/android_webview/javatests/src/org/chromium/android_webview/test/AwSettingsTest.java

Blocking: 709541
Project Member Comment 52 by bugdroid1@chromium.org, Apr 13
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4ed27b3319ee736bef367e0657e0797685e92c43

commit 4ed27b3319ee736bef367e0657e0797685e92c43
Author: meacer <meacer@chromium.org>
Date: Thu Apr 13 19:56:55 2017

Prevent extension webview tests from being broken by data URL deprecation

Content-initiated main-frame navigations to data URLs are being blocked
in crbug.com/594215. This CL changes several tests that use data URLs.

BUG= 594215 

Review-Url: https://codereview.chromium.org/2818663002
Cr-Commit-Position: refs/heads/master@{#464516}

[modify] https://crrev.com/4ed27b3319ee736bef367e0657e0797685e92c43/chrome/test/data/extensions/platform_apps/web_view/shim/guest.html
[modify] https://crrev.com/4ed27b3319ee736bef367e0657e0797685e92c43/chrome/test/data/extensions/platform_apps/web_view/shim/guest_noreferrer.html
[modify] https://crrev.com/4ed27b3319ee736bef367e0657e0797685e92c43/extensions/test/data/web_view/apitest/guest.html
[modify] https://crrev.com/4ed27b3319ee736bef367e0657e0797685e92c43/extensions/test/data/web_view/apitest/guest_noreferrer.html

Project Member Comment 53 by bugdroid1@chromium.org, Apr 21
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/699e9524613ff501ac38a231679bca4c2aedeb74

commit 699e9524613ff501ac38a231679bca4c2aedeb74
Author: meacer <meacer@chromium.org>
Date: Fri Apr 21 00:36:00 2017

Prevent Android tests from being broken by data URL deprecation

These tests will be broken when content initiated navigations to data URLs
are blocked. This CL navigates the tests to an existing file instead of
data URLs. It also removes some unused variables.

BUG= 594215 

Review-Url: https://codereview.chromium.org/2827393003
Cr-Commit-Position: refs/heads/master@{#466200}

[modify] https://crrev.com/699e9524613ff501ac38a231679bca4c2aedeb74/chrome/android/javatests/src/org/chromium/chrome/browser/TabsOpenedFromExternalAppTest.java
[modify] https://crrev.com/699e9524613ff501ac38a231679bca4c2aedeb74/chrome/android/javatests/src/org/chromium/chrome/browser/webapps/WebappModeTest.java
[modify] https://crrev.com/699e9524613ff501ac38a231679bca4c2aedeb74/chrome/test/android/javatests/src/org/chromium/chrome/test/MultiActivityTestBase.java

Project Member Comment 54 by bugdroid1@chromium.org, Apr 22 (6 days ago)
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ba52f56207a4b9d70b34880fbff2352e71a06422

commit ba52f56207a4b9d70b34880fbff2352e71a06422
Author: meacer <meacer@chromium.org>
Date: Sat Apr 22 00:08:08 2017

Block renderer-initiated main frame navigations to data URLs

This CL implements the blocking of data URL navigations as described in the
blink intent to deprecate and remove thread at https://goo.gl/BaZAea.

The blocking is done in two separate places:

- blink::FrameLoader: This is a renderer side check that blocks all top-frame
  loads for known mime types. This check ignores unknown mime types as those
  can end up as downloads or be handled by plugins.

- content::DataURLNavigationThrottler: This is a browser side check that
  handles data URLs that were ignored by the renderer check. By this point, the
  determination of whether the URL is a download or not has already been made.
  This check allows downloads and blocks remaining URLs (ie. mime types that
  are handled by plugins). When browser side navigation is enabled, all blocking
  is done in this throttler instead of some checks being in blink::FrameLoader.

This CL moves data URL navigation tests to a separate file, and removes layout
tests that are no longer realistic.

TEST=data_url_navigation_browsertest.cc
BUG= 594215 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2702503002
Cr-Commit-Position: refs/heads/master@{#466504}

[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/chrome/android/javatests/src/org/chromium/chrome/browser/PopupTest.java
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/chrome/browser/apps/guest_view/web_view_browsertest.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/chrome/browser/tab_contents/navigation_metrics_recorder.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/chrome/browser/tab_contents/navigation_metrics_recorder_browsertest.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/chrome/test/data/android/popup_test.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/chrome/test/data/extensions/platform_apps/web_view/shim/main.js
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/browser/BUILD.gn
[add] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/browser/frame_host/data_url_navigation_browsertest.cc
[add] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/browser/frame_host/data_url_navigation_throttle.cc
[add] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/browser/frame_host/data_url_navigation_throttle.h
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/browser/frame_host/navigation_handle_impl.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/browser/frame_host/navigation_handle_impl.h
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/browser/web_contents/web_contents_impl_browsertest.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/child/runtime_features.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/public/common/content_features.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/public/common/content_features.h
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/public/test/test_navigation_observer.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/renderer/render_frame_impl.h
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/test/BUILD.gn
[add] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/content/test/data/data_url_navigations.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/extensions/browser/guest_view/web_view/web_view_apitest.cc
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/extensions/test/data/web_view/apitest/main.js
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/dom/HTMLAnchorElement/anchor-no-multiple-windows.html
[add] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/dom/HTMLAnchorElement/resources/popup.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/dom/location-new-window-no-crash-expected.txt
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/forms/date-multiple-fields/date-multiple-fields-clearbutton-visibility-after-restore.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/forms/datetimelocal-multiple-fields/datetimelocal-multiple-fields-clearbutton-visibility-after-restore.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/forms/month-multiple-fields/month-multiple-fields-clearbutton-visibility-after-restore.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/forms/time-multiple-fields/time-multiple-fields-clearbutton-visibility-after-restore.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/forms/week-multiple-fields/week-multiple-fields-clearbutton-visibility-after-restore.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/fast/history/scroll-restoration/scroll-restoration-scale-not-impacted.html
[delete] https://crrev.com/8ee6041580e6fa3d6bff3b86088491f9d0291fc0/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt
[delete] https://crrev.com/8ee6041580e6fa3d6bff3b86088491f9d0291fc0/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html
[delete] https://crrev.com/8ee6041580e6fa3d6bff3b86088491f9d0291fc0/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt
[delete] https://crrev.com/8ee6041580e6fa3d6bff3b86088491f9d0291fc0/third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/printing/print-close-crash.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/LayoutTests/svg/as-object/history-navigation.html
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/Source/core/frame/LocalFrameClient.h
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/Source/core/loader/FrameLoader.cpp
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/Source/platform/network/NetworkUtils.cpp
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/Source/platform/network/NetworkUtils.h
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/Source/web/LocalFrameClientImpl.cpp
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/Source/web/LocalFrameClientImpl.h
[modify] https://crrev.com/ba52f56207a4b9d70b34880fbff2352e71a06422/third_party/WebKit/public/web/WebFrameClient.h

Comment 55 by meacer@chromium.org, Apr 22 (6 days ago)
Status: Fixed
Summary: Disable page-initiated main frame navigations to data URLs (was: Disable page-initiated main frame navigations to pseudo URLs such as data: and blob:)
Marking this as fixed. I forked the discussion for blob and filesystem to bug 714339.
Comment 56 by l446240525@gmail.com, Apr 22 (5 days ago)
What if the current page is already a data uri page?
屏幕快照 2017-04-22 下午5.56.39.png
143 KB View Download
Comment 57 by meacer@chromium.org, Apr 22 (5 days ago)
l446240525@: Good question. We initially wanted to allow data URL to data URL navigations. However, this turned out to be technically infeasible because we don't have a reliable way of determining the initiator of the navigation (bug 651895). So we had to simplify our approach and simply block all data URL navigations.

https://chromium.googlesource.com/chromium/src/+/ba52f56207a4b9d70b34880fbff2352e71a06422 introduces a temporary command line flag to allow all data URL navigations (--enable_features=AllowContentInitiatedDataUrlNavigations) but it'll be removed in the future.
Sign in to add a comment