New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 594973 link

Starred by 1 user
Status: Fixed
Owner:
aber...@chromium.org
Last visit > 30 days ago
Closed: Mar 2016
Cc:
bauerb@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug



Sign in to add a comment

Remove error page HTML from Web Restrictions Content Provider interface

Project Member Reported by aber...@chromium.org, Mar 15 2016 
At the moment the Web Restrictions Content Provider provides an HTML error page to be displayed when a url is rejected. Although adding a Web Restrictions content provider will only be possible in a supervised user or enterprise environment, and as such in tightly controlled, it does create the potential for security holes if there are bugs in the content providers.

The only supported use of the error page is to allow supervised users of WebView to request access to URLs. In this case the content provider is always Chrome, so the plan is to move the HTML template of the error page into shared Chrome/Webview code, to replace the error message in the content provider interface with the parameters needed to build the error message, and to build the actual error message in Webview.
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 18 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c987fed5acb7cad3d489ebe7c31fd5a6bd265823

commit c987fed5acb7cad3d489ebe7c31fd5a6bd265823
Author: aberent <aberent@chromium.org>
Date: Fri Mar 18 18:17:47 2016

Move the supervised user error page to a component

This is a refactoring to allow WebView to use the supervised user error
page.

BUG= 594973 

Review URL: https://codereview.chromium.org/1808653003

Cr-Commit-Position: refs/heads/master@{#382015}

[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/app/generated_resources.grd
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/BUILD.gn
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/browser_resources.grd
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_content_provider_android.cc
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_content_provider_android.h
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_interstitial.cc
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_interstitial.h
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_navigation_observer.cc
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_navigation_observer.h
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_resource_throttle.cc
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_resource_throttle.h
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_url_filter.cc
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/supervised_user/supervised_user_url_filter.h
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/ui/webui/supervised_user_internals_message_handler.cc
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/browser/ui/webui/supervised_user_internals_message_handler.h
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/chrome/chrome_browser.gypi
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/BUILD.gn
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/OWNERS
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/components.gyp
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/components_strings.grd
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/components_tests.gyp
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/resources/OWNERS
[modify] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/resources/components_resources.grd
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/resources/supervised_user_error_page_resources.grdp
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page.gypi
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/BUILD.gn
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/DEPS
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/OWNERS
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/resources/default_100_percent/logo_avatar_circle_blue_color.png
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/resources/default_200_percent/logo_avatar_circle_blue_color.png
[rename] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/resources/supervised_user_block_interstitial.css
[rename] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/resources/supervised_user_block_interstitial.html
[rename] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/resources/supervised_user_block_interstitial.js
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/supervised_user_error_page.cc
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/supervised_user_error_page.h
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page/supervised_user_error_page_unittest.cc
[add] https://crrev.com/c987fed5acb7cad3d489ebe7c31fd5a6bd265823/components/supervised_user_error_page_strings.grdp
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 31 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2fb7c77d7c638883ae4fcddff407ae6a4c02e438

commit 2fb7c77d7c638883ae4fcddff407ae6a4c02e438
Author: aberent <aberent@chromium.org>
Date: Thu Mar 31 16:51:53 2016

Avoid HTML in WebRestrictionsContentProvider interface

Replace the HTML error message with list of custom error parameters to avoid
potential security problems with passing HTML between apps.

BUG= 594973 

Review URL: https://codereview.chromium.org/1847523002

Cr-Commit-Position: refs/heads/master@{#384308}

[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/chrome/android/java/src/org/chromium/chrome/browser/superviseduser/SupervisedUserContentProvider.java
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/chrome/android/junit/src/org/chromium/chrome/browser/superviseduser/SupervisedUserContentProviderUnitTest.java
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/chrome/browser/supervised_user/supervised_user_content_provider_android.cc
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/java/src/org/chromium/components/webrestrictions/WebRestrictionsClient.java
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/java/src/org/chromium/components/webrestrictions/WebRestrictionsContentProvider.java
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/javatest/src/org/chromium/components/webrestrictions/MockWebRestrictionsClient.java
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/junit/src/org/chromium/components/webrestrictions/WebRestrictionsClientTest.java
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/junit/src/org/chromium/components/webrestrictions/WebRestrictionsContentProviderTest.java
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/web_restrictions_client.cc
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/web_restrictions_client.h
[modify] https://crrev.com/2fb7c77d7c638883ae4fcddff407ae6a4c02e438/components/web_restrictions/browser/web_restrictions_client_unittest.cc

Comment 3 by aber...@chromium.org, Mar 31 2016

Status: Fixed (was: Assigned)

Sign in to add a comment