Issue 627698 link

Starred by 2 users

Issue metadata

Status:	Verified
Owner:	█ oka@chromium.org Last visit > 30 days ago
Closed:	Aug 2016
Cc:	weifangsun@chromium.org fukino@chromium.org
Components:	Platform>Apps>FileManager
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	1
Type:	Feature
M-54 Cr-Platform-Apps-FileManager

Blocking:
issue 613465

Quick View: Improve Security

Project Member Reported by oka@chromium.org, Jul 13 2016

Issue description

Use webview to render img/video/audio.

It address security concern raised on https://bugs.chromium.org/p/chromium/issues/detail?id=614228#c21

Comment 1 by oka@chromium.org, Jul 13 2016

Blocking: 613465

Comment 2 by ta...@google.com, Jul 13 2016

Labels: -Type-Bug-Security Type-Feature

Comment 3 by oka@chromium.org, Jul 19 2016

I sent a CL to render images inside webview.

Project Member

Comment 4 by bugdroid1@chromium.org, Jul 26 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/70d5586287eca66e4b7a3b4811ac091f74b0ebf9

commit 70d5586287eca66e4b7a3b4811ac091f74b0ebf9
Author: oka <oka@chromium.org>
Date: Tue Jul 26 23:18:50 2016

QuickView: Improve security by rendering images inside webview.

It addresses security concern raised on https://bugs.chromium.org/p/chromium/issues/detail?id=614228#c21 for images.
Fixes for audio and video will be sent as a separate CL.

BUG=614228,  627698 
TEST=manually
third_party/closure_compiler/run_compiler

Review-Url: https://codereview.chromium.org/2140113003
Cr-Commit-Position: refs/heads/master@{#407960}

[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/tools/gritsettings/resource_ids
[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/css/file_manager.css
[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_quick_view.css
[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_quick_view.html
[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_quick_view.js
[add] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_safe_img.html
[add] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_safe_img.js
[add] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_safe_img_webview_content.css
[add] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_safe_img_webview_content.html
[add] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/elements/files_safe_img_webview_content.js
[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/foreground/js/quick_view_controller.js
[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager/manifest.json
[modify] https://crrev.com/70d5586287eca66e4b7a3b4811ac091f74b0ebf9/ui/file_manager/file_manager_resources.grd

Project Member

Comment 5 by bugdroid1@chromium.org, Aug 10 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/efc63a360e385ffc9f7c72d47e0aef618b594e6c

commit efc63a360e385ffc9f7c72d47e0aef618b594e6c
Author: oka <oka@chromium.org>
Date: Wed Aug 10 08:27:16 2016

Improved security of Quick View by rendering videos and audios inside webview.

Added files-safe-media tag which generalizes and replaces files-safe-img, and used them in Quick View.
This addresses security concern raised on
https://bugs.chromium.org/p/chromium/issues/detail?id=614228#c21.

BUG=614228, 627698 
TEST=manually
third_party/closure_compiler/run_compiler

Review-Url: https://codereview.chromium.org/2181953003
Cr-Commit-Position: refs/heads/master@{#411004}

[modify] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_quick_view.css
[modify] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_quick_view.html
[modify] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_quick_view.js
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_audio_webview_content.css
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_audio_webview_content.html
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_audio_webview_content.js
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_media.html
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_media.js
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_video_webview_content.css
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_video_webview_content.html
[add] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/elements/files_safe_video_webview_content.js
[modify] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/foreground/js/quick_view_controller.js
[modify] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager/manifest.json
[modify] https://crrev.com/efc63a360e385ffc9f7c72d47e0aef618b594e6c/ui/file_manager/file_manager_resources.grd

Comment 6 by oka@chromium.org, Aug 11 2016

Status: Fixed (was: Assigned)

Comment 7 by oka@chromium.org, Aug 11 2016

I'd say it's fixed.

Comment 8 by dhadd...@chromium.org, Oct 18 2016

Status: Verified (was: Fixed)

►

Issue 627698 link

Issue metadata

Quick View: Improve Security

Issue description

Comment 1 by oka@chromium.org, Jul 13 2016

Comment 1 Deleted

Comment 2 by ta...@google.com, Jul 13 2016

Comment 2 Deleted

Comment 3 by oka@chromium.org, Jul 19 2016

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Jul 26 2016

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Aug 10 2016

Comment 5 Deleted

Comment 6 by oka@chromium.org, Aug 11 2016

Comment 6 Deleted

Comment 7 by oka@chromium.org, Aug 11 2016

Comment 7 Deleted

Comment 8 by dhadd...@chromium.org, Oct 18 2016

Comment 8 Deleted

Sign in to add a comment