New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 669325 link

Starred by 0 users
Status: Fixed
Owner:
jianli@chromium.org
Closed: Feb 2017
Cc:
dim...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Sanitize MHTML page

Project Member Reported by jianli@chromium.org, Nov 29 2016 
We need to remove unneeded elements from MHTML page.

Comment 1 by jianli@chromium.org, Dec 1 2016 

The script execution is disabled for MHTML loading. So we can safely remove those unneeded elements and scripts in order to:
1) save some bytes for mhtml page
2) more importantly, avoid including private/secret info embedded in hidden elements in order to provide a sanitized page for sharing.
Project Member

Comment 2 by bugdroid1@chromium.org, Dec 2 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/52a4d5c0fa88e881003e2f352c4de4f294257529

commit 52a4d5c0fa88e881003e2f352c4de4f294257529
Author: jianli <jianli@chromium.org>
Date: Fri Dec 02 01:38:20 2016

Remove attributes that contain javascript from MHTML

We remove the following attributes that could contain javascript since they will not work from fully sandboxed MHTML loading:
1) Any event handler attribute
2) Any attribute that can contain a URI will be executed as Javascript
3) Any attribute of SVG elements that can contain Javascript

BUG= 669325 
TEST=new tests added

Review-Url: https://codereview.chromium.org/2531163004
Cr-Commit-Position: refs/heads/master@{#435811}

[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/core/dom/Element.cpp
[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/core/dom/Element.h
[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/core/editing/serializers/MarkupAccumulator.cpp
[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/core/editing/serializers/MarkupAccumulator.h
[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/core/frame/FrameSerializer.cpp
[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/core/frame/FrameSerializer.h
[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/web/WebFrameSerializer.cpp
[modify] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp
[add] https://crrev.com/52a4d5c0fa88e881003e2f352c4de4f294257529/third_party/WebKit/Source/web/tests/data/frameserialization/script_in_attributes.html

Comment 3 by jianli@chromium.org, Dec 6 2016

Cc: dim...@chromium.org
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 8 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ea856e3748ce4836299faf081f96c0b37ee923b6

commit ea856e3748ce4836299faf081f96c0b37ee923b6
Author: jianli <jianli@chromium.org>
Date: Thu Dec 08 22:11:37 2016

Disable form elements in MHTML

MHTML is loaded in full sandboxing mode and thus the form cannot
be submitted and the script execution is disabled. So we want to
disable all form elements in order to give a clear indication to
the user that the form cannot be worked on.

BUG= 669325 
TEST=new tests added

Review-Url: https://codereview.chromium.org/2560693002
Cr-Commit-Position: refs/heads/master@{#437362}

[modify] https://crrev.com/ea856e3748ce4836299faf081f96c0b37ee923b6/third_party/WebKit/Source/core/frame/FrameSerializer.cpp
[modify] https://crrev.com/ea856e3748ce4836299faf081f96c0b37ee923b6/third_party/WebKit/Source/core/frame/FrameSerializer.h
[modify] https://crrev.com/ea856e3748ce4836299faf081f96c0b37ee923b6/third_party/WebKit/Source/web/WebFrameSerializer.cpp
[modify] https://crrev.com/ea856e3748ce4836299faf081f96c0b37ee923b6/third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp
[add] https://crrev.com/ea856e3748ce4836299faf081f96c0b37ee923b6/third_party/WebKit/Source/web/tests/data/frameserialization/form.html
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 27 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6f960b80d7bee61f42b4e95c8f8c2e252dc36739

commit 6f960b80d7bee61f42b4e95c8f8c2e252dc36739
Author: jianli <jianli@chromium.org>
Date: Tue Dec 27 21:24:31 2016

Remove hidden elements from MHTML

We remove the following hidden elements that will never be visible
due to the fact that script execution is disable in MHTML loading:
1) Any DOM element has hidden attribute
2) Input element has hidden type

BUG= 669325 
TEST=new tests added

Review-Url: https://codereview.chromium.org/2538953002
Cr-Commit-Position: refs/heads/master@{#440790}

[modify] https://crrev.com/6f960b80d7bee61f42b4e95c8f8c2e252dc36739/chrome/browser/download/save_page_browsertest.cc
[modify] https://crrev.com/6f960b80d7bee61f42b4e95c8f8c2e252dc36739/chrome/test/data/save_page/style.htm
[modify] https://crrev.com/6f960b80d7bee61f42b4e95c8f8c2e252dc36739/third_party/WebKit/Source/core/frame/FrameSerializer.cpp
[modify] https://crrev.com/6f960b80d7bee61f42b4e95c8f8c2e252dc36739/third_party/WebKit/Source/core/frame/FrameSerializer.h
[modify] https://crrev.com/6f960b80d7bee61f42b4e95c8f8c2e252dc36739/third_party/WebKit/Source/web/WebFrameSerializer.cpp
[modify] https://crrev.com/6f960b80d7bee61f42b4e95c8f8c2e252dc36739/third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp
[add] https://crrev.com/6f960b80d7bee61f42b4e95c8f8c2e252dc36739/third_party/WebKit/Source/web/tests/data/frameserialization/hidden_elements.html

Comment 6 by dim...@chromium.org, Jan 18 2017

Labels: -M-57

Comment 7 by jianli@chromium.org, Feb 18 2017

Status: Fixed (was: Assigned)

Sign in to add a comment