New issue
Advanced search Search tips

Issue 682866 link

Starred by 2 users
Status: Assigned
Owner:
mea...@chromium.org
Cc:
elawrence@chromium.org
emilyschechter@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

blob URLs aren't grayed out properly

Project Member Reported by mea...@chromium.org, Jan 19 2017 
Test page: http://meacer.com/filesystem.html

Click on the first filesystem URL, and then the first blob URL.

The filesystem URL is grayed out except for the hostname, whereas the blob URL isn't grayed out at all. We should be consistent in our display of URLs and gray out the non-origin parts in both of these URLs, i.e. everything except the scheme, domain and port should be grayed out.

Comment 1 by pkasting@chromium.org, Jan 23 2017 

If you want to fix this, you'll need to look at https://cs.chromium.org/chromium/src/components/omnibox/browser/autocomplete_input.cc?rcl=0&l=414 .  Presumably the filesystem-specific bit at the bottom needs to add a blob-related check.  The only reason I'm not making this change myself is that I don't really understand either one of these schemes and can't vouch for whether this is desirable from a security perspective.  If someone else wants to do this, I can r+ the (should be very simple) change.

Comment 2 by nparker@chromium.org, Jan 27 2017

Owner: mea...@chromium.org
Status: Assigned (was: Untriaged)
(fyi test page is timing out)

Comment 3 by mea...@chromium.org, Jan 27 2017 

> (fyi test page is timing out)

Yeah, I broke the site :/ Please try this: https://storage.googleapis.com/www.meacer.com/filesystem.html

FWIW I looked at this briefly the other day, and changing AutocompleteInput::ParseForEmphasizeComponents wasn't sufficient because Parse() doesn't parse blob urls properly. It looks like we'll need changes in url_fixer since it has a special case for filesystem URLs.

Comment 4 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 5 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment