New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 684011 link

Starred by 8 users
Status: Fixed
Owner:
emilyschechter@chromium.org
Closed: Apr 2017
Cc:
kavvaru@chromium.org
jakebarrett@google.com
mea...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Exp-Leadership: ----
Launch-Leadership: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: 60-Dev , 60-Beta , 60-Stable-Exp , 60-Stable
Launch-Privacy: ----
Launch-Security: ----
Launch-Test: ----
Launch-UI: ----
Rollout-Type: ----

Blocked on:
issue 594215


Sign in to add a comment

Remove: Top frame navigations to data URLs

Project Member Reported by emilyschechter@chromium.org, Jan 23 2017 
Change description:
We intend to block web pages from loading data:URLs in the top frame using <A> tags, window.open, window.location and similar mechanisms.

Changes to API surface:
see above

Links:
https://bugs.chromium.org/p/chromium/issues/detail?id=594215
Public standards discussion: 

Support in other browsers:
Internet Explorer: IE and Edge already block navigations to data URLs. 
Firefox:
Safari:

*Make sure to fill in any labels with a -?, including all OSes this change
affects. Feel free to leave other labels at the defaults.

Comment 1 by mea...@chromium.org, Jan 23 2017

Blockedon: 594215

Comment 2 by emilyschechter@chromium.org, Jan 25 2017

Description: Show this description

Comment 3 by mea...@chromium.org, Jan 25 2017

Summary: Remove: Content initiated top frame navigations to data URLs (was: Remove: Content initiated top frame navigations to data, blob and filesystem URLs)

Comment 4 by mea...@chromium.org, Feb 2 2017

Summary: Remove: Top frame navigations to data URLs (was: Remove: Content initiated top frame navigations to data URLs)

Comment 5 by emilyschechter@chromium.org, Mar 15 2017 

Current status:
* deprecated with console warning in M58.
* removal currently scheduled for M59.

Comment 6 by ackermanb@chromium.org, Mar 23 2017

Cc: jakebarrett@google.com

Comment 7 by mea...@chromium.org, Mar 23 2017 

> * deprecated with console warning in M58.

Small correction: We merged the console warning to M57.

Comment 8 by emilyschechter@chromium.org, Mar 23 2017

Labels: -Launch-M-Target-58-Dev -Launch-M-Target-58-Beta -Launch-M-Target-58-Stable-Exp -Launch-M-Target-58-Stable Launch-M-Target-59-Dev Launch-M-Target-59-Beta Launch-M-Target-59-Stable-Exp Launch-M-Target-59-Stable
@meacer any update on the removal? (or CL I can follow?) should we check back in with the I2R?

Comment 9 by emilyschechter@chromium.org, Mar 23 2017

Labels: -M-58 M-59

Comment 10 by mea...@chromium.org, Mar 23 2017 

CL is at https://codereview.chromium.org/2702503002/. We noted that we need to allow data URL to data URL navigations, so I'm working on that. How about we check back in next week?

Comment 11 by emilyschechter@chromium.org, Mar 23 2017 

yep! (wow big CL)

Comment 12 by emilyschechter@chromium.org, Apr 25 2017

Labels: -M-59 -Launch-M-Target-59-Dev -Launch-M-Target-59-Beta -Launch-M-Target-59-Stable-Exp -Launch-M-Target-59-Stable M-60 Launch-M-Target-60-Dev Launch-M-Target-60-Beta Launch-M-Target-60-Stable-Exp Launch-M-Target-60-Stable
Status: Fixed (was: Assigned)
Update: change landed for the removal in M60 and will be rolling through channels.

Comment 13 by jnakinja...@gmail.com, Jun 11 2017 

ยังไม่เเน่ใจครับเพิ่งรับมาใช้ ยังไม่เน่ใจขอเวลาเพิ่มเติมก่อนนะครับ

Comment 14 by dtapu...@chromium.org, Jul 18 2017

Cc: kavvaru@chromium.org
 Issue 742702  has been merged into this issue.

Comment 15 by ramda...@gmail.com, Jan 7 2018 

This did break the Android Hybrid app which get re-directs from Java script ... It took us almost 2 months to figure out the problem as we never expected this change can break our app.
re-directs of the nature window.location were not honored by Web view clients second time onwards (?)..

We had to write a work around ot create temporary i/Frame and attach the re-direct to it and remove iFrame. Any better solution?

Thanks,
Ramdas

Sign in to add a comment