New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 702540 link

Starred by 1 user

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Task



Sign in to add a comment

The origin of the isolated world in which the navigation originated should be checked.

Project Member Reported by arthurso...@chromium.org, Mar 17 2017

Issue description

This follow the discussion that first happens there:
https://codereview.chromium.org/2655463006/#msg126

When a navigation is initiated from an isolated world, the Content-Security-Policy of the main world should not be enforced. For the moment, the browser knows what to do with the pseudo boolean: common_navigation_params.should_check_main_world_csp.

For security reasons, it would be nice to pass the origin of the isolated world. Then the browser would be able to double check that it corresponds to an extension that was supposed to run an user script in the page.
 

Comment 1 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 2 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment