New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 707620 link

Starred by 1 user
Status: Fixed
Owner:
timloh@chromium.org
Closed: Apr 2017
Cc:
mgiuca@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug

Blocking:
issue 707071



Sign in to add a comment

Restrict getInstalledRelatedApps to top-level frames

Project Member Reported by mgiuca@chromium.org, Apr 3 2017 
Since it is a privacy-sensitive API (can tell you details about the host system), we want to restrict its use as much as possible. (You should not be able to query multiple different sets of apps per page view, nor run it from inside ads.)
Project Member

Comment 1 by bugdroid1@chromium.org, Apr 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ae333e41aeaa7a3646b067bc2da0673990be32b4

commit ae333e41aeaa7a3646b067bc2da0673990be32b4
Author: timloh <timloh@chromium.org>
Date: Fri Apr 07 06:46:47 2017

Restrict navigator.getInstalledRelatedApps() to top-level frames

As getInstalledRelatedApps is a privacy-sensitive API, restricting it to
top-level frames should help reduce potential undesired usage while not
adversely affecting intended usage (e.g. ads in iframes won't be able
to use this).

BUG= 707620 

Review-Url: https://codereview.chromium.org/2800523004
Cr-Commit-Position: refs/heads/master@{#462798}

[add] https://crrev.com/ae333e41aeaa7a3646b067bc2da0673990be32b4/third_party/WebKit/LayoutTests/installedapp/getinstalledrelatedapps-iframe.html
[modify] https://crrev.com/ae333e41aeaa7a3646b067bc2da0673990be32b4/third_party/WebKit/Source/modules/installedapp/NavigatorInstalledApp.cpp

Comment 2 by mgiuca@chromium.org, Apr 7 2017

Status: Fixed (was: Assigned)

Sign in to add a comment