New issue
Advanced search Search tips
Starred by 5 users
Status: Assigned
Owner:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Task

Blocked on:
issue 739672



Sign in to add a comment
Ignore <a download> for cross origin URLs
Project Member Reported by jochen@chromium.org, Apr 22 2017 Back to list
Change description:
To avoid what is essentially  user-mediated cross-origin information leakage, Blink will start to ignore the presence of the download attribute on anchor elements with cross origin attributes.

Changes to API surface:
* HTMLAnchorElement

Links:
https://developer.mozilla.org/en/docs/Web/HTML/Element/a

Support in other browsers:
Internet Explorer: different mitigation
Firefox: shipped
Safari: shipped

 
Project Member Comment 2 by bugdroid1@chromium.org, May 26 2017
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/99a1d0db25c2b77ad42d216b2289e0bf67c69540

commit 99a1d0db25c2b77ad42d216b2289e0bf67c69540
Author: Jochen Eisinger <jochen@chromium.org>
Date: Fri May 26 14:16:45 2017

cross origin downloads w/o content disposition are dangerous

BUG=714373,608669
R=dtrainor@chromium.org

Change-Id: I170ad3a3bec4afe64897a16c98c25e8a152c15ed
Reviewed-on: https://chromium-review.googlesource.com/513923
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: David Trainor <dtrainor@chromium.org>
Cr-Commit-Position: refs/heads/master@{#475000}
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/chrome/browser/download/download_browsertest.cc
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/chrome/browser/download/download_browsertest.h
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/chrome/browser/extensions/api/web_navigation/web_navigation_apitest.cc
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/chrome/browser/loader/chrome_resource_dispatcher_host_delegate_browsertest.cc
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/content/browser/download/download_browsertest.cc
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/content/browser/download/download_create_info.h
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/content/browser/download/download_item_impl.cc
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/content/browser/download/download_item_impl.h
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/content/browser/download/download_item_impl_unittest.cc
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/content/browser/download/download_request_core.cc
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/content/browser/download/download_stats.h
[modify] https://crrev.com/99a1d0db25c2b77ad42d216b2289e0bf67c69540/tools/metrics/histograms/enums.xml

Comment 3 by jochen@chromium.org, May 26 2017
Labels: -M-60 M-61
It's M61 at this point
Comment 4 by jochen@chromium.org, May 26 2017
Status: Fixed
Comment 5 by jochen@chromium.org, May 30 2017
Status: Assigned
#1 - this might have caused  issue 730050  (downloaded data URLs do not get their file name from the download attribute).
Blockedon: 739672
Labels: -M-61 -Launch-M-Target-60-Stable M-62
Labels: migrated-launch-owp Type-Task
This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge
Labels: -M-62
removing the target milestone for the time being
Project Member Comment 11 by bugdroid1@chromium.org, Nov 11
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3deb65444b820ed0caf0f3c2c000e82c2ce8564d

commit 3deb65444b820ed0caf0f3c2c000e82c2ce8564d
Author: Jochen Eisinger <jochen@chromium.org>
Date: Sat Nov 11 15:48:15 2017

When cancelling parsing of a document, try to transition to completed

With browser side navigations, we might cancel parsing because a new
navigation started, which in turn might fail. In that case, the original
document should be in a defined state

BUG=714373
R=japhet@chromium.org

Change-Id: Idf09c46a2dde8ce1107d8c8d1d414e5fa06987da
Reviewed-on: https://chromium-review.googlesource.com/758998
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/master@{#515842}
[modify] https://crrev.com/3deb65444b820ed0caf0f3c2c000e82c2ce8564d/third_party/WebKit/Source/core/loader/FrameLoader.cpp

Sign in to add a comment