Issue 715376 link

Starred by 3 users

Issue metadata

Status:	Started
Owner:	kouhei@chromium.org
Cc:	japhet@chromium.org kouhei@chromium.org hirosh...@chromium.org neis@chromium.org
Components:	Blink>HTML>Script
EstimatedDays:	----
NextAction:	----
OS:	All
Pri:	3
Type:	Bug

Blocked on:
issue 594639

Ensure module scripts are fetched/executed only behind the flag, and remove CHECK()s when shipped

Project Member Reported by hirosh...@chromium.org, Apr 26 2017

Issue description

I'll put CHECK()s to ensure module scripts are only fetched/executed behind the flag, to prevent security issues for users who don't enable the feature.

I created this entry to make it easier to track where we put CHECK()s and thus which CHECK()s should be removed once we ship the module script support without a flag.

Comment 1 by hirosh...@chromium.org, Apr 26 2017

Blocking: 594639

Project Member

Comment 2 by bugdroid1@chromium.org, Apr 27 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/089bb9113baa5ada31c80fbb6353e0185a479e6e

commit 089bb9113baa5ada31c80fbb6353e0185a479e6e
Author: hiroshige <hiroshige@chromium.org>
Date: Thu Apr 27 20:43:15 2017

Insert CHECK()s to ensure module-related code are not executed without the flag

BUG=715376

Review-Url: https://codereview.chromium.org/2843873002
Cr-Commit-Position: refs/heads/master@{#467777}

[modify] https://crrev.com/089bb9113baa5ada31c80fbb6353e0185a479e6e/third_party/WebKit/Source/bindings/core/v8/ScriptModule.cpp
[modify] https://crrev.com/089bb9113baa5ada31c80fbb6353e0185a479e6e/third_party/WebKit/Source/bindings/core/v8/ScriptModule.h
[modify] https://crrev.com/089bb9113baa5ada31c80fbb6353e0185a479e6e/third_party/WebKit/Source/core/dom/ModulatorImpl.cpp

Comment 3 by hirosh...@chromium.org, Apr 28 2017

Labels: -Pri-2 Pri-3
Summary: Ensure module scripts are fetched/executed only behind the flag, and remove CHECK()s when shipped (was: Ensure module scripts are fetched/executed only behind the flag)

Done for "Ensure module scripts are fetched/executed only behind the flag".

I'll keep this open until module scripts are shipped without flag and the CHECK()s inserted are removed.

Comment 4 by kouhei@chromium.org, May 10 2017

Components: Blink>HTML>Script

Comment 5 by kouhei@chromium.org, May 10 2017

Components: -Blink>HTML>Modules

Comment 6 by kouhei@chromium.org, May 29 2017

Blockedon: 594639
Blocking: -594639

Changed to be blocked on 594639 as we need to ship modules first to resolve this bug.

Comment 7 by kouhei@chromium.org, Nov 6 2017

Cc: hirosh...@chromium.org
Owner: kouhei@chromium.org

Project Member

Comment 8 by bugdroid1@chromium.org, Nov 7 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cdd575440f88c9d52e48cacf92eecbf226c363f9

commit cdd575440f88c9d52e48cacf92eecbf226c363f9
Author: Kouhei Ueno <kouhei@chromium.org>
Date: Tue Nov 07 06:45:48 2017

[ES6 modules] Retire module feature flag

This CL removes "features::kModuleScripts" flag and
"RuntimeEnabledFeatures::ModuleScriptsEnabled()", and enables codepaths
previously gated by the feature by default.

Bug: 715376
Change-Id: Ib9ccd3648daa503c2ac653c299496344e95afd42
Reviewed-on: https://chromium-review.googlesource.com/753266
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Kouhei Ueno <kouhei@chromium.org>
Cr-Commit-Position: refs/heads/master@{#514415}
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/chrome/browser/about_flags.cc
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/chrome/browser/flag_descriptions.cc
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/chrome/browser/flag_descriptions.h
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/content/child/runtime_features.cc
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/content/public/common/content_features.cc
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/content/public/common/content_features.h
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/Source/bindings/core/v8/ScriptModule.cpp
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/Source/core/dom/ModulatorImplBase.cpp
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/Source/core/html/HTMLScriptElement.idl
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/Source/platform/exported/WebRuntimeFeatures.cpp
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/Source/platform/runtime_enabled_features.json5
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/third_party/WebKit/public/platform/WebRuntimeFeatures.h
[modify] https://crrev.com/cdd575440f88c9d52e48cacf92eecbf226c363f9/tools/metrics/histograms/enums.xml

►

Issue 715376 link

Issue metadata

Ensure module scripts are fetched/executed only behind the flag, and remove CHECK()s when shipped

Issue description

Comment 1 by hirosh...@chromium.org, Apr 26 2017

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Apr 27 2017

Comment 2 Deleted

Comment 3 by hirosh...@chromium.org, Apr 28 2017

Comment 3 Deleted

Comment 4 by kouhei@chromium.org, May 10 2017

Comment 4 Deleted

Comment 5 by kouhei@chromium.org, May 10 2017

Comment 5 Deleted

Comment 6 by kouhei@chromium.org, May 29 2017

Comment 6 Deleted

Comment 7 by kouhei@chromium.org, Nov 6 2017

Comment 7 Deleted

Comment 8 by bugdroid1@chromium.org, Nov 7 2017

Comment 8 Deleted

Sign in to add a comment