Issue metadata
Sign in to add a comment
|
Redirect to data URL is still allowed using meta refresh
Reported by
s.h.h.n....@gmail.com,
Apr 28 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Steps to reproduce the problem: 1. Go to https://test.shhnjk.com/meta.php?url=data:text/html,<script>alert(1)</script> 2. dialog popups with data URL on top document 3. What is the expected behavior? As below, redirection to data URL on top document was prevented as blelow due to increase of phishing attack using data URL. https://test.shhnjk.com/location.php?url=data:text/html,<script>alert(1)</script> What went wrong? meta refresh was not considered? https://test.shhnjk.com/meta.php?url=data:text/html,<script>alert(1)</script> Did this work before? N/A Chrome version: 58.0.3029.81 Channel: stable OS Version: OS X 10.12.4 Flash Version:
,
Apr 28 2017
oh, okay. I thought this already landed as https://bugs.chromium.org/p/chromium/issues/detail?id=594215 says FIXED. But you are right because simple script navigation is not blocked too.
,
Apr 28 2017
Yeah, it's a bit tricky. git find-releases ba52f56207a4b9d70b34880fbff2352e71a06422 commit ba52f56207a4b9d70b34880fbff2352e71a06422 was: initially in 60.0.3079.0
,
Apr 28 2017
Assigning to meacer to possibly close.
,
Apr 28 2017
AFAIR, redirects to data URLs should be blocked even before my change (+nasko to confirm). For example, bug 471713 explicitly disallows them. It's probably moot now that bug 594215 disables them once and for all, but there might have been a proper regression of blocking redirects to data URLs before M60.
,
May 1 2017
,
May 3 2017
According to meacer, this issue is indeed moot now.
,
Aug 10 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Apr 28 2017Owner: mea...@chromium.org