New issue
Advanced search Search tips

Issue 777234 link

Starred by 1 user
Status: Fixed
Owner:
gyuyoung...@chromium.org
Closed: Oct 2017
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Feature



Sign in to add a comment

[Custom Scheme] registerProtocolHandler should be allowed only when the host of input URL is same with the document's host

Project Member Reported by gyuyoung...@chromium.org, Oct 23 2017 
The tests of navigator.registerProtocolHandler has only tested basic functionalities. So I think we need to improve the tests to check if it covers more situations or functionalities.  

So we need to improve the tests to check if registerProtocolHandler is only able to be allowed when the input URL's host is same with the document's origin.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 23 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4f657cdd4d367294d161cb8b9ba4cadf94da481a

commit 4f657cdd4d367294d161cb8b9ba4cadf94da481a
Author: Gyuyoung Kim <gyuyoung.kim@lge.com>
Date: Mon Oct 23 08:05:57 2017

[CustomScheme] Test if registerProtocolHandler's only allowed when URL's host same with the document's host

Existing test cases don't test if the registerProtocolHandler work only when the input URL's host
is same to the document's host. Because the registerProtocolHandler should only work when the host
of input URL is same with the current document's host for security.

Firefox also has rejected handlers registered from a different host. See also  Bug 402287 .
https://bugzilla.mozilla.org/show_bug.cgi?id=402287

Bug:  777234 
Change-Id: I1d5b1db52f45a7eb078dd39ea809421ac21958d0
Reviewed-on: https://chromium-review.googlesource.com/731993
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Gyuyoung Kim <gyuyoung.kim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#510732}
[modify] https://crrev.com/4f657cdd4d367294d161cb8b9ba4cadf94da481a/third_party/WebKit/LayoutTests/http/tests/navigatorcontentutils/register-protocol-handler-expected.txt
[modify] https://crrev.com/4f657cdd4d367294d161cb8b9ba4cadf94da481a/third_party/WebKit/LayoutTests/http/tests/navigatorcontentutils/register-protocol-handler.html

Comment 2 by gyuyoung...@chromium.org, Oct 24 2017

Status: Fixed (was: Untriaged)

Sign in to add a comment