New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 799160 link

Starred by 1 user
Status: WontFix
Owner:
lukasza@chromium.org
Closed: Jan 2018
Cc:
nick@chromium.org
creis@chromium.org
alex...@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Don't enforce XSDB when running with --disable-web-security

Project Member Reported by alex...@chromium.org, Jan 4 2018 
When running with --disable-web-security, it seems logical to skip XSDB checks, similarly to how SOP and other enforcement checks (e.g., CanCommitOrigin) are skipped in that mode.  Lukasz mentioned that he can take care of this.

Comment 1 by lukasza@chromium.org, Jan 4 2018

Status: Started (was: Assigned)
WIP CL @ https://chromium-review.googlesource.com/#/c/chromium/src/+/850585

Comment 2 by lukasza@chromium.org, Jan 4 2018

Status: WontFix (was: Started)
From creis@ [1]: I think we might not want to do this.  We use --disable-web-security to simulate renderer exploits in security tests, to make sure the browser process enforcements still work.

[1] https://chromium-review.googlesource.com/c/chromium/src/+/850585#message-07d97d920e1535f92bc888b30a279b11f2dfca8a

Sign in to add a comment