New issue
Advanced search Search tips

Issue 803264 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Jan 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 1
Type: Task
Team-Security-UX



Sign in to add a comment

Add HTTP-Bad regression test for programmatic text field edits

Project Member Reported by est...@chromium.org, Jan 17 2018

Issue description

https://chromium-review.googlesource.com/#/c/856996/ (later reverted in https://chromium-review.googlesource.com/c/chromium/src/+/867830) changed how text field edits are propagated up from Blink, which resulted in HTTP-Bad detecting an insecure form field edit even when Javascript code sets input.value directly.

We should write a regression test for this case.
 

Comment 1 by est...@chromium.org, Jan 17 2018

Components: Tests>Missing
Labels: -Type-Bug Type-Task
Cc: -elawrence@chromium.org est...@chromium.org
Owner: elawrence@chromium.org
I got this.
Project Member

Comment 4 by bugdroid1@chromium.org, Jan 18 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2c1e3b77231269ed1bfb34ed09f25b3e9d45f3ca

commit 2c1e3b77231269ed1bfb34ed09f25b3e9d45f3ca
Author: Eric Lawrence <elawrence@chromium.org>
Date: Thu Jan 18 19:11:03 2018

Add test to ensure HTTPBad edit notice is not triggered by script

The HTTPBad feature relies on notifications from Blink to detect when
the user has edited a form field. A recent regression caused Blink to
begin surfacing this notification whenever JavaScript modified a page,
causing the HTTPBad warnings to appear on a huge number of pages.

This CL introduces a regresion test to help ensure that this problem
does not occur again in the future.

Bug:  803264 
Change-Id: Ief628b284ed65b9e8583f2b4d13f186e9bfd020c
Reviewed-on: https://chromium-review.googlesource.com/874091
Reviewed-by: Emily Stark <estark@chromium.org>
Commit-Queue: Eric Lawrence <elawrence@chromium.org>
Cr-Commit-Position: refs/heads/master@{#530221}
[modify] https://crrev.com/2c1e3b77231269ed1bfb34ed09f25b3e9d45f3ca/chrome/browser/ssl/security_state_tab_helper_browsertest.cc

Status: Fixed (was: Started)

Sign in to add a comment