New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 4 users

Issue metadata

Status: Fixed
Closed: May 2018
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 3
Type: Bug

issue 696446
issue 809062

Sign in to add a comment

Issue 811558: Block renderer initiated top-frame navigations to filesystem URLs

Reported by, Feb 13 2018 Project Member

Issue description

filesystem: URLs are only supported by Chrome. They contain an inner URL which consists of the origin that created the filesystem URL. For example, a filesystem URL created by looks like filesystem: The appearance in the omnibox is confusing for users, and there is currently an undisclosed security bug for this.

Following the data URL navigation blocking, do the same for filesystem URLs:

Comment 1 by, Feb 13 2018

Labels: Team-Security-UX

Comment 2 by, Feb 14 2018

Blocking: 809062

Comment 3 by, Feb 14 2018

Would this also fix the concerns in  issue 650369 ?

Comment 4 by, Feb 15 2018

Not sure, but I admit I don't fully understand that bug. I'm not aware of a previous blocking of filesystem URLs, so I'm not sure where the incompleteness of that comes from.

nick: Any thoughts? I'll use DataUrlNavigationThrottle to fix this bug.

Comment 5 by, Apr 27 2018

Blocking: 696446

Comment 6 by, Apr 27 2018

Status: Started (was: Assigned)
Happening at

Comment 7 by, Apr 30 2018

Project Member
The following revision refers to this bug:

commit 5440020025c6e2de35db1bd5450bce9b69406e31
Author: Mustafa Emre Acer <>
Date: Mon Apr 30 19:38:11 2018

Block redirects and renderer-initiated top-frame navigations to filesystem: URLs

Intent to deprecate and remove for renderer-initiated top frame navigations:!topic/blink-dev/X7rZeU93vjw

This CL additionally blocks redirects to filesystem URLs. This matches the redirect
behavior of data URLs.

Bug:  811558 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I22201825063432ab95872a44aa1925a233e693f5
Commit-Queue: Mustafa Emre Acer <>
Reviewed-by: Karan Bhatia <>
Reviewed-by: Taiju Tsuiki <>
Reviewed-by: Nasko Oskov <>
Reviewed-by: Mike West <>
Cr-Commit-Position: refs/heads/master@{#554850}

Comment 8 by, May 4 2018

Status: Fixed (was: Started)
Looks like this did stick, marking fixed.

Comment 9 by, May 15 2018

 Issue 650369  has been merged into this issue.

Comment 10 by, May 23 2018

Issue 845950 is a side effect of this.

Sign in to add a comment