New issue
Advanced search Search tips

Issue 813037 link

Starred by 1 user
Status: Fixed
Owner:
elawrence@chromium.org
Closed: Apr 2018
Cc:
vamshi.kommuri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac , Fuchsia
Pri: 2
Type: Bug



Sign in to add a comment

[Missing Tests] : View-Source: does not rewrite JavaScript URIs

Project Member Reported by vamshi.kommuri@chromium.org, Feb 16 2018 
Automated tests for the below commit have been missing.Would it be possible to add test coverage to avoid regressions in future?

CL: 
===
 https://chromium.googlesource.com/chromium/src.git/+/4f811848ab21dbbe39f64f82f61aa0e41c14a227


Ref Bug: 
========
https://bugs.chromium.org/p/chromium/issues/detail?id=705206

Thank You!

Comment 1 by elawrence@chromium.org, Feb 26 2018 

This will probably be resolved "Won't Fix" insofar as the change they aim to test should be going away in favor of a more comprehensive fix (which will have its own tests).
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 20 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/da1e6dd66b6c9eeb2272944e304d4d3ebf684af6

commit da1e6dd66b6c9eeb2272944e304d4d3ebf684af6
Author: Eric Lawrence <elawrence@chromium.org>
Date: Fri Apr 20 18:46:15 2018

Ensure link clicks in view-source do not send Referer header

When the user clicked a link in view-source, the full URL of the markup
was sent to the server, ignoring Referrer Policy. This CL changes the
links created in view-source to use rel=noreferrer to avoid this leak.
It also sets rel=noopener to prevent the target tab from
manipulating the view-source view.

Bug:  834023 ,  813037 
Test: browser_tests ViewSourceTest.*
Change-Id: Ifcb1dff09aefeee54fd455dcc52a8e2ccec79081
Reviewed-on: https://chromium-review.googlesource.com/1017315
Commit-Queue: Eric Lawrence <elawrence@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#552410}
[modify] https://crrev.com/da1e6dd66b6c9eeb2272944e304d4d3ebf684af6/chrome/browser/tab_contents/view_source_browsertest.cc
[add] https://crrev.com/da1e6dd66b6c9eeb2272944e304d4d3ebf684af6/chrome/test/data/viewsource/navigation.html
[modify] https://crrev.com/da1e6dd66b6c9eeb2272944e304d4d3ebf684af6/third_party/WebKit/LayoutTests/fast/frames/viewsource/viewsource-3-expected.txt
[modify] https://crrev.com/da1e6dd66b6c9eeb2272944e304d4d3ebf684af6/third_party/WebKit/LayoutTests/fast/frames/viewsource/viewsource-4-expected.txt
[modify] https://crrev.com/da1e6dd66b6c9eeb2272944e304d4d3ebf684af6/third_party/WebKit/LayoutTests/fast/frames/viewsource/viewsource-8-expected.txt
[modify] https://crrev.com/da1e6dd66b6c9eeb2272944e304d4d3ebf684af6/third_party/blink/renderer/core/html/html_view_source_document.cc

Comment 4 by elawrence@chromium.org, Apr 27 2018

Status: Fixed (was: Started)
Added ViewSourceTest.JavaScriptURISanitized

Sign in to add a comment