Issue 834045 link

Starred by 1 user

Issue metadata

Status:	Assigned
Owner:	peter@chromium.org
Cc:	peter@chromium.org
Components:	UI>Notifications
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Task
Hotlist-DesktopUIChecked Hotlist-DesktopUIToolingRequired

Don't allow passing the raw notification ID to close persistent notifications

Project Member Reported by awdf@chromium.org, Apr 17 2018

Issue description

Instead we should use an unguessable token string like non-persistent notifications already do, from which the notification ID is re-calculated using the trusted origin (to prevent origins closing other origins' notifications in case of a compromised renderer).

Comment 1 by awdf@chromium.org, Aug 1

Cc: awdf@chromium.org

 Issue 814316  has been merged into this issue.

Comment 2 by awdf@chromium.org, Aug 1

Cc: -awdf@chromium.org
Owner: peter@chromium.org

Comment 3 by rbasuvula@chromium.org, Nov 21

Labels: Hotlist-DesktopUIToolingRequired Hotlist-DesktopUIChecked

***Mass UI Triage***

►

Issue 834045 link

Issue metadata

Don't allow passing the raw notification ID to close persistent notifications

Issue description

Comment 1 by awdf@chromium.org, Aug 1

Comment 1 Deleted

Comment 2 by awdf@chromium.org, Aug 1

Comment 2 Deleted

Comment 3 by rbasuvula@chromium.org, Nov 21

Comment 3 Deleted

Sign in to add a comment