New issue
Advanced search Search tips

Issue 834045 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Task



Sign in to add a comment

Don't allow passing the raw notification ID to close persistent notifications

Project Member Reported by awdf@chromium.org, Apr 17 2018

Issue description

Instead we should use an unguessable token string like non-persistent notifications already do, from which the notification ID is re-calculated using the trusted origin (to prevent origins closing other origins' notifications in case of a compromised renderer).
 
Cc: awdf@chromium.org
 Issue 814316  has been merged into this issue.
Cc: -awdf@chromium.org
Owner: peter@chromium.org
Labels: Hotlist-DesktopUIToolingRequired Hotlist-DesktopUIChecked
***Mass UI Triage***

Sign in to add a comment