Issue 854712 link

Starred by 1 user

Issue metadata

Status:	Assigned
Owner:	johnidel@chromium.org
Cc:	jkarlin@chromium.org csharrison@chromium.org
Components:	UI>Browser>AdFilter
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug
M-69 AdInterventions

Measure the number of window.open() calls from transparent ad subframes

Project Member Reported by jkarlin@chromium.org, Jun 20 2018

Issue description

If window.open is called from a transparent frame there is a good chance it's clickjacking. If that frame is also labeled an ad frame, it's even more concerning.

Let's measure (both UKM and UseCounter) how often and where we see ad-tagged transparent frames call create_window.cc::CreateWindow().

Comment 1 by jkarlin@chromium.org, Jun 20 2018

John: I believe where you'll want to measure is in create_window.cc::CreateWindow.

You can call active_frame->IsAdSubframe() to determine if the frame is an ad frame, and !active_frame->ContentLayoutObject()->HasNonZeroEffectiveOpacity() to determine if the frame is fully transparent.

See UseCounter::Count(LocalFrame*, WebFeature) for recording to a UseCounter. I'd make that your first CL, then we can talk about adding UKM.

Comment 2 by jkarlin@chromium.org, Jun 20 2018

Labels: -Pri-3 Pri-2

►

Issue 854712 link

Issue metadata

Measure the number of window.open() calls from transparent ad subframes

Issue description

Comment 1 by jkarlin@chromium.org, Jun 20 2018

Comment 1 Deleted

Comment 2 by jkarlin@chromium.org, Jun 20 2018

Comment 2 Deleted

Sign in to add a comment