New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 879994 link

Starred by 0 users
Status: Fixed
Owner:
mkwst@chromium.org
Buried. Ping if important.
Closed: Sep 5
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 794548



Sign in to add a comment

Deprecate MIME-sniffing for `importScripts()`.

Project Member Reported by mkwst@chromium.org, Sep 3 
`importScripts()` should strictly check MIME types.

Comment 2 by mkwst@chromium.org, Sep 3

Labels: Merge-Request-70
Hello, dearest release managers! I'd like to merge this deprecation warning back to M70 which just branched. That will allow us to actually remove the feature in M71. WDYT?

The change is small, simply flipping a feature flag that controls the deprecation warning from `test` to `stable`, and changing an `if` to ensure that that doesn't change our behavior for `file:` based URLs.
Project Member

Comment 3 by sheriffbot@chromium.org, Sep 4

Labels: -Merge-Request-70 Hotlist-Merge-Approved Merge-Approved-70
Your change meets the bar and is auto-approved for M70. Please go ahead and merge the CL to branch 3538 manually. Please contact milestone owner if you have questions.
Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 4

Labels: -merge-approved-70 merge-merged-3538
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfde306c094e28746fd45f3a058ab40e1d5e069e

commit dfde306c094e28746fd45f3a058ab40e1d5e069e
Author: Mike West <mkwst@chromium.org>
Date: Tue Sep 04 10:46:30 2018

Impose strict MIME-type checks on `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ

TBR=mkwst@chromium.org

(cherry picked from commit 4b736aaff87186c442a20dc5e6823d0fe087e101)

Bug: 794548,  879994 
Change-Id: Ie87aedd0027921960ff429d5d8ecf168572c82de
Reviewed-on: https://chromium-review.googlesource.com/1199068
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#588364}
Reviewed-on: https://chromium-review.googlesource.com/1203972
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#21}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/importscripts_mime.tentative.any.js
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/support/imported_script.py
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/platform/runtime_enabled_features.json5
Project Member

Comment 5 by bugdroid1@chromium.org, Sep 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfde306c094e28746fd45f3a058ab40e1d5e069e

commit dfde306c094e28746fd45f3a058ab40e1d5e069e
Author: Mike West <mkwst@chromium.org>
Date: Tue Sep 04 10:46:30 2018

Impose strict MIME-type checks on `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ

TBR=mkwst@chromium.org

(cherry picked from commit 4b736aaff87186c442a20dc5e6823d0fe087e101)

Bug: 794548,  879994 
Change-Id: Ie87aedd0027921960ff429d5d8ecf168572c82de
Reviewed-on: https://chromium-review.googlesource.com/1199068
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#588364}
Reviewed-on: https://chromium-review.googlesource.com/1203972
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#21}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/importscripts_mime.tentative.any.js
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/support/imported_script.py
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/platform/runtime_enabled_features.json5
Project Member

Comment 6 by bugdroid1@chromium.org, Sep 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfde306c094e28746fd45f3a058ab40e1d5e069e

commit dfde306c094e28746fd45f3a058ab40e1d5e069e
Author: Mike West <mkwst@chromium.org>
Date: Tue Sep 04 10:46:30 2018

Impose strict MIME-type checks on `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ

TBR=mkwst@chromium.org

(cherry picked from commit 4b736aaff87186c442a20dc5e6823d0fe087e101)

Bug: 794548,  879994 
Change-Id: Ie87aedd0027921960ff429d5d8ecf168572c82de
Reviewed-on: https://chromium-review.googlesource.com/1199068
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#588364}
Reviewed-on: https://chromium-review.googlesource.com/1203972
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#21}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/importscripts_mime.tentative.any.js
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/support/imported_script.py
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/platform/runtime_enabled_features.json5

Comment 7 by mkwst@chromium.org, Sep 5

Status: Fixed (was: Started)

Sign in to add a comment