New issue
Advanced search Search tips

Issue 884505 link

Starred by 2 users
Status: Assigned
Owner:
domfarolino@gmail.com
Cc:
yhirano@chromium.org
susan.boorgula@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Sometimes "referrerpolicy" has no effect when the image was created from innerHTML

Reported by eigh...@gmail.com, Sep 15 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.16 Safari/537.36

Steps to reproduce the problem:
Since this is hard to test, I built a simple server that would report the referrer header with a SVG image:
https://repl.it/@eight041/referrer-policy-test

And here is the test case:
https://codepen.io/anon/pen/bxxpWz?editors=1010

What is the expected behavior?
Chrome 69:
https://i.imgur.com/Hna57VL.png

What went wrong?
Chrome 70:
https://i.imgur.com/bmfhJsP.png

`referrerpolicy` has no effect when it is specified after `src`.

Did this work before? Yes 69

Does this work in other browsers? Yes

Chrome version: 70.0.3538.16  Channel: beta
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version:

Comment 1 by susan.boorgula@chromium.org, Sep 16

Labels: Needs-Triage-M70 Needs-Bisect

Comment 2 by susan.boorgula@chromium.org, Sep 17

Cc: susan.boorgula@chromium.org
Components: Blink
Labels: -Pri-2 -Needs-Bisect RegressedIn-70 Triaged-ET Target-70 Target-71 M-71 FoundIn-71 FoundIn-70 hasbisect OS-Linux OS-Mac Pri-1
Owner: domfarolino@gmail.com
Status: Assigned (was: Unconfirmed)
eight04@ Thanks for the update.

Able to reproduce this issue on Windows 10, Mac OS 10.13.3 and Ubuntu 17.10 on the reported version 70.0.3538.16 and latest Canary 71.0.3554.0.

Bisect Information:
===================
Good Build: 69.0.3497.92
Bad Build : 70.0.3498.0

By running Chromium bisect script, all good builds were coming up. Hence below is the manual Changelog URL from omahaproxy.

https://chromium.googlesource.com/chromium/src/+log/69.0.3497.0..70.0.3498.0?pretty=fuller&n=10000

From the above Changelog, suspecting the below change:
Reviewed-on: https://chromium-review.googlesource.com/1137928

domfarolino@ Please check and confirm if this issue is related to your change, else help us in assigning to the right owner.

Thanks..

Comment 3 by dtapu...@chromium.org, Sep 17

Components: -Blink Blink>Loader

Comment 4 by domfarolino@gmail.com, Sep 17

Cc: yhirano@chromium.org
Thanks! Taking a look

Comment 5 by toyoshim@chromium.org, Sep 18 

This issue may be related to the issue I noticed in a code review below.

https://chromium-review.googlesource.com/c/chromium/src/+/1197782/1/third_party/blink/renderer/core/html/html_image_element.cc#289
> This LoadDeferredImage() calls UpdateFromElement(), and it calls EnqueueImageLoadingMicroTask() to enqueue an ImageLoader::Task that starts actual loading asynchronously. But, |referrer_policy_| is still passed from here to the microtask synchronously. When the Task is executed, Run() calls DoUpdateFromElement() to reflect the last attribute values? But, IIUC, the DoUpdateFromElement() does not refer the last value actually, but just set a passed value to the ResourceRequest instead of the last value.

Probably we had a regression around DoUpdateFromElement?

Not sure, but fyi.

Sign in to add a comment