Issue metadata
Sign in to add a comment
|
URLBlacklist policy not working as expected
Reported by
ay...@coditas.com,
Oct 16
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Steps to reproduce the problem: 1. Enforce URLBlacklist with url as chrome://extensions/?id=* 2. Navigate to chrome://extensions/?id=nihecfncajkmcfebflmfffpgmbgjnhdf the page is blocked 3. Navigate to chrome://extensions and now click on details of nihecfncajkmcfebflmfffpgmbgjnhdf extension 4. The details page is not opened What is the expected behavior? The details page should be blocked irrespective of where do I naviagte to the URLBlacklist url. What went wrong? The details page of extension is opened despite of the URLBlacklist as chrome://extensions/?id=* Did this work before? N/A Does this work in other browsers? N/A Chrome version: 69.0.3497.100 Channel: stable OS Version: Flash Version:
,
Oct 16
Issue 895706 has been merged into this issue.
,
Oct 16
,
Oct 16
[jam]: One of the issues I mentioned. [atwilson]: Possible duplicate of issue 876600 ?
,
Oct 17
this is not a duplicate of issue https://bugs.chromium.org/p/chromium/issues/detail?id=876600 as that issue talks about blacklisting of extensions and here we are talking about urlBlacklisting. This is related to https://bugs.chromium.org/p/chromium/issues/detail?id=895702 These two issues talk about how the blocking is bypassed when visiting from internal pages and the blocking takes place only when someone tries to visit the blacklisted url directly.
,
Oct 17
Polymer navigations within the same page aren't actually navigations - Javascript is spoofing navigation by modifying the DOM then pushing URLs on the history stack. URLBlacklisting fundamentally cannot block these pseudo-navigations. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by dtapu...@chromium.org
, Oct 16