commit | 16c719e0e275d2ee5d5c69e4962b744bcaf0fe40 | [log] [tgz] |
---|---|---|
author | Eric Lawrence <elawrence@chromium.org> | Wed Sep 27 16:17:12 2017 |
committer | Commit Bot <commit-bot@chromium.org> | Wed Sep 27 16:17:12 2017 |
tree | 819d71b204a9a82e0f57f3f7a32790207729ad49 | |
parent | 4a165e1b93e099fceb38de3ade51e368ce949075 [diff] |
Strip JavaScript schemas on Linux text drop When dropping text onto the Omnibox, any leading JavaScript schemes should be stripped to avoid a "self-XSS" attack. This stripping already occurs in all cases except when plaintext is dropped on Linux. This CL corrects that oversight. Bug: 768910 Change-Id: I43af24ace4a13cf61d15a32eb9382dcdd498a062 Reviewed-on: https://chromium-review.googlesource.com/685638 Reviewed-by: Justin Donnelly <jdonnelly@chromium.org> Commit-Queue: Eric Lawrence <elawrence@chromium.org> Cr-Commit-Position: refs/heads/master@{#504695}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .