commit | 24134160cb7f395e2d82ddecdfe7ac0659c9477c | [log] [tgz] |
---|---|---|
author | Mike West <mkwst@chromium.org> | Sat Nov 16 18:53:06 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Sat Nov 16 18:53:06 2019 |
tree | 4fe020f224c0acc3093ee0a09b68eabc32769477 | |
parent | cf9e868d8e3bdad47f36c6061433e6052029ca5b [diff] |
Prevent sandboxed frames from navigating to `javascript:`. Frames with the `allow-popup` and `allow-popup-to-escape-sandbox` flags can cause JavaScript execution in their origin by navigating to a `javascript:` URL via `target=_blank` or similar. This is technically correct, but surprising. https://github.com/whatwg/html/pull/5083 aims to tighten that check to match developers' expectations that `javascript:` URLs controlled by a page that's been sandboxed away from script will not execute. Bug: 1014371 Change-Id: I3b5fa676e73cbf78485b85ce2593284bce2e68cc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1916467 Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#716035}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .