Google Git
Sign in
chromium / chromium / src / d1a8cbeec4d9f9520a4bb1f4db6d3f62900ee709
commitd1a8cbeec4d9f9520a4bb1f4db6d3f62900ee709[log] [tgz]
authorelawrence <elawrence@chromium.org>Wed Sep 14 18:38:43 2016
committerCommit bot <commit-bot@chromium.org>Wed Sep 14 18:42:30 2016
tree88028c84a2a7d57d6bfb6a4a98d1faf37a5c6037
parent628a0b386bc8728a79e58934dbb14503e8cb0611 [diff]
Ignore Javascript urls dropped on tabs

When a Javascript: url is dropped on a tab, it executes in the
security context of the selected tab, representing a script
injection attack ("Dropjacking"). We will match other browsers
and disallow such drops.

BUG=639750

Review-Url: https://codereview.chromium.org/2323273003
Cr-Commit-Position: refs/heads/master@{#418620}
1 file changed
tree: 88028c84a2a7d57d6bfb6a4a98d1faf37a5c6037
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blimp/
  6. blink/
  7. breakpad/
  8. build/
  9. build_overrides/
  10. cc/
  11. chrome/
  12. chrome_elf/
  13. chromecast/
  14. chromeos/
  15. components/
  16. content/
  17. courgette/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. mash/
  33. media/
  34. mojo/
  35. native_client_sdk/
  36. net/
  37. pdf/
  38. ppapi/
  39. printing/
  40. remoting/
  41. rlz/
  42. sandbox/
  43. sdch/
  44. services/
  45. skia/
  46. sql/
  47. storage/
  48. styleguide/
  49. testing/
  50. third_party/
  51. tools/
  52. ui/
  53. url/
  54. .clang-format
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. AUTHORS
  60. BUILD.gn
  61. CODE_OF_CONDUCT.md
  62. codereview.settings
  63. DEPS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. WATCHLISTS