Summary: | CSP shouldn't block about:blank for iframes | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | WebKit Review Bot <webkit.review.bot> | ||||
Component: | New Bugs | Assignee: | Adam Barth <abarth> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, darin, eric, mkwst | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 53572 | ||||||
Attachments: |
|
Description
WebKit Review Bot
2012-04-30 14:21:52 PDT
Created attachment 140115 [details]
Patch
It might be preferable to check that the URL is, in fact, `about:blank`, rather than allowing anything under `about:`. I know Chromium redirects to `chrome://`, and Safari doesn't do anything dangerous, but perhaps some other port exposes something interesting under `about:*`? WebKit treats all "about" URLs as about:blank. The redirect you see in Chrome takes place before the URL gets to WebKit. :) Comment on attachment 140115 [details]
Patch
about:banana!
Comment on attachment 140115 [details] Patch Rejecting attachment 140115 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: git/webkit-commit-queue/Source/WebKit/chromium/ui --revision 134581 --non-interactive --force --accept theirs-conflict --ignore-externals' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' 46>At revision 134581. ________ running '/usr/bin/python tools/clang/scripts/update.py --mac-only' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' ________ running '/usr/bin/python gyp_webkit' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' Updating webkit projects from gyp files... Full output: http://queues.webkit.org/results/12620267 Comment on attachment 140115 [details] Patch Clearing flags on attachment: 140115 Committed r116052: <http://trac.webkit.org/changeset/116052> All reviewed patches have been landed. Closing bug. It’d be nicer if the “blank URL protocol” was something we got from KURL.h along with blankURL() instead of being a hard-coded string "about". I've filed https://bugs.webkit.org/show_bug.cgi?id=85641 about changing the idiom. |