Google Git
Sign in
chromium / chromium / src.git / d0858c6f36dbe29039112b1dc7732278e3f59163
commitd0858c6f36dbe29039112b1dc7732278e3f59163[log] [tgz]
authorLukasz Anforowicz <lukasza@chromium.org>Thu May 23 15:38:04 2019
committerCommit Bot <commit-bot@chromium.org>Thu May 23 15:38:04 2019
tree3f6c054fa4a68cc4a2720840d5a8a5b7d725b4c3
parent648e59b2c58922f12caeb0f73074f4777f3c734c [diff]
CORB should block CSV, PDF and other MimeHandlerView types w/o sniffing.

This CL extends CORB to also cover CSV, PDF and other types handled by
MimeHandlerView.  This protection is only turned on when the
kMimeHandlerViewInCrossProcessFrame feature is enabled, because
otherwise the resource body may need to go through a cross-origin
renderer process (see https://crbug.com/929300).

Manually tested by launching
    $ out/rel/chrome --user-data-dir=$HOME/.corb-for-pdf     \
        --enable-features=MimeHandlerViewInCrossProcessFrame \
        http://anforowicz.github.io/xsdb-demo/index.html
and verifying that DevTools console shows CORB warning for
<img src="https://www.w3.org/.../dummy.pdf">

Bug: 802836
Change-Id: Ia13a693d76f50aca52d6241af317d75c07e20b59
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1606589
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Ehsan Karamad <ekaramad@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Ɓukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#662651}
11 files changed
tree: 3f6c054fa4a68cc4a2720840d5a8a5b7d725b4c3
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. .clang-format
  52. .eslintrc.js
  53. .git-blame-ignore-revs
  54. .gitattributes
  55. .gitignore
  56. .gn
  57. .vpython
  58. AUTHORS
  59. BUILD.gn
  60. CODE_OF_CONDUCT.md
  61. codereview.settings
  62. DEPS
  63. ENG_REVIEW_OWNERS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. README.md
  71. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .