Google Git
Sign in
chromium / chromium / src / 76e3670b5b9e831f970b599ee88b521df7dfac00
commit76e3670b5b9e831f970b599ee88b521df7dfac00[log] [tgz]
authorArthur Sonzogni <[email protected]>Mon Apr 25 19:43:56 2022
committerChromium LUCI CQ <[email protected]>Mon Apr 25 19:43:56 2022
tree9e41c7c85ec0092dbe957ce5a4c556a1b1187007
parent2a000d7d0d9d3665cea19911910344f749d4c377 [diff]
Add test cases about FLEDGE and allowed URLs.

Verify FLEDGE cannot be used navigate a FencedFrame toward a non HTTPS
URL.

I was curious to know how this was implemented. It is in the renderer
in: `IsUrlAllowedForRenderUrls`. Sounds good.

The renderer side implementation looks good, passing by, let's add a
couple of interesting URLs to the test case.

Note: This is only enforced on the renderer side a priori. It means a
compromised renderer could still request arbitrary URLs to the browser
process and exploit the fact they are not yet validated for FencedFrame.
See https://crbug.com/1317664.

Bug: None.
Change-Id: I0e29739b66d0ae3e110e468352aee4c89d3c49ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3599270
Auto-Submit: Arthur Sonzogni <[email protected]>
Reviewed-by: Paul Jensen <[email protected]>
Commit-Queue: Paul Jensen <[email protected]>
Cr-Commit-Position: refs/heads/main@{#995719}
1 file changed
tree: 9e41c7c85ec0092dbe957ce5a4c556a1b1187007
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. weblayer/
  51. .clang-format
  52. .clang-tidy
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .mailmap
  59. .rustfmt.toml
  60. .vpython
  61. .vpython3
  62. .yapfignore
  63. AUTHORS
  64. BUILD.gn
  65. CODE_OF_CONDUCT.md
  66. codereview.settings
  67. DEPS
  68. DIR_METADATA
  69. ENG_REVIEW_OWNERS
  70. LICENSE
  71. LICENSE.chromium_os
  72. OWNERS
  73. PRESUBMIT.py
  74. PRESUBMIT_test.py
  75. PRESUBMIT_test_mocks.py
  76. README.md
  77. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.