summaryrefslogtreecommitdiff
path: root/chromium/third_party/blink/renderer/core/html/parser
Commit message (Collapse)AuthorAgeFilesLines
* [Backport] CVE-2021-38021: Inappropriate implementation in referrerDavid Van Cleve2021-12-064-16/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/3078937: css: Use document (not base) URL for inline style preloads' referrers crrev.com/c/2592447 fixed one code path where setting a document's base URL (via the HTML <base> tag) led to requests from inline CSS using the base URL as their referrer, rather than the document URL. This goes against the recommendation in the Referrer Policy spec that requests from inline CSS use their documents' referrers. [1] In general, we try to avoid letting pages override outgoing requests' referrers to different-origin URLs, even though this is not a hard security boundary. It turns out a separate code path can also trigger requests from inline style sheets: in particular, '@import' statements in inline stylesheets get prefetched by the HTML parser, which currently has separate logic that explicitly sets those requests' referrers to the document's base URL. This change removes that logic. After this change, preload requests from inline style in the HTML parser will use the document's URL, not its base URL, when generating their referrers. This CL also adds two new WPTs: * "stylesheet-with-differentorigin-base-url.html" verifies the referrer for an inline stylesheet requesting another stylesheet via an @import statement. There are other tests inspecting the referrers for SVG and image fetches from inline stylesheets, but not for child stylesheet fetches. This test passes even without this CL applied (because of crrev.com/c/2592447). * "stylesheet-with-differentorigin-base-url-from-preload.html" does the same thing, except from a srcdoc iframe. Using a srcdoc iframe triggers the preload code path since the inline stylesheet is hardcoded in a <style> HTML tag. (In contrast, the test above uses JS to add the style element to the DOM.) Because this second test exercises the preload codepath, it fails without this patch's functional changes applied. With this patch applied, the repro in the linked bug no longer succeeds. [1] https://www.w3.org/TR/referrer-policy/#integration-with-css Test: New WPT covers the preload path. Manually tested the bug's repro. Change-Id: I6bd797978b207a4bc0bb1b35565eb93c7162729f Fixed: 1233375 Commit-Queue: David Van Cleve <davidvc@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Cr-Commit-Position: refs/heads/main@{#924146} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 94.0.4606.111Allan Sandfeld Jensen2021-11-0236-344/+260
| | | | | Change-Id: I924781584def20fc800bedf6ff41fdb96c438193 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 92.0.4515.166Allan Sandfeld Jensen2021-10-0147-270/+1425
| | | | Change-Id: I42a050486714e9e54fc271f2a8939223a02ae364
* BASELINE: Update Chromium to 91.0.4472.160Allan Sandfeld Jensen2021-10-0115-368/+331
| | | | | Change-Id: I0def1f08a2412aeed79a9ab95dd50eb5c3f65f31 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 90.0.4430.221Allan Sandfeld Jensen2021-06-0721-170/+511
| | | | | Change-Id: Iff4d9d18d2fcf1a576f3b1f453010f744a232920 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 88.0.4324.208Allan Sandfeld Jensen2021-03-1612-223/+354
| | | | | Change-Id: I3ae87d23e4eff4b4a469685658740a213600c667 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 87.0.4280.67Allan Sandfeld Jensen2020-11-1811-32/+88
| | | | | Change-Id: Ib157360be8c2ffb2c73125751a89f60e049c1d54 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 86.0.4240.124Allan Sandfeld Jensen2020-11-0211-98/+263
| | | | | Change-Id: Ide0ff151e94cd665ae6521a446995d34a9d1d644 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 85.0.4183.14085-basedAllan Sandfeld Jensen2020-10-1335-490/+931
| | | | | Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 84.0.4147.141Allan Sandfeld Jensen2020-10-138-147/+239
| | | | | Change-Id: Ib85eb4cfa1cbe2b2b81e5022c8cad5c493969535 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 83.0.4103.122Allan Sandfeld Jensen2020-07-1736-253/+889
| | | | | Change-Id: Ie3a82f5bb0076eec2a7c6a6162326b4301ee291e Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* BASELINE: Update Chromium to 80.0.3987.136Allan Sandfeld Jensen2020-03-1822-738/+884
| | | | | Change-Id: I98e1649aafae85ba3a83e67af00bb27ef301db7b Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
* BASELINE: Update Chromium to 79.0.3945.139Allan Sandfeld Jensen2020-01-2310-22/+14
| | | | | Change-Id: I336b7182fab9bca80b709682489c07db112eaca5 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 78.0.3904.130Allan Sandfeld Jensen2020-01-2223-1532/+47
| | | | | Change-Id: If185e0c0061b3437531c97c9c8c78f239352a68b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 77.0.3865.59Allan Sandfeld Jensen2019-08-3037-168/+243
| | | | | Change-Id: I1e89a5f3b009a9519a6705102ad65c92fe736f21 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* BASELINE: Update Chromium to 76.0.3809.94Allan Sandfeld Jensen2019-08-3024-200/+402
| | | | | Change-Id: I321c3f5f929c105aec0f98c5091ef6108822e647 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* BASELINE: Update Chromium to 75.0.3770.56Allan Sandfeld Jensen2019-05-2429-201/+172
| | | | | Change-Id: I86d2007fd27a45d5797eee06f4c9369b8b50ac4f Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
* BASELINE: Update Chromium to 74.0.3729.159Allan Sandfeld Jensen2019-05-2036-120/+310
| | | | | Change-Id: I8d2497da544c275415aedd94dd25328d555de811 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* BASELINE: Update Chromium to 73.0.3683.37Allan Sandfeld Jensen2019-02-1432-139/+166
| | | | | Change-Id: I08c9af2948b645f671e5d933aca1f7a90ea372f2 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* BASELINE: Update Chromium to 72.0.3626.110 and Ninja to 1.9.0Allan Sandfeld Jensen2019-02-1436-986/+1202
| | | | | Change-Id: Ic57220b00ecc929a893c91f5cc552f5d3e99e922 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* BASELINE: Update Chromium to 71.0.3578.93Allan Sandfeld Jensen2018-12-1040-354/+460
| | | | | Change-Id: I6a32086c33670e1b033f8b10e6bf1fd4da1d105d Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
* BASELINE: Update Chromium to 70.0.3538.78Allan Sandfeld Jensen2018-10-3015-431/+50
| | | | | Change-Id: Ie634710bf039e26c1957f4ae45e101bd4c434ae7 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* BASELINE: Update Chromium to 69.0.3497.70Allan Sandfeld Jensen2018-08-2814-52/+89
| | | | | Change-Id: I2b7b56e4e7a8b26656930def0d4575dc32b900a0 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 68.0.3440.125Allan Sandfeld Jensen2018-08-2819-573/+92
| | | | | Change-Id: I23f19369e01f688e496f5bf179abb521ad73874f Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* BASELINE: Update Chromium to 67.0.3396.47Allan Sandfeld Jensen2018-05-1595-0/+24519
Change-Id: Idcb1341782e417561a2473eeecc82642dafda5b7 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
View Lorry Controller Status