Issue 10068007: Implement Content Security Policy for the File Manager

Issue 10068007: Implement Content Security Policy for the File Manager (Closed)

Created:
8 years, 8 months ago by Vladislav Kaznacheev

Modified:
8 years, 8 months ago

Reviewers:
jimhebert, dgozman

CC:
chromium-reviews, nkostylev+watch_chromium.org, feature-media-reviews_chromium.org, mihaip+watch_chromium.org, Aaron Boodman, rginda+watch_chromium.org, arv (Not doing code reviews), stevenjb+watch_chromium.org, davemoore+watch_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

Implement Content Security Policy for the File Manager The policy includes default-src:none and explicitly lists what is permitted. The only seemingly lax part is "style-src 'unsafe-inline'" which is required because the HTML flattener always inlines all CSS. BUG=chromium-os:23500 TEST=Photos/videos/music should open normally (both from local folders and from Google Docs). Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=132558

Patch Set 1 #

Total comments: 16

Patch Set 2 : Addressed comments, rebased #

Patch Set 3 : Addressed comments #

Patch Set 4 : Rebase #

Patch Set 5 : Rebase #

Created: 8 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+317 lines, -221 lines)			Patch
M	chrome/browser/chromeos/extensions/file_browser_private_api.cc	View	1 2 3 4	1 chunk	+4 lines, -0 lines	0 comments	Download
M	chrome/browser/resources/component_extension_resources.grd	View		1 chunk	+6 lines, -3 lines	0 comments	Download
M	chrome/browser/resources/file_manager/css/file_manager.css	View	1 2 3	3 chunks	+11 lines, -39 lines	0 comments	Download
M	chrome/browser/resources/file_manager/gallery.html	View		1 chunk	+19 lines, -22 lines	0 comments	Download
M	chrome/browser/resources/file_manager/js/file_manager.js	View	1 2 3 4	5 chunks	+27 lines, -8 lines	0 comments	Download
A	chrome/browser/resources/file_manager/js/image_editor/gallery_scripts.js	View	1 2	1 chunk	+23 lines, -0 lines	0 comments	Download
M	chrome/browser/resources/file_manager/js/main.js	View		3 chunks	+6 lines, -2 lines	0 comments	Download
A	chrome/browser/resources/file_manager/js/main_scripts.js	View	1 2 3	1 chunk	+62 lines, -0 lines	0 comments	Download
A	chrome/browser/resources/file_manager/js/media/mediaplayer_scripts.js	View	1 2	1 chunk	+13 lines, -0 lines	0 comments	Download
M	chrome/browser/resources/file_manager/js/metrics.js	View		4 chunks	+49 lines, -1 line	0 comments	Download
M	chrome/browser/resources/file_manager/main.html	View	1 2 3	7 chunks	+77 lines, -143 lines	0 comments	Download
M	chrome/browser/resources/file_manager/manifest.json	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	chrome/browser/resources/file_manager/mediaplayer.html	View	1	1 chunk	+19 lines, -3 lines	0 comments	Download

Messages

Total messages: 9 (0 generated)

Expand Messages | Collapse Messages

Vladislav Kaznacheev

Sumit, please review the change to manifest.json Dmitry, please review the rest of the patch. ...

8 years, 8 months ago (2012-04-12 10:37:58 UTC) #1

dgozman

The whole thing LGTM. However, some nits are here. https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/css/file_manager.css File chrome/browser/resources/file_manager/css/file_manager.css (left): https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/css/file_manager.css#oldcode978 chrome/browser/resources/file_manager/css/file_manager.css:978: ...

8 years, 8 months ago (2012-04-12 11:18:14 UTC) #2

Vladislav Kaznacheev

https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/css/file_manager.css File chrome/browser/resources/file_manager/css/file_manager.css (left): https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/css/file_manager.css#oldcode978 chrome/browser/resources/file_manager/css/file_manager.css:978: .preview-filename { Yes, this is not used since we ...

8 years, 8 months ago (2012-04-12 12:47:31 UTC) #3

dgozman

LGTM https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/js/main_scripts.js File chrome/browser/resources/file_manager/js/main_scripts.js (right): https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/js/main_scripts.js#newcode6 chrome/browser/resources/file_manager/js/main_scripts.js:6: // parsing errors in non-flattened mode. The flattener ...

8 years, 8 months ago (2012-04-12 12:50:08 UTC) #4

Vladislav Kaznacheev

https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/js/main_scripts.js File chrome/browser/resources/file_manager/js/main_scripts.js (right): https://chromiumcodereview.appspot.com/10068007/diff/1/chrome/browser/resources/file_manager/js/main_scripts.js#newcode6 chrome/browser/resources/file_manager/js/main_scripts.js:6: // parsing errors in non-flattened mode. The flattener still ...

8 years, 8 months ago (2012-04-12 14:07:09 UTC) #5

Vladislav Kaznacheev

Hi Jim, May I ask you to take a look at this patch, specifically at ...

8 years, 8 months ago (2012-04-16 14:27:10 UTC) #6

jimhebert

manifest.json LGTM! Thanks for doing this. On 2012/04/16 14:27:10, Vladislav Kaznacheev wrote: > Hi Jim, ...

8 years, 8 months ago (2012-04-16 16:33:24 UTC) #7

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/kaznacheev@chromium.org/10068007/12001

8 years, 8 months ago (2012-04-17 09:01:06 UTC) #8

Change committed as 132558

Expand Messages | Collapse Messages