LGTM3. -mike
On Fri, Sep 8, 2023 at 4:52 PM Chris Harrelson <chris...@chromium.org> wrote: > LGTM2 > > On Fri, Sep 8, 2023 at 7:04 AM Mike Taylor <miketa...@chromium.org> wrote: > >> LGTM1 to ship. Risk seems very low (and worth it, given security >> improvements), but thanks for adding a runtime enabled feature. >> On 9/7/23 12:44 AM, 'Jun Kokatsu' via blink-dev wrote: >> >> Contact emails >> >> jkoka...@google.com >> >> Specification >> >> https://github.com/whatwg/html/pull/9309/files >> >> Summary >> >> This change replaces the navigable target name (which is usually set by >> target attribute) to `_blank`, if it contains a dangling markup (i.e. `\n` >> and `<`). Which fixes a bypass in the dangling markup injection mitigation. >> >> >> Blink component >> >> Blink>SecurityFeature >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature> >> >> Motivation >> >> Blink has shipped a mitigation for dangling markup injection >> <https://chromestatus.com/feature/5735596811091968> attack while back. >> However, it was discovered that the mitigation can be bypassed >> <https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup> >> through target name. Navigations with such target names are low >> <https://chromestatus.com/metrics/feature/timeline/popularity/4493> >> (~0.000007%). Therefore, this change removes the limitation discovered in >> the previous mitigation. >> >> >> Initial public proposal >> >> None >> >> TAG review >> >> None >> >> TAG review status >> >> Not applicable >> >> Risks >> >> Interoperability and Compatibility >> >> None >> >> >> Gecko: Positive >> <https://github.com/mozilla/standards-positions/issues/804> >> >> WebKit: Shipped/Shipping <https://github.com/WebKit/WebKit/pull/16885> >> >> Web developers: No signals >> >> Other signals: >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> None >> >> >> Debuggability >> >> None >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? >> >> Yes <https://github.com/web-platform-tests/wpt/pull/40232> >> >> Flag name on chrome://flags >> >> None >> >> Finch feature name >> >> None >> >> Non-finch justification >> >> None >> >> Requires code in //chrome? >> >> False >> >> Tracking bug >> >> https://bugs.chromium.org/p/chromium/issues/detail?id=1421440 >> >> Estimated milestones >> >> 119 >> >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5073969773805568 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOWKMF4CR50EbS%3DMrYxMa5PcyiYPFg%2B4X2e6F5S0kzcxJLygew%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOWKMF4CR50EbS%3DMrYxMa5PcyiYPFg%2B4X2e6F5S0kzcxJLygew%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e68e959c-0a28-45b0-90f1-d35aa2e0c17b%40chromium.org >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e68e959c-0a28-45b0-90f1-d35aa2e0c17b%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw8iH9LMurSC%2BNnmSeJoBVHQ-tOnHYszZ5BnYjiNw0GW-g%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw8iH9LMurSC%2BNnmSeJoBVHQ-tOnHYszZ5BnYjiNw0GW-g%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3DdKgcioD_w9Aax4P7DzhRZj-SKWK86_y3%3D0wg5ycSTTVA%40mail.gmail.com.
