-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reject non-http URLs for url member #174
Conversation
It looks like https://github.com/web-platform-tests/wpt/blob/master/web-share/canShare.tentative.https.html still checks that we're able to share data URLs. Would that test need to be updated as well? |
The webkit patch allows data urls. @marcoscaceres do you also consider them problematic? |
I think that this needs more treatment than this alone. It needs to acknowledge the risk that share targets could retrieve content from the URL, and that they might follow redirects (or be subject to DNS tweaking) in order to exploit their position in the network to access information that might otherwise be protected by firewalls and similar. If the application also passes on that information, that leads to an unexpected information leakage. I don't think that it is appropriate to say that this is sufficient to address #173. |
@ericwilligers, about data: URLs, yes, as if they get dereferenced and previewed, then you can get into a situation like:
@whsieh, what was the rationale for still allowing @martinthomson agree, definitely need to add a security considerations section for apps ingesting these URLs. As you suggested, we are just one link a weak chain here and OSs and apps able to inject need to be more careful. |
@martinthomson, I added your comment above more or less verbatim as they capture the risk quite nicely from a bunch of different angles. Please feel free to suggest additional changes. |
I file w3ctag/security-questionnaire#96 to capture our cautionary tale of trusting URLs and thinking receiving parties will be careful with what they are receiving. |
I believe the rationale for still allowing the |
@whsieh, for the share targets you tested, is sharing a http(s) url that redirects a problem? If not, is sharing the following simply equivalent to sharing a http(s) url that redirects, and not equivalent to sharing a
|
This is not a problem (at least, on Cocoa platforms) because neither the share targets (Messages and Mail in this case) nor the UA attempt to load the data URL as web content and then send the web content to the recipient. |
Co-authored-by: Martin Thomson <[email protected]>
Spec: https://w3c.github.io/web-share/#share-method If a share() request is active when share() is called again, the new share request fails immediately. w3c/web-share#113 In content shell, the OS-integration for the share service is not present. Instead of crashing in tests, we report a not implemented error. WPT web-share/share-sharePromise-internal-slot.https.html now passes (It previously crashed.) Protocols other that http and https are no longer supported by share() or canShare(). w3c/web-share#174 canShare is being discussed in w3c/web-share#177 Bug: 1002337, 1002514, 1131755 Change-Id: I4ec9f6eb03373fd5c6db1881df906a8df36ca4ff
Spec: https://w3c.github.io/web-share/#share-method If a share() request is active when share() is called again, the new share request fails immediately. w3c/web-share#113 In content shell, the OS-integration for the share service is not present. Instead of crashing in tests, we report a not implemented error. WPT web-share/share-sharePromise-internal-slot.https.html now passes - it previously crashed. w3c/web-share#183 improves consistency between the test and the spec. Protocols other that http and https are no longer supported by share() or canShare(). w3c/web-share#174 canShare is being discussed in w3c/web-share#177 Bug: 1002337, 1002514, 1131755 Change-Id: I4ec9f6eb03373fd5c6db1881df906a8df36ca4ff
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <[email protected]> Reviewed-by: Glen Robertson <[email protected]> Auto-Submit: Eric Willigers <[email protected]> Cr-Commit-Position: refs/heads/master@{#810180}
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <[email protected]> Reviewed-by: Glen Robertson <[email protected]> Auto-Submit: Eric Willigers <[email protected]> Cr-Commit-Position: refs/heads/master@{#810180}
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <[email protected]> Reviewed-by: Glen Robertson <[email protected]> Auto-Submit: Eric Willigers <[email protected]> Cr-Commit-Position: refs/heads/master@{#810180}
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <[email protected]> Reviewed-by: Glen Robertson <[email protected]> Auto-Submit: Eric Willigers <[email protected]> Cr-Commit-Position: refs/heads/master@{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligerschromium.org> Reviewed-by: Glen Robertson <glenrobchromium.org> Auto-Submit: Eric Willigers <ericwilligerschromium.org> Cr-Commit-Position: refs/heads/master{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755 UltraBlame original commit: 527027b783378db7e3c1fcdd908e718799400989
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligerschromium.org> Reviewed-by: Glen Robertson <glenrobchromium.org> Auto-Submit: Eric Willigers <ericwilligerschromium.org> Cr-Commit-Position: refs/heads/master{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755 UltraBlame original commit: 527027b783378db7e3c1fcdd908e718799400989
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <ericwilligerschromium.org> Reviewed-by: Glen Robertson <glenrobchromium.org> Auto-Submit: Eric Willigers <ericwilligerschromium.org> Cr-Commit-Position: refs/heads/master{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755 UltraBlame original commit: 527027b783378db7e3c1fcdd908e718799400989
…nd https, a=testonly Automatic update from web-platform-tests Web Share: restrict URL scheme to http and https We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <[email protected]> Reviewed-by: Glen Robertson <[email protected]> Auto-Submit: Eric Willigers <[email protected]> Cr-Commit-Position: refs/heads/master@{#810180} -- wpt-commits: a28408e23e7cb1e4e8dc070445a51fc2f2d9a4e6 wpt-pr: 25755
data: URLs are no longer supported by Web Share API. w3c/web-share#174 This is tested by automated tests. The manual test in obsolete, it is not valid or needed. closes #202 Co-authored-by: Eric Willigers <[email protected]>
…https.html, a=testonly Automatic update from web-platform-tests Web Share: Retire share-url-data-manual.https.html (#28654) data: URLs are no longer supported by Web Share API. w3c/web-share#174 This is tested by automated tests. The manual test in obsolete, it is not valid or needed. closes #202 Co-authored-by: Eric Willigers <[email protected]> -- wpt-commits: 2eb3853c6bb77eed4a3b5de3b6042b72463efd65 wpt-pr: 28654
We now follow the recent spec change limiting the permitted scheme for shared urls to http and https - see w3c/web-share#173 w3c/web-share#174 w3c/web-share#177 We make an exception if the page performing the share it itself loaded from a different scheme (e.g. file) - in that case we allow the same scheme to be used for the shared url. Bug: 1131755 Change-Id: I6abf0f9acd40ef79ec49379314e2ef3a81d3467e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2425977 Commit-Queue: Eric Willigers <[email protected]> Reviewed-by: Glen Robertson <[email protected]> Auto-Submit: Eric Willigers <[email protected]> Cr-Commit-Position: refs/heads/master@{#810180} GitOrigin-RevId: 060b7f1b2de01048a934bc4aca41973edaf4d12c
Closes #173
For normative changes, the following tasks have been completed:
Implementation commitment: