-
Alison Huffman authored
Currently on iOS, DOM Distiller cannot guarantee that the data being sent to it comes from the distillation script. This allows arbitrary HTML to be included in the final reader mode version of the page. This combined with a find-replace-style inclusion of arbitrary origin data sourced from image tags, allows the leaking of cross-origin authenticated pages. This change adds a CSP policy for iOS reader mode, enforces paginations belong to the same origins, includes offline images through JavaScript, and performs mime-sniffing on offlined images to ensure they are valid images. Bug: 1111239 Test: Tested changes with cases provided in bug. Change-Id: Idf9c8986c541bcab32fb8d320ebdf75b55dc7839 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2608284 Commit-Queue: Alison Huffman <ahuffman@microsoft.com> Reviewed-by:
Wei-Yin Chen (陳威尹) <wychen@chromium.org> Reviewed-by:
Olivier Robin <olivierrobin@chromium.org> Cr-Commit-Position: refs/heads/master@{#845045}
0f8e6b6c
