-
Chris Sharp authored
This reverts commit c64eed06. Reason for revert: Broke virtual/eye-dropper/color-picker-show-eye-dropper.html on WebKit Linux MSAN Original change's description: > Add security mitigations for eye dropper IPC. > > As discussed on the security review this CL adds the following mitigations: > - require a transient user activation on the browser side, and consume > it when showing the eye dropper for the renderer (this will prevent a > compromised renderer to repeatedly ask for a color) > - require the eye dropper UI to be visible for a minimum amount of time > before color selection is allowed in order to ensure the user has a > chance to see the UI. > > There is also a fix for the popup not correctly updating the user > activation state. This happens because it is using a > EmptyLocalFrameClient and its frame is not related to the > owner element's frame. > > Bug: 992297 > Change-Id: Ia5d2aead0be153ce4b49048552062de3a6c72e63 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2442132 > Reviewed-by: Kent Tamura <tkent@chromium.org> > Reviewed-by: Mason Freed <masonfreed@chromium.org> > Reviewed-by: Avi Drissman <avi@chromium.org> > Commit-Queue: Mason Freed <masonfreed@chromium.org> > Cr-Commit-Position: refs/heads/master@{#812847} TBR=avi@chromium.org,danakj@chromium.org,tkent@chromium.org,masonfreed@chromium.org,iopopesc@microsoft.com NOTRY=true Bug: 992297 Change-Id: If16db478fb59c4caa6f4fd90190adb72ce38e68a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2448054 Commit-Queue: Chris Sharp <csharp@chromium.org> Reviewed-by:
Chris Sharp <csharp@chromium.org> Cr-Commit-Position: refs/heads/master@{#813723}
10c65934
