-
Ionel Popescu authored
As discussed on the security review this CL adds the following mitigations: - require a transient user activation on the browser side, and consume it when showing the eye dropper for the renderer (this will prevent a compromised renderer to repeatedly ask for a color) - require the eye dropper UI to be visible for a minimum amount of time before color selection is allowed in order to ensure the user has a chance to see the UI. There is also a fix for the popup not correctly updating the user activation state. This happens because it is using a EmptyLocalFrameClient and its frame is not related to the owner element's frame. Bug: 992297 Change-Id: Ia5d2aead0be153ce4b49048552062de3a6c72e63 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2442132Reviewed-by:
Kent Tamura <tkent@chromium.org> Reviewed-by:
Mason Freed <masonfreed@chromium.org> Reviewed-by:
Avi Drissman <avi@chromium.org> Commit-Queue: Mason Freed <masonfreed@chromium.org> Cr-Commit-Position: refs/heads/master@{#812847}
c64eed06
