[NativeFileSystem] must reject in sandboxed windows #20188
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates FileSystemDirectoryHandle.getSystemDirectory() and
chooseFileSystemEntries() to reject with a SecurityError
when called by a sandboxed window.
This change also adds a WPT test that accesses the NativeFileSystem from
opaque origins. The test includes a data URI iframe, sandboxed iframe
and a sandboxed opened window. Unlike sandboxed iframes, for data URI
iframes, the NativeFileSystem API is undefined because data URI iframes
do not provide a secure context.
This change gives the NativeFileSystem the same behavior as other web
platform storage with write operations. LocalStorage, indexedDB, and
cacheStorage all fail with SecurityErrors when accessed from a sandbox.
However, sandboxes can read files using <input type=file> and
drag&drop. In the future, if a read-only sandbox scenario emerges, we
can consider loosening this policy for the NativeFileSystem.
Bug: 1014248
Change-Id: Ibeafcdbf102275f2cd45f3cd7dbd8ed592c850c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1907278
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Olivier Yiptong <oyiptong@chromium.org>
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Commit-Queue: Steve Becker <stevebe@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#715119}