window.location.assign from a background page allows navigation to random urls

Fixed, flighted Issue #7146729

Details

Created
Apr 7, 2016
Privacy
This issue is public.
Fixed in build #
15002
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Repro 1:
Open f12 for a background page and use window.location.assign(“http://www.bing.com”)
Chrome returns undefined, we navigate and crash.

We are crashing because we trying to inject polyfill on a top level extension page whose url is not a valid extension url.
The crash is good. It finds bugs like this. Instead we should return undefined and noop. (don’t navigate)

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Sebastian P.”

      Changed Steps to Reproduce

      Changed Assigned To from “Sebastian P.” to “Cameron S.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Cameron S.” to “Akshay P.”

      Changed Status from “Confirmed”

      Changed Assigned To from “Akshay P.” to “Vasanth C.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Vasanth C.” to “Saloni A.”

      Changed Status from “Confirmed” to “In progress”

      Changed Status from “In progress” to “Confirmed”

      Changed Status from “Confirmed” to “In progress”

      Changed Assigned To to “Akshay P.”

      Changed Status from “In progress”

      Changed Assigned To from “Akshay P.” to “Saloni A.”

      Changed Status to “In progress”

      Changed Assigned To from “Saloni A.” to “Daniel R.”

    • The Edge team is working on a fix for a future update.

    • Microsoft Edge Team

      Changed Status from “In progress” to “In code review”

      Changed Status from “In code review” to “In progress”

      Changed Assigned To from “Daniel R.” to “Cameron S.”

      Changed Status from “In progress” to “Fixed, not yet flighted”

      Changed Status from “Fixed, not yet flighted” to “Fixed, flighted”

    • Hello,

      Thank you for providing this information about the issue. We are pleased to report this feature is fixed in Edge 15063 and is available in our latest Insider Preview build.

      Best Wishes,
      The MS Edge Team

    You need to sign in to your Microsoft account to add a comment.

    Sign in