Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[C129] [Android] Fix for brave scheme pages #25602

Merged
merged 1 commit into from
Sep 17, 2024
Merged

[C129] [Android] Fix for brave scheme pages #25602

merged 1 commit into from
Sep 17, 2024

Conversation

samartnik
Copy link
Contributor

@samartnik samartnik commented Sep 17, 2024
edited
Loading

Chromium change:
https://source.chromium.org/chromium/chromium/src/+/4d2cab773589a430dfae515994c3e6cad0eb0270

[M129] Disallow VerbatimMatches to open non-navigable URLs by default.

This change prevents non-navigable URLs from being opened upon paste, refine, autocomplete etc., effectively disallowing accidental execution of inline javascript: blocks.

The non-navigable (e.g. executable) URIs will be effectively pushed down on the suggestions list, making them still available, but moving forward these will require an explicit user action to be invoked (i.e. the user now has to intentionally tap these suggestions to initiate the corresponding action).

The change removes redundant test that relies on inline page injection. This is already covered by another test: http://shortn/_NG1M484b41

(cherry picked from commit 04938340e1a93e5e5588badd5e01600dd3356d52)

Bug: b/360642942

Resolves brave/brave-browser#41069

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@samartnik
[C129] [Android] Fix for brave scheme pages
e9fa1e6 
Chromium change:
https://source.chromium.org/chromium/chromium/src/+/4d2cab773589a430dfae515994c3e6cad0eb0270

[M129] Disallow VerbatimMatches to open non-navigable URLs by default.

This change prevents non-navigable URLs from being opened upon paste,
refine, autocomplete etc., effectively disallowing accidental execution
of inline javascript: blocks.

The non-navigable (e.g. executable) URIs will be effectively pushed
down on the suggestions list, making them still available, but
moving forward these will require an explicit user action to be
invoked (i.e. the user now has to intentionally tap these suggestions
to initiate the corresponding action).

The change removes redundant test that relies on inline page
injection. This is already covered by another test:
http://shortn/_NG1M484b41

(cherry picked from commit 04938340e1a93e5e5588badd5e01600dd3356d52)

Bug: b/360642942
@samartnik samartnik added this to the 1.72.x - Nightly milestone Sep 17, 2024
@samartnik samartnik self-assigned this Sep 17, 2024
@samartnik samartnik requested a review from a team as a code owner September 17, 2024 15:50
mkarolin
mkarolin approved these changes Sep 17, 2024
View reviewed changes
Copy link
Collaborator

@mkarolin mkarolin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

mkarolin
mkarolin reviewed Sep 17, 2024
View reviewed changes
chromium_src/components/omnibox/browser/verbatim_match.cc

#include "components/omnibox/browser/verbatim_match.h"

#include "content/public/common/url_constants.h"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this include should also be under #if BUILDFLAG(IS_ANDROID), but they didn't do it right upstream, so we can probably just keep it the same for now.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it will fail on iOS if we keep it like this, actually, but we can see what CI says.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iOS passed, as @mkarolin mentioned they don't guard it in the upstream as well, so should be ok for us too

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It passed iOS because of 97aab4f, but we will remove that fix at some point (hopefully, brave/brave-browser#41014) and then we would have to update the override here as well.

@samartnik samartnik merged commit d6c18c3 into master Sep 17, 2024
18 checks passed
@samartnik samartnik deleted the android_fix_for_brave_scheme branch September 17, 2024 19:01
brave-builds added a commit that referenced this pull request Sep 17, 2024
@brave-builds
Uplift of #25602 (squashed) to beta
46c479a
brave-builds added a commit that referenced this pull request Sep 17, 2024
@brave-builds
Uplift of #25602 (squashed) to release
93219ee
This was referenced Sep 17, 2024
Merged
Merged
@kjozwiak
Copy link
Member

Verification PASSED on Pixel 6 running Android 15 using the following build(s):

Brave | 1.72.17 Chromium: 129.0.6668.42 (Official Build) canary (64-bit)
--- | ---
Revision | c1da12519b60568b7bd6d8abad6d8f73bf2009f8
OS | Android 15; Build/AP41.240823.009; 35; REL
  • ensured that brave://version, brave://rewards, brave://skus-internals worked without any issues
  • ensured that chrome://version, chrome://about, chrome://rewards worked without any issues
  • ensured that clicking on various brave:// links under chrome://about & brave://about worked without issues
  • ensured loading URLs without a scheme specified worked without any issues
    • facebook.com, google,com, videocardz.com
  • ensured that loading URLs with https:// worked without any issues
    • https://cnn.com, https://brave.com, https;//zerohedge.com
  • ensured that loading URLs with http:// worked without any issues
    • http://httpforever.com
  • ensured that search terms within the omnibox are working as expected

kjozwiak pushed a commit that referenced this pull request Sep 18, 2024
@brave-builds
[C129] [Android] Fix for brave scheme pages (uplift to 1.71.x) (#25607)
b6c8fce 
Uplift of #25602 (squashed) to beta
kjozwiak pushed a commit that referenced this pull request Sep 18, 2024
@brave-builds
[C129] [Android] Fix for brave scheme pages (uplift to 1.70.x) (#25608)
e285f50 
Uplift of #25602 (squashed) to release
@kjozwiak kjozwiak mentioned this pull request Sep 18, 2024
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emerick emerick emerick left review comments

@mkarolin mkarolin mkarolin approved these changes

Assignees

@samartnik samartnik

Labels
None yet
Projects
None yet
Milestone
1.72.x - Nightly
Development

Successfully merging this pull request may close these issues.

[Cr129][Follow up to #41010] Internal webpages brave://version, brave://flags, etc. can't be loaded
4 participants
@samartnik @kjozwiak @emerick @mkarolin