Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

data:application items blocked by shields can't be allowed to run #5346

Closed
srirambv opened this issue Jul 23, 2019 · 3 comments · Fixed by brave/brave-core#3210
Closed

data:application items blocked by shields can't be allowed to run #5346

srirambv opened this issue Jul 23, 2019 · 3 comments · Fixed by brave/brave-core#3210
Assignees
@cezaraugusto @yrliou
Labels
bug feature/shields/!scripts Blocking JavaScript with Shields feature/shields The overall Shields feature in Brave. priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include
Milestone
0.69.x - Release

Comments

@srirambv
Copy link
Contributor

Description

data:application items blocked by shields can't be allowed to run

Steps to Reproduce

  1. Install 0.69.77
  2. Visit https://theverge.com and block scripts
  3. Click Allow scripts once until all first and third party scripts are loaded
  4. Open scripts detailed view, shows 1 item blocked for data:application/ which cannot be allowed to run

Actual result:

image

Expected result:

Should not list something that cant be allowed to run via shields settings

Reproduces how often:

Easy

Brave version (brave://version info)

Brave 0.69.77 Chromium: 76.0.3809.62 (Official Build) nightly (64-bit)
Revision 7b77856b3aa34d72f246d12340fc1ded8b2c0e83-refs/branch-heads/3809@{#798}
OS Linux

Version/Channel Information:

  • Can you reproduce this issue with the current release? No
  • Can you reproduce this issue with the beta channel? No
  • Can you reproduce this issue with the dev channel? No
  • Can you reproduce this issue with the nightly channel? Yes

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields? N/A
  • Does the issue resolve itself when disabling Brave Rewards? N/A
  • Is the issue reproducible on the latest version of Chrome? N/A

Miscellaneous Information:
@srirambv srirambv added feature/shields The overall Shields feature in Brave. QA/Yes release-notes/include feature/shields/!scripts Blocking JavaScript with Shields labels Jul 23, 2019
@cezaraugusto
Copy link
Contributor

@yrliou thoughts on this? AFAIK we can only block scripts via origin

@bsclifton bsclifton mentioned this issue Aug 19, 2019
Closed
@bsclifton bsclifton added bug and removed regression labels Aug 19, 2019
@bsclifton
Copy link
Member

In older builds (0.67.x and earlier), this was showing up before as null:
screen shot 2018-10-29 at 9 50 45 pm

0.68.x and newer, this issue properly captures the bugged behavior

Discussion was had with @cezaraugusto, @yrliou, @bbondy, @AndriusA

Proposed fix would be:
Update blocking logic to allow for origin (existing behavior) OR full URL (covers this case)

@bsclifton bsclifton added the priority/P3 The next thing for us to work on. It'll ride the trains. label Aug 19, 2019
@cezaraugusto cezaraugusto mentioned this issue Aug 20, 2019
Merged
6 tasks
bsclifton pushed a commit to brave/brave-core that referenced this issue Aug 20, 2019
@cezaraugusto @bsclifton
allow Shields to block urls with invalid origins
50b8e6b 
fix brave/brave-browser#5346
fix brave/brave-browser#5483

shields can't manually block urls with invalid origins, making
blob:// and data:// scripts impossible to allow once, for example.
this channge ensures that Shields see such scripts the same way as
scripts with valid origins.
@yrliou yrliou added this to the 0.71.x - Nightly milestone Aug 20, 2019
This was referenced Aug 20, 2019
Merged
Merged
@bsclifton bsclifton added this to the 0.69.x - Beta milestone Aug 27, 2019
@btlechowski
Copy link

btlechowski commented Sep 5, 2019
edited by LaurenWags
Loading

Verification passed on

Brave 0.69.123 Chromium: 76.0.3809.132 (Official Build) beta (64-bit)
Revision fd1acc410994a7a68ac25bc77513d443f3130860-refs/branch-heads/3809@{#1035}
OS Ubuntu 18.04 LTS

Verified the test plan from the description
5884

Verification passed on

Brave 0.69.123 Chromium: 76.0.3809.132 (Official Build) beta (64-bit)
Revision fd1acc410994a7a68ac25bc77513d443f3130860-refs/branch-heads/3809@{#1035}
OS Windows 10 OS Version 1803 (Build 17134.523)

Verified passed with

Brave 0.69.124 Chromium: 76.0.3809.132 (Official Build) (64-bit)
Revision fd1acc410994a7a68ac25bc77513d443f3130860-refs/branch-heads/3809@{#1035}
OS Mac OS X
  • Verified STR from description
    Screen Shot 2019-09-05 at 5 00 31 PM

@kjozwiak kjozwiak mentioned this issue Oct 3, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cezaraugusto cezaraugusto

@yrliou yrliou

Labels
bug feature/shields/!scripts Blocking JavaScript with Shields feature/shields The overall Shields feature in Brave. priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include
Projects
None yet
Milestone
0.69.x - Release
Development

Successfully merging a pull request may close this issue.

allow Shields to block urls with invalid origins brave/brave-core
7 participants
@cezaraugusto @yrliou @bsclifton @srirambv @LaurenWags @btlechowski @GeetaSarvadnya