diff --git a/browser/brave_shields/brave_shields_web_contents_observer.cc b/browser/brave_shields/brave_shields_web_contents_observer.cc index a44cc9bf841c..d3bb6b568ec2 100644 --- a/browser/brave_shields/brave_shields_web_contents_observer.cc +++ b/browser/brave_shields/brave_shields_web_contents_observer.cc @@ -172,15 +172,44 @@ void BraveShieldsWebContentsObserver::DispatchBlockedEventForWebContents( return; shields_data_ctrlr->HandleItemBlocked(block_type, subresource); } +// static +void BraveShieldsWebContentsObserver::DispatchAllowedOnceEventForWebContents( + const std::string& block_type, + const std::string& subresource, + WebContents* web_contents) { + if (!web_contents) { + return; + } + auto* shields_data_ctrlr = + brave_shields::BraveShieldsDataController::FromWebContents(web_contents); + // |shields_data_ctrlr| can be null if the |web_contents| is generated in + // component layer - We don't attach any tab helpers in this case. + if (!shields_data_ctrlr) { + return; + } + shields_data_ctrlr->HandleItemAllowedOnce(block_type, subresource); +} #endif -void BraveShieldsWebContentsObserver::OnJavaScriptBlocked( +void BraveShieldsWebContentsObserver::OnJavaScriptAllowedOnce( const std::u16string& details) { +#if !BUILDFLAG(IS_ANDROID) WebContents* web_contents = WebContents::FromRenderFrameHost(receivers_.GetCurrentTargetFrame()); if (!web_contents) return; + DispatchAllowedOnceEventForWebContents( + brave_shields::kJavaScript, base::UTF16ToUTF8(details), web_contents); +#endif +} +void BraveShieldsWebContentsObserver::OnJavaScriptBlocked( + const std::u16string& details) { + WebContents* web_contents = + WebContents::FromRenderFrameHost(receivers_.GetCurrentTargetFrame()); + if (!web_contents) { + return; + } DispatchBlockedEventForWebContents(brave_shields::kJavaScript, base::UTF16ToUTF8(details), web_contents); } @@ -227,9 +256,9 @@ void BraveShieldsWebContentsObserver::ReadyToCommitNavigation( } void BraveShieldsWebContentsObserver::AllowScriptsOnce( - const std::vector& origins, - WebContents* contents) { - allowed_script_origins_ = std::move(origins); + const std::vector& origins) { + allowed_script_origins_.insert(std::end(allowed_script_origins_), + std::begin(origins), std::end(origins)); } // static diff --git a/browser/brave_shields/brave_shields_web_contents_observer.h b/browser/brave_shields/brave_shields_web_contents_observer.h index d8b4120dd323..f1e530f05e83 100644 --- a/browser/brave_shields/brave_shields_web_contents_observer.h +++ b/browser/brave_shields/brave_shields_web_contents_observer.h @@ -48,12 +48,15 @@ class BraveShieldsWebContentsObserver const std::string& block_type, const std::string& subresource, content::WebContents* web_contents); + static void DispatchAllowedOnceEventForWebContents( + const std::string& block_type, + const std::string& subresource, + content::WebContents* web_contents); static void DispatchBlockedEvent(const GURL& request_url, int frame_tree_node_id, const std::string& block_type); static GURL GetTabURLFromRenderFrameInfo(int render_frame_tree_node_id); - void AllowScriptsOnce(const std::vector& origins, - content::WebContents* web_contents); + void AllowScriptsOnce(const std::vector& origins); bool IsBlockedSubresource(const std::string& subresource); void AddBlockedSubresource(const std::string& subresource); @@ -68,6 +71,7 @@ class BraveShieldsWebContentsObserver // brave_shields::mojom::BraveShieldsHost. void OnJavaScriptBlocked(const std::u16string& details) override; + void OnJavaScriptAllowedOnce(const std::u16string& details) override; private: friend class content::WebContentsUserData; diff --git a/browser/brave_shields/brave_shields_web_contents_observer_browsertest.cc b/browser/brave_shields/brave_shields_web_contents_observer_browsertest.cc index ca5a01af5627..850de7c952a4 100644 --- a/browser/brave_shields/brave_shields_web_contents_observer_browsertest.cc +++ b/browser/brave_shields/brave_shields_web_contents_observer_browsertest.cc @@ -6,6 +6,7 @@ #include "base/memory/raw_ptr.h" #include "base/path_service.h" #include "brave/browser/brave_shields/brave_shields_web_contents_observer.h" +#include "brave/browser/ui/brave_shields_data_controller.h" #include "brave/components/constants/brave_paths.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/profiles/profile.h" @@ -79,6 +80,24 @@ class BraveShieldsWebContentsObserverBrowserTest : public InProcessBrowserTest { brave_shields_web_contents_observer_); } + std::vector GetBlockedJsList() { + return brave_shields::BraveShieldsDataController::FromWebContents( + GetWebContents()) + ->GetBlockedJsList(); + } + + std::vector GetAllowedJsList() { + return brave_shields::BraveShieldsDataController::FromWebContents( + GetWebContents()) + ->GetAllowedJsList(); + } + + void ClearAllResourcesList() { + return brave_shields::BraveShieldsDataController::FromWebContents( + GetWebContents()) + ->ClearAllResourcesList(); + } + void TearDownOnMainThread() override { BraveShieldsWebContentsObserver::SetReceiverImplForTesting(nullptr); } @@ -114,7 +133,7 @@ IN_PROC_BROWSER_TEST_F(BraveShieldsWebContentsObserverBrowserTest, browser(), embedded_test_server()->GetURL("a.com", "/load_js.html"))); EXPECT_TRUE(WaitForLoadStop(GetWebContents())); EXPECT_EQ(brave_shields_web_contents_observer()->block_javascript_count(), 0); - + EXPECT_EQ(GetBlockedJsList().size(), 0u); // Enable JavaScript blocking globally now. content_settings()->SetContentSettingCustomScope( ContentSettingsPattern::Wildcard(), ContentSettingsPattern::Wildcard(), @@ -128,6 +147,7 @@ IN_PROC_BROWSER_TEST_F(BraveShieldsWebContentsObserverBrowserTest, GetWebContents()->GetController().Reload(content::ReloadType::NORMAL, true); EXPECT_TRUE(WaitForLoadStop(GetWebContents())); EXPECT_GT(brave_shields_web_contents_observer()->block_javascript_count(), 0); + EXPECT_EQ(GetBlockedJsList().size(), 3u); // Disable JavaScript blocking again now. content_settings()->SetContentSettingCustomScope( @@ -148,6 +168,7 @@ IN_PROC_BROWSER_TEST_F(BraveShieldsWebContentsObserverBrowserTest, GetWebContents()->GetController().Reload(content::ReloadType::NORMAL, true); EXPECT_TRUE(WaitForLoadStop(GetWebContents())); EXPECT_EQ(brave_shields_web_contents_observer()->block_javascript_count(), 0); + EXPECT_EQ(GetBlockedJsList().size(), 0u); } IN_PROC_BROWSER_TEST_F(BraveShieldsWebContentsObserverBrowserTest, @@ -162,6 +183,81 @@ IN_PROC_BROWSER_TEST_F(BraveShieldsWebContentsObserverBrowserTest, browser(), embedded_test_server()->GetURL("a.com", "/embedded_js.html"))); EXPECT_TRUE(WaitForLoadStop(GetWebContents())); EXPECT_GT(brave_shields_web_contents_observer()->block_javascript_count(), 0); + EXPECT_EQ(GetBlockedJsList().size(), 1u); +} + +IN_PROC_BROWSER_TEST_F(BraveShieldsWebContentsObserverBrowserTest, + JavaScriptAllowedEvents) { + const GURL& url = GURL("a.com"); + + // Start with JavaScript blocking initially disabled. + ContentSetting block_javascript_setting = + content_settings()->GetContentSetting(url, url, + ContentSettingsType::JAVASCRIPT); + EXPECT_EQ(CONTENT_SETTING_ALLOW, block_javascript_setting); + + // Load a simple HTML that attempts to load some JavaScript without blocking. + EXPECT_TRUE(ui_test_utils::NavigateToURL( + browser(), embedded_test_server()->GetURL("a.com", "/load_js.html"))); + EXPECT_TRUE(WaitForLoadStop(GetWebContents())); + EXPECT_EQ(brave_shields_web_contents_observer()->block_javascript_count(), 0); + + // Enable JavaScript blocking globally now. + content_settings()->SetContentSettingCustomScope( + ContentSettingsPattern::Wildcard(), ContentSettingsPattern::Wildcard(), + ContentSettingsType::JAVASCRIPT, CONTENT_SETTING_BLOCK); + block_javascript_setting = content_settings()->GetContentSetting( + url, url, ContentSettingsType::JAVASCRIPT); + EXPECT_EQ(CONTENT_SETTING_BLOCK, block_javascript_setting); + + // Reload the test page now that JavaScript has been blocked. + brave_shields_web_contents_observer()->Reset(); + GetWebContents()->GetController().Reload(content::ReloadType::NORMAL, true); + EXPECT_TRUE(WaitForLoadStop(GetWebContents())); + EXPECT_GT(brave_shields_web_contents_observer()->block_javascript_count(), 0); + auto blocked_list = GetBlockedJsList(); + EXPECT_EQ(blocked_list.size(), 3u); + + // Allow One Script + brave_shields_web_contents_observer()->AllowScriptsOnce( + std::vector({blocked_list.back().spec()})); + ClearAllResourcesList(); + GetWebContents()->GetController().Reload(content::ReloadType::NORMAL, true); + EXPECT_TRUE(WaitForLoadStop(GetWebContents())); + EXPECT_EQ(GetBlockedJsList().size(), 2u); + EXPECT_EQ(GetAllowedJsList().size(), 1u); + + blocked_list.pop_back(); + EXPECT_EQ(blocked_list.size(), 2u); + + // Allow Second Script + brave_shields_web_contents_observer()->AllowScriptsOnce( + std::vector({blocked_list.back().spec()})); + ClearAllResourcesList(); + GetWebContents()->GetController().Reload(content::ReloadType::NORMAL, true); + EXPECT_TRUE(WaitForLoadStop(GetWebContents())); + EXPECT_EQ(GetBlockedJsList().size(), 1u); + EXPECT_EQ(GetAllowedJsList().size(), 2u); + + // Disable JavaScript blocking again now. + content_settings()->SetContentSettingCustomScope( + ContentSettingsPattern::Wildcard(), ContentSettingsPattern::Wildcard(), + ContentSettingsType::JAVASCRIPT, CONTENT_SETTING_ALLOW); + block_javascript_setting = content_settings()->GetContentSetting( + url, url, ContentSettingsType::JAVASCRIPT); + EXPECT_EQ(CONTENT_SETTING_ALLOW, block_javascript_setting); + + // Reload the test page now that JavaScript has been allowed again. + // Do it twice, because first reload will still trigger blocked events as + // renderer caches AllowScript results in + // ContentSettingsAgentImpl::cached_script_permissions_. + GetWebContents()->GetController().Reload(content::ReloadType::NORMAL, true); + EXPECT_TRUE(WaitForLoadStop(GetWebContents())); + + brave_shields_web_contents_observer()->Reset(); + GetWebContents()->GetController().Reload(content::ReloadType::NORMAL, true); + EXPECT_TRUE(WaitForLoadStop(GetWebContents())); + EXPECT_EQ(brave_shields_web_contents_observer()->block_javascript_count(), 0); } } // namespace brave_shields diff --git a/browser/ui/brave_shields_data_controller.cc b/browser/ui/brave_shields_data_controller.cc index c57b1714b2bb..ae44b272a1d9 100644 --- a/browser/ui/brave_shields_data_controller.cc +++ b/browser/ui/brave_shields_data_controller.cc @@ -8,6 +8,7 @@ #include +#include "brave/browser/brave_shields/brave_shields_web_contents_observer.h" #include "brave/components/brave_shields/browser/brave_shields_util.h" #include "brave/components/brave_shields/common/brave_shield_constants.h" #include "chrome/browser/browser_process.h" @@ -91,6 +92,7 @@ void BraveShieldsDataController::ClearAllResourcesList() { resource_list_http_redirects_.clear(); resource_list_blocked_js_.clear(); resource_list_blocked_fingerprints_.clear(); + resource_list_allowed_once_js_.clear(); for (Observer& obs : observer_list_) obs.OnResourcesChanged(); @@ -129,10 +131,15 @@ std::vector BraveShieldsDataController::GetHttpRedirectsList() { return http_redirects; } -std::vector BraveShieldsDataController::GetJsList() { +std::vector BraveShieldsDataController::GetBlockedJsList() { std::vector js_list(resource_list_blocked_js_.begin(), resource_list_blocked_js_.end()); + return js_list; +} +std::vector BraveShieldsDataController::GetAllowedJsList() { + std::vector js_list(resource_list_allowed_once_js_.begin(), + resource_list_allowed_once_js_.end()); return js_list; } @@ -376,6 +383,17 @@ void BraveShieldsDataController::SetIsHTTPSEverywhereEnabled(bool is_enabled) { ReloadWebContents(); } +void BraveShieldsDataController::AllowScriptsOnce( + const std::vector& origins) { + BraveShieldsWebContentsObserver* observer = + BraveShieldsWebContentsObserver::FromWebContents(web_contents()); + if (observer) { + observer->AllowScriptsOnce(origins); + } + + ReloadWebContents(); +} + bool BraveShieldsDataController::IsBraveShieldsManaged() { PrefService* profile_prefs = Profile::FromBrowserContext(web_contents()->GetBrowserContext()) @@ -405,6 +423,22 @@ void BraveShieldsDataController::HandleItemBlocked( obs.OnResourcesChanged(); } +void BraveShieldsDataController::HandleItemAllowedOnce( + const std::string& allowed_once_type, + const std::string& subresource) { + auto subres = GURL(subresource); + if (allowed_once_type == kJavaScript) { + if (resource_list_allowed_once_js_.contains(subres)) { + return; + } + resource_list_allowed_once_js_.insert(GURL(subresource)); + } + + for (Observer& obs : observer_list_) { + obs.OnResourcesChanged(); + } +} + WEB_CONTENTS_USER_DATA_KEY_IMPL(BraveShieldsDataController); } // namespace brave_shields diff --git a/browser/ui/brave_shields_data_controller.h b/browser/ui/brave_shields_data_controller.h index b103b3a43c26..ff1fee8387f1 100644 --- a/browser/ui/brave_shields_data_controller.h +++ b/browser/ui/brave_shields_data_controller.h @@ -50,11 +50,14 @@ class BraveShieldsDataController void HandleItemBlocked(const std::string& block_type, const std::string& subresource); + void HandleItemAllowedOnce(const std::string& allowed_once_type, + const std::string& subresource); void ClearAllResourcesList(); int GetTotalBlockedCount(); std::vector GetBlockedAdsList(); std::vector GetHttpRedirectsList(); - std::vector GetJsList(); + std::vector GetBlockedJsList(); + std::vector GetAllowedJsList(); std::vector GetFingerprintsList(); bool GetBraveShieldsEnabled(); void SetBraveShieldsEnabled(bool is_enabled); @@ -74,6 +77,7 @@ class BraveShieldsDataController void SetHttpsUpgradeMode(HttpsUpgradeMode mode); void SetIsNoScriptEnabled(bool is_enabled); void SetIsHTTPSEverywhereEnabled(bool is_enabled); + void AllowScriptsOnce(const std::vector& origins); void AddObserver(Observer* obs); void RemoveObserver(Observer* obs); @@ -108,6 +112,7 @@ class BraveShieldsDataController std::set resource_list_blocked_ads_; std::set resource_list_http_redirects_; std::set resource_list_blocked_js_; + std::set resource_list_allowed_once_js_; std::set resource_list_blocked_fingerprints_; base::ScopedObservation observation_{this}; diff --git a/browser/ui/brave_shields_data_controller_unittest.cc b/browser/ui/brave_shields_data_controller_unittest.cc index 2dd03b457cf6..3b25ae938a83 100644 --- a/browser/ui/brave_shields_data_controller_unittest.cc +++ b/browser/ui/brave_shields_data_controller_unittest.cc @@ -401,3 +401,26 @@ TEST_F(BraveShieldsDataControllerTest, SetBraveShieldsEnabledAsDefaultValue) { ->GetDict("profile.content_settings.exceptions.braveShields") .empty()); } + +TEST_F(BraveShieldsDataControllerTest, AllowedOnceScripts) { + EXPECT_EQ(GetShieldsDataController()->GetAllowedJsList().size(), 0u); + GetShieldsDataController()->HandleItemAllowedOnce( + brave_shields::kJavaScript, "https://url1.com/script.js"); + EXPECT_EQ(GetShieldsDataController()->GetAllowedJsList().size(), 1u); + GetShieldsDataController()->HandleItemAllowedOnce( + brave_shields::kJavaScript, "https://url2.com/script.js"); + EXPECT_EQ(GetShieldsDataController()->GetAllowedJsList().size(), 2u); + GetShieldsDataController()->HandleItemAllowedOnce( + brave_shields::kJavaScript, "https://url3.com/script.js"); + EXPECT_EQ(GetShieldsDataController()->GetAllowedJsList().size(), 3u); + + // Making sure we exclude duplicates + GetShieldsDataController()->HandleItemAllowedOnce( + brave_shields::kJavaScript, "https://url2.com/script.js"); + GetShieldsDataController()->HandleItemAllowedOnce( + brave_shields::kJavaScript, "https://url3.com/script.js"); + EXPECT_EQ(GetShieldsDataController()->GetAllowedJsList().size(), 3u); + + GetShieldsDataController()->ClearAllResourcesList(); + EXPECT_EQ(GetShieldsDataController()->GetAllowedJsList().size(), 0u); +} diff --git a/browser/ui/webui/brave_shields/shields_panel_data_handler.cc b/browser/ui/webui/brave_shields/shields_panel_data_handler.cc index cb5e2b26feeb..4a2e0313735d 100644 --- a/browser/ui/webui/brave_shields/shields_panel_data_handler.cc +++ b/browser/ui/webui/brave_shields/shields_panel_data_handler.cc @@ -115,6 +115,15 @@ void ShieldsPanelDataHandler::SetIsNoScriptsEnabled(bool is_enabled) { active_shields_data_controller_->SetIsNoScriptEnabled(is_enabled); } +void ShieldsPanelDataHandler::AllowScriptsOnce( + const std::vector& origins) { + if (!active_shields_data_controller_) { + return; + } + + active_shields_data_controller_->AllowScriptsOnce(origins); +} + void ShieldsPanelDataHandler::SetHTTPSEverywhereEnabled(bool is_enabled) { if (!active_shields_data_controller_) return; @@ -160,7 +169,8 @@ void ShieldsPanelDataHandler::UpdateSiteBlockInfo() { active_shields_data_controller_->GetTotalBlockedCount(); site_block_info_.ads_list = active_shields_data_controller_->GetBlockedAdsList(); - site_block_info_.js_list = active_shields_data_controller_->GetJsList(); + site_block_info_.js_list = + active_shields_data_controller_->GetBlockedJsList(); site_block_info_.fingerprints_list = active_shields_data_controller_->GetFingerprintsList(); site_block_info_.http_redirects_list = diff --git a/browser/ui/webui/brave_shields/shields_panel_data_handler.h b/browser/ui/webui/brave_shields/shields_panel_data_handler.h index 58ed4e4bd019..a4293147497a 100644 --- a/browser/ui/webui/brave_shields/shields_panel_data_handler.h +++ b/browser/ui/webui/brave_shields/shields_panel_data_handler.h @@ -6,6 +6,9 @@ #ifndef BRAVE_BROWSER_UI_WEBUI_BRAVE_SHIELDS_SHIELDS_PANEL_DATA_HANDLER_H_ #define BRAVE_BROWSER_UI_WEBUI_BRAVE_SHIELDS_SHIELDS_PANEL_DATA_HANDLER_H_ +#include +#include + #include "base/memory/raw_ptr.h" #include "brave/browser/ui/brave_shields_data_controller.h" #include "brave/components/brave_shields/common/brave_shields_panel.mojom.h" @@ -49,6 +52,7 @@ class ShieldsPanelDataHandler void SetBraveShieldsEnabled(bool is_enabled) override; void OpenWebCompatWindow() override; void UpdateFavicon() override; + void AllowScriptsOnce(const std::vector& origins) override; private: void UpdateSiteBlockInfo(); diff --git a/components/brave_shields/common/brave_shields.mojom b/components/brave_shields/common/brave_shields.mojom index de477cff7760..8ee1bb969484 100644 --- a/components/brave_shields/common/brave_shields.mojom +++ b/components/brave_shields/common/brave_shields.mojom @@ -1,6 +1,7 @@ +// Copyright (c) 2021 The Brave Authors. All rights reserved. // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this file, -// You can obtain one at http://mozilla.org/MPL/2.0/. +// You can obtain one at https://mozilla.org/MPL/2.0/. module brave_shields.mojom; @@ -10,6 +11,9 @@ interface BraveShieldsHost { // Notify the browser process that JavaScript execution has been blocked, // passing the details in |details| as a 16-bit string. OnJavaScriptBlocked(mojo_base.mojom.String16 details); + // Notify the browser process that JavaScript execution has been temporary + // allowed, passing the details in |details| as a 16-bit string. + OnJavaScriptAllowedOnce(mojo_base.mojom.String16 details); }; interface BraveShields { diff --git a/components/brave_shields/common/brave_shields_panel.mojom b/components/brave_shields/common/brave_shields_panel.mojom index 8b0ae6afb68a..b32a95e13ed5 100644 --- a/components/brave_shields/common/brave_shields_panel.mojom +++ b/components/brave_shields/common/brave_shields_panel.mojom @@ -46,6 +46,7 @@ interface DataHandler { SetBraveShieldsEnabled(bool is_enabled); OpenWebCompatWindow(); UpdateFavicon(); + AllowScriptsOnce(array origins); }; struct SiteBlockInfo { diff --git a/components/content_settings/renderer/brave_content_settings_agent_impl.cc b/components/content_settings/renderer/brave_content_settings_agent_impl.cc index 33cc8fd2367d..5b7037134d79 100644 --- a/components/content_settings/renderer/brave_content_settings_agent_impl.cc +++ b/components/content_settings/renderer/brave_content_settings_agent_impl.cc @@ -1,7 +1,7 @@ -/* Copyright 2019 The Brave Authors. All rights reserved. +/* Copyright (c) 2019 The Brave Authors. All rights reserved. * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ + * You can obtain one at https://mozilla.org/MPL/2.0/. */ #include "brave/components/content_settings/renderer/brave_content_settings_agent_impl.h" @@ -33,6 +33,8 @@ namespace content_settings { namespace { +constexpr char kJavascriptExtension[] = ".js"; + bool IsFrameWithOpaqueOrigin(blink::WebFrame* frame) { // Storage access is keyed off the top origin and the frame's origin. // It will be denied any opaque origins so have this method to return early @@ -70,6 +72,13 @@ bool IsBraveShieldsDown(const blink::WebFrame* frame, return setting == CONTENT_SETTING_BLOCK; } +// Skips everything except main frame domain and javascript urls. +bool ShouldSkipResource(const GURL& resource_url) { + return (resource_url.path().empty() || + ((resource_url.path().size() > 1) && + !resource_url.path().ends_with(kJavascriptExtension))); +} + } // namespace BraveContentSettingsAgentImpl::BraveContentSettingsAgentImpl( @@ -112,6 +121,17 @@ bool BraveContentSettingsAgentImpl::IsReduceLanguageEnabled() { return reduce_language_enabled_; } +void BraveContentSettingsAgentImpl::BraveSpecificDidAllowJavaScriptOnce( + const GURL& resource_url) { + // This will be called for all resources on a page, we want to notify only + // about frame domain and javascript resources. + if (ShouldSkipResource(resource_url)) { + return; + } + GetOrCreateBraveShieldsRemote()->OnJavaScriptAllowedOnce( + base::UTF8ToUTF16(resource_url.spec())); +} + void BraveContentSettingsAgentImpl::BraveSpecificDidBlockJavaScript( const std::u16string& details) { mojo::AssociatedRemote remote; @@ -125,15 +145,17 @@ bool BraveContentSettingsAgentImpl::AllowScript(bool enabled_per_settings) { blink::WebLocalFrame* frame = render_frame()->GetWebFrame(); const GURL secondary_url(url::Origin(frame->GetSecurityOrigin()).GetURL()); - bool allow = ContentSettingsAgentImpl::AllowScript(enabled_per_settings); - allow = allow || IsBraveShieldsDown(frame, secondary_url) || - IsScriptTemporilyAllowed(secondary_url); - + auto is_shields_down = IsBraveShieldsDown(frame, secondary_url); + auto is_script_temprily_allowed = IsScriptTemporilyAllowed(secondary_url); + allow = allow || is_shields_down || is_script_temprily_allowed; if (!allow) { blocked_script_url_ = secondary_url; + } else if (!is_shields_down) { + if (is_script_temprily_allowed) { + BraveSpecificDidAllowJavaScriptOnce(secondary_url); + } } - return allow; } @@ -203,7 +225,6 @@ bool BraveContentSettingsAgentImpl::AllowScriptFromSource( bool enabled_per_settings, const blink::WebURL& script_url) { const GURL secondary_url(script_url); - bool allow = ContentSettingsAgentImpl::AllowScriptFromSource( enabled_per_settings, script_url); @@ -212,13 +233,18 @@ bool BraveContentSettingsAgentImpl::AllowScriptFromSource( bool should_white_list = IsAllowlistedForContentSettings( blink::WebSecurityOrigin::Create(script_url), render_frame()->GetWebFrame()->GetDocument().Url()); - - allow = allow || should_white_list || - IsBraveShieldsDown(render_frame()->GetWebFrame(), secondary_url) || - IsScriptTemporilyAllowed(secondary_url); + auto is_shields_down = + IsBraveShieldsDown(render_frame()->GetWebFrame(), secondary_url); + auto is_script_temprily_allowed = IsScriptTemporilyAllowed(secondary_url); + allow = allow || should_white_list || is_shields_down || + is_script_temprily_allowed; if (!allow) { blocked_script_url_ = secondary_url; + } else if (!is_shields_down) { + if (is_script_temprily_allowed) { + BraveSpecificDidAllowJavaScriptOnce(secondary_url); + } } return allow; diff --git a/components/content_settings/renderer/brave_content_settings_agent_impl.h b/components/content_settings/renderer/brave_content_settings_agent_impl.h index 116b9afed1fb..e62a2a856132 100644 --- a/components/content_settings/renderer/brave_content_settings_agent_impl.h +++ b/components/content_settings/renderer/brave_content_settings_agent_impl.h @@ -1,7 +1,7 @@ -/* Copyright 2020 The Brave Authors. All rights reserved. +/* Copyright (c) 2020 The Brave Authors. All rights reserved. * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ + * You can obtain one at https://mozilla.org/MPL/2.0/. */ #ifndef BRAVE_COMPONENTS_CONTENT_SETTINGS_RENDERER_BRAVE_CONTENT_SETTINGS_AGENT_IMPL_H_ #define BRAVE_COMPONENTS_CONTENT_SETTINGS_RENDERER_BRAVE_CONTENT_SETTINGS_AGENT_IMPL_H_ @@ -57,7 +57,7 @@ class BraveContentSettingsAgentImpl bool AllowStorageAccessSync(StorageType storage_type) override; void BraveSpecificDidBlockJavaScript(const std::u16string& details); - + void BraveSpecificDidAllowJavaScriptOnce(const GURL& details); bool AllowAutoplay(bool play_requested) override; BraveFarblingLevel GetBraveFarblingLevel() override; diff --git a/test/BUILD.gn b/test/BUILD.gn index 891849254d5f..7164c1d0de57 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn @@ -208,6 +208,7 @@ test("brave_unit_tests") { "//brave/components/brave_search_conversion:unit_tests", "//brave/components/brave_shields/browser", "//brave/components/brave_shields/common", + "//brave/components/brave_shields/common:mojom", "//brave/components/brave_sync:crypto", "//brave/components/brave_sync:network_time_helper", "//brave/components/brave_sync:unit_tests", diff --git a/test/data/load_js.html b/test/data/load_js.html index fcc02e700a7b..93f215a783d8 100644 --- a/test/data/load_js.html +++ b/test/data/load_js.html @@ -4,4 +4,7 @@ Just attempt to load a JavaScript file to test JavaScript blocking. --> - + +some svg + +