Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Hackerone] - Fix continuation leak in AlertPopupView #42986

Closed
3 of 5 tasks
Brandon-T opened this issue Dec 19, 2024 · 1 comment · Fixed by brave/brave-core#27069
Closed
3 of 5 tasks

[Hackerone] - Fix continuation leak in AlertPopupView #42986

Brandon-T opened this issue Dec 19, 2024 · 1 comment · Fixed by brave/brave-core#27069
Assignees
@Brandon-T
Labels
OS/iOS Fixes related to iOS browser functionality QA Pass - iPhone QA/Test-All-Platforms QA/Yes release-notes/exclude
Milestone
1.75.x - Beta

Comments

@Brandon-T
Copy link

Description

  • AlertPopupView can leak the continuation when WebKit cancels the requests or starts another request while the popup is displayed.

Steps to reproduce

  1. https://hackerone.com/reports/2909560

Actual result

  • Popup is shown on the wrong page

Expected result

  • Popup should show not show

Reproduces how often

Easily reproduced

Brave version

  • All

Device/iOS version

  • All

Affected browser versions

  • latest AppStore
  • latest TestFlight
  • previous TestFlight

Reproducibility

  • with Brave Shields disabled
  • in the latest version of mobile Safari

Miscellaneous information

No response
@Brandon-T Brandon-T added OS/iOS Fixes related to iOS browser functionality QA/Yes release-notes/exclude labels Dec 19, 2024
@Brandon-T Brandon-T self-assigned this Dec 19, 2024
@Brandon-T Brandon-T mentioned this issue Dec 19, 2024
Merged
24 tasks
@brave-builds brave-builds added this to the 1.75.x - Nightly milestone Dec 20, 2024
@hffvld hffvld added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Jan 6, 2025
@hffvld
Copy link
Contributor

hffvld commented Jan 6, 2025

Verified on iPhone 14 using version(s):

Device/OS: iPhone 14 / iOS 17.7.2
Brave build: 1.75 (148)
BraveCore: 1.75.148 (132.0.6834.57)

STEPS:

  1. Follow the STR/TP from https://hackerone.com/reports/2909560
  2. Verify

ACTUAL RESULTS:

  • Verified that the pop-up is not shown on the wrong page.
2025-01-06_15-39-55.mp4

@hffvld hffvld added QA Pass - iPhone and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Jan 6, 2025
@kjozwiak kjozwiak changed the title [iOS] - Fix continuation leak in AlertPopupView [Hackerone] - Fix continuation leak in AlertPopupView Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Brandon-T Brandon-T

Labels
OS/iOS Fixes related to iOS browser functionality QA Pass - iPhone QA/Test-All-Platforms QA/Yes release-notes/exclude
Projects
None yet
Milestone
1.75.x - Beta
Development

Successfully merging a pull request may close this issue.

[iOS] - Fix alert continuation leak when WebKit automatically cancels the request brave/brave-core
4 participants
@Brandon-T @kjozwiak @brave-builds @hffvld