Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Fix #5859: Fix Security Tokens issue #5869

Merged
merged 1 commit into from
Aug 16, 2022
Merged

Fix #5859: Fix Security Tokens issue #5869

merged 1 commit into from
Aug 16, 2022

Conversation

Brandon-T
Copy link
Collaborator

@Brandon-T Brandon-T commented Aug 15, 2022
edited by iccub
Loading

Security Review

Summary of Changes

  • Refactor BraveSearch & BraveTalk to use WebKit's promises API, and to use the messageToken properly.
  • Refactor scripts attaching to window to be anonymous if they can be.
  • Refactor all public facing APIs to not use tokens directly, and to call a function to post messages (this function being embedded in an anonymous function, or not page facing).

This pull request fixes #5859

Submitter Checklist:

  • Unit Tests are updated to cover new or changed functionality
  • User-facing strings use NSLocalizableString()
  • New or updated UI has been tested across:
    • Light & dark mode
    • Different size classes (iPhone, landscape, iPad)
    • Different dynamic type sizes

Reviewer Checklist:

  • Issues include necessary QA labels:
    • QA/(Yes|No)
    • bug / enhancement
  • Necessary security reviews have taken place.
  • Adequate unit test coverage exists to prevent regressions.
  • Adequate test plan exists for QA to validate (if applicable).
  • Issue and pull request is assigned to a milestone (should happen at merge time).

@Brandon-T Brandon-T added this to the 1.42 milestone Aug 15, 2022
@Brandon-T Brandon-T self-assigned this Aug 15, 2022
@Brandon-T Brandon-T changed the title Fix #5859: Fix overriding of window properties Fix #5859: Fix Security Tokens issue Aug 15, 2022
thypon
thypon approved these changes Aug 15, 2022
View reviewed changes
Copy link
Member

@thypon thypon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pending dynamic test

@iccub iccub merged commit b4d1040 into development Aug 16, 2022
@iccub iccub deleted the bugfix/PropertyOverriding branch August 16, 2022 14:13
iccub pushed a commit that referenced this pull request Aug 16, 2022
@Brandon-T @iccub
Fix #5859: Fix Security Tokens issue (#5869)
7935e4d 
Refactor scripts for security reasons
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stoletheminerals stoletheminerals stoletheminerals approved these changes

@iccub iccub iccub approved these changes

@thypon thypon thypon approved these changes

@kylehickinson kylehickinson Awaiting requested review from kylehickinson

@cuba cuba Awaiting requested review from cuba

@nuo-xu nuo-xu Awaiting requested review from nuo-xu

@StephenHeaps StephenHeaps Awaiting requested review from StephenHeaps

@soner-yuksel soner-yuksel Awaiting requested review from soner-yuksel

Assignees

@Brandon-T Brandon-T

Labels
needs security review security
Projects
None yet
Milestone
1.42
Development

Successfully merging this pull request may close these issues.

[hackerone] security tokens issue
4 participants
@Brandon-T @thypon @iccub @stoletheminerals