Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to display arbitrary error modal messages in Rewards flows (in brave://rewards) #20637

Open
Miyayes opened this issue Jan 23, 2022 · 4 comments
Open

Add ability to display arbitrary error modal messages in Rewards flows (in brave://rewards) #20637

Miyayes opened this issue Jan 23, 2022 · 4 comments
Assignees
@Miyayes
Labels
feature/rewards OS/Android Fixes related to Android browser functionality OS/Desktop priority/P4 Planned work. We expect to get to it "soon". QA/Yes suggestion
Projects
Brave Rewards

Comments

@Miyayes
Copy link
Contributor

Miyayes commented Jan 23, 2022

Description

When a certain error code # comes back from the server, parse the body of the response and display whatever arbitrary error message is responded by the server. The goal is to allow us to show certain error messaging on the fly, and not only show error messages that are hardcoded into the browser code.
@Miyayes Miyayes added suggestion feature/rewards OS/Android Fixes related to Android browser functionality OS/Desktop labels Jan 23, 2022
@Miyayes Miyayes added this to New Issues in Brave Rewards via automation Jan 23, 2022
@Miyayes Miyayes changed the title Add ability to display arbitrary error modal messages in Rewards authorization flow Add ability to display arbitrary error modal messages in Rewards flows Jan 23, 2022
@Miyayes Miyayes changed the title Add ability to display arbitrary error modal messages in Rewards flows Add ability to display arbitrary error modal messages in Rewards flows (in brave://rewards) Jan 23, 2022
@zenparsing zenparsing added the priority/P5 Not scheduled. Don't anticipate work on this any time soon. label Jan 26, 2022
@zenparsing zenparsing moved this from New Issues to Backlog in Brave Rewards Jan 26, 2022
@Miyayes
Copy link
Contributor Author

Miyayes commented Jan 26, 2022

@fmarier Not high priority, but thoughts on the passing of arbitrary data.

@fmarier
Copy link
Member

fmarier commented Jan 26, 2022

passing of arbitrary data.

passing or parsing?

Which server are we talking about? Brave's or Uphold/Gemini/Bitflyer?

@Miyayes Miyayes added QA/Yes priority/P3 The next thing for us to work on. It'll ride the trains. and removed priority/P5 Not scheduled. Don't anticipate work on this any time soon. labels Jan 28, 2022
@Miyayes Miyayes mentioned this issue Feb 3, 2022
Open
@Miyayes
Copy link
Contributor Author

Miyayes commented Feb 3, 2022

cc: @fmarier, could I get your views on how to implement this in a secure way?

@fmarier
Copy link
Member

fmarier commented Feb 4, 2022

I confirmed with Chris that the messages would be coming from a Brave server, not from a third-party.

To be extra-safe, I would suggest:

  • The server should never pass through a message or error it gets from another server (e.g. passing through an error message from Uphold). Instead, it should parsing the error from the third-party server and produce its own Brave-controlled message without using text from the third-party server.
  • The client should treat the error text as potentially hostile and strip out any HTML tags it contains.

@Miyayes Miyayes added priority/P4 Planned work. We expect to get to it "soon". and removed priority/P3 The next thing for us to work on. It'll ride the trains. labels Apr 20, 2023
@Miyayes Miyayes self-assigned this Apr 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Miyayes Miyayes

Labels
feature/rewards OS/Android Fixes related to Android browser functionality OS/Desktop priority/P4 Planned work. We expect to get to it "soon". QA/Yes suggestion
Projects
Brave Rewards
  
Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fmarier @zenparsing @Miyayes