Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] shields not tracking blocked embedded scripts breaking Allow scripts once #20744

Closed
kjozwiak opened this issue Jan 27, 2022 · 1 comment · Fixed by brave/brave-core#12023
Closed

[Security] shields not tracking blocked embedded scripts breaking Allow scripts once #20744

kjozwiak opened this issue Jan 27, 2022 · 1 comment · Fixed by brave/brave-core#12023
Assignees
@goodov
Labels
bug feature/shields/!scripts Blocking JavaScript with Shields OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes regression release/blocking release-notes/include security
Milestone
1.35.x - Release

Comments

@kjozwiak
Copy link
Member

Description

As per the issue mentioned via brave/brave-core#11928 (comment), it looks like we're not keeping track of embedded scripts as per #20503 (comment). Blocking them works as expected but the Allow scripts once feature doesn't unblock the scripts due to us not tracking what was blocked.

Steps to Reproduce

  1. loaded https://www.blizzard.com/en-gb and enabled Scripts blocked
  2. once enabled, you'll notice that most of the website doesn't load (expected as scripts are being blocked)
  3. click on Allow scripts once and you'll notice that scripts have been allowed but the website still doesn't work/load
  4. disable Scripts blocked after you've clicked on Allow scripts once and notice that the website loads without any issues
  5. enable Scripts blocked once more and notice that scripts are being blocked but it's showing 0 blocked next to Scripts

Actual result:

151274293-fbf3e1db-b0cb-4ad2-be90-7e4a4c561bdf

Expected result:

The Allow scripts once feature should work as expected and Brave should be tracking which embedded scripts are being block so users can pick which exact scripts are being blocked via the Allow scripts once feature within shields.

Reproduces how often:

100% reproducible using the STR/Cases mentioned above.

Brave version (brave://version info)

Brave | 1.36.73 Chromium: 98.0.4758.66 (Official Build) nightly (64-bit)
-- | --
Revision | db1b4001d5ce29f141297f260d2b778e000b85a3-refs/branch-heads/4758@{#762}
OS | Windows 11 Version 21H2 (Build 22000.438)

Brave | 1.34.81 Chromium: 97.0.4692.99 (Official Build) (64-bit)
-- | --
Revision | d740da257583289dbebd2eb37e8668928fac5ead-refs/branch-heads/4692@{#1461}
OS | Windows 11 Version 21H2 (Build 22000.438)

Version/Channel Information:

  • Can you reproduce this issue with the current release? Yes
  • Can you reproduce this issue with the beta channel? Yes
  • Can you reproduce this issue with the nightly channel? Yes

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields? N/A (issue is related to shields)
  • Does the issue resolve itself when disabling Brave Rewards? N/A
  • Is the issue reproducible on the latest version of Chrome? N/A

Miscellaneous Information:

CCing @goodov @rebron @bsclifton @brave/legacy_qa
This was referenced Jan 27, 2022
Closed
Merged
Merged
@kjozwiak kjozwiak added this to the 1.35.x - Release milestone Jan 27, 2022
This was referenced Jan 28, 2022
Merged
Merged
@LaurenWags LaurenWags changed the title shields not tracking blocked embedded scripts breaking Allow scripts once [Security] shields not tracking blocked embedded scripts breaking Allow scripts once Jan 31, 2022
@stephendonner
Copy link

stephendonner commented Jan 31, 2022
edited
Loading

Verified PASSED using

Brave 1.35.98 Chromium: 98.0.4758.74 (Official Build) (x86_64)
Revision d0fe1ec4df090cd3eb02b591228505e12ea476e9-refs/branch-heads/4758@{#935}
OS macOS Version 11.6.1 (Build 20G224)

Steps:

  1. new profile
  2. loaded www.blizzard.com and enabled Scripts blocked
  3. clicked on Allow scripts once and confirmed the page loaded
  4. clicked on it again, and confirmed the rest of the page loaded
example example example
Screen Shot 2022-01-31 at 10 14 51 AM Screen Shot 2022-01-31 at 10 15 06 AM Screen Shot 2022-01-31 at 10 15 10 AM

Verification passed on

Brave 1.35.98 Chromium: 98.0.4758.74 (Official Build) (64-bit)
Revision d0fe1ec4df090cd3eb02b591228505e12ea476e9-refs/branch-heads/4758@{#935}
OS Ubuntu 18.04 LTS

Verified Allow script once unblocks the scripts

image
image
image
image

Verified PASSED using

Brave 1.35.98 Chromium: 98.0.4758.74 (Official Build) (64-bit)
Revision d0fe1ec4df090cd3eb02b591228505e12ea476e9-refs/branch-heads/4758@{#935}
OS Windows 10 Version 20H2 (Build 19042.1466)
example example example
scripts-blocked-1 scripts-blocked-2 scripts-blocked-3

@kjozwiak kjozwiak mentioned this issue Feb 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@goodov goodov

Labels
bug feature/shields/!scripts Blocking JavaScript with Shields OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes regression release/blocking release-notes/include security
Projects
None yet
Milestone
1.35.x - Release
Development

Successfully merging a pull request may close this issue.

Fix Allow Scripts Once logic for embedded scripts and iframes. brave/brave-core
5 participants
@stephendonner @kjozwiak @goodov @LaurenWags @btlechowski