[ads] Confirmations should not be sent if the wildcard is in a forbidden part of the URL #38683
Labels
feature/ads
OS/Android
Fixes related to Android browser functionality
OS/Desktop
OS/iOS
Fixes related to iOS browser functionality
priority/P2
A bad problem. We might uplift this to the next planned release.
QA/Yes
release-notes/exclude
security
Projects
Milestone
Description
See https://bravesoftware.slack.com/archives/CJR5902AW/p1717002819317479?thread_ts=1716931296.694229&cid=CJR5902AW for details. If the view/click/landing/conversion URLs for any ad contains a wildcard, we must validate that the wildcard is in either the URL's path or a subdomain before sending a confirmation event. Wildcards in the "base domain" (eTLD+1) part of the URL are invalid and should not trigger any kind of reporting.
The text was updated successfully, but these errors were encountered: