New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

block access to fingerprinting methods pulled from child frames issue #11683 #11708

Merged
merged 1 commit into from Oct 31, 2017

Conversation

Projects
None yet
6 participants
@snyderp
Contributor

snyderp commented Oct 27, 2017

@diracdeltas

This PR fixes #11683. The fix is a little funky, since it requires injecting JS into child pages (the chrome.webFrame.setGlobal method wont work here, since we need to call to Object.definePropery) but it should be good.

Added a blocking access to fingerprinting methods on iframe.contentWindow test to test that things are actually getting blocked

@codecov-io

This comment has been minimized.

Show comment
Hide comment
@codecov-io

codecov-io Oct 30, 2017

Codecov Report

Merging #11708 into master will decrease coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #11708      +/-   ##
==========================================
- Coverage   52.01%   51.98%   -0.04%     
==========================================
  Files         269      269              
  Lines       25534    25534              
  Branches     4069     4069              
==========================================
- Hits        13282    13273       -9     
- Misses      12252    12261       +9
Flag Coverage Δ
#unittest 51.98% <ø> (-0.04%) ⬇️
Impacted Files Coverage Δ
js/stores/appStoreRenderer.js 91.17% <0%> (-8.83%) ⬇️
app/renderer/components/reduxComponent.js 84.37% <0%> (-6.25%) ⬇️
js/stores/windowStore.js 27.27% <0%> (-0.31%) ⬇️

codecov-io commented Oct 30, 2017

Codecov Report

Merging #11708 into master will decrease coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #11708      +/-   ##
==========================================
- Coverage   52.01%   51.98%   -0.04%     
==========================================
  Files         269      269              
  Lines       25534    25534              
  Branches     4069     4069              
==========================================
- Hits        13282    13273       -9     
- Misses      12252    12261       +9
Flag Coverage Δ
#unittest 51.98% <ø> (-0.04%) ⬇️
Impacted Files Coverage Δ
js/stores/appStoreRenderer.js 91.17% <0%> (-8.83%) ⬇️
app/renderer/components/reduxComponent.js 84.37% <0%> (-6.25%) ⬇️
js/stores/windowStore.js 27.27% <0%> (-0.31%) ⬇️
@snyderp

This comment has been minimized.

Show comment
Hide comment
@snyderp

snyderp Oct 30, 2017

Contributor

@diracdeltas fixed the white space issue (and removed the semicolons, I know you all don't use them), and re-squashed. I think this should be good, as far as I know

Contributor

snyderp commented Oct 30, 2017

@diracdeltas fixed the white space issue (and removed the semicolons, I know you all don't use them), and re-squashed. I think this should be good, as far as I know

@bbondy bbondy merged commit d1b6b52 into brave:master Oct 31, 2017

1 of 3 checks passed

codecov/project 51.98% (-0.04%) compared to 41a0523
Details
continuous-integration/travis-ci/pr The Travis CI build failed
Details
codecov/patch Coverage not affected when comparing 41a0523...5c62739
Details

bbondy added a commit that referenced this pull request Oct 31, 2017

Merge pull request #11708 from snyderp/11683-block-iframe-content-window
block access to fingerprinting methods pulled from child frames issue #11683

bbondy added a commit that referenced this pull request Oct 31, 2017

Merge pull request #11708 from snyderp/11683-block-iframe-content-window
block access to fingerprinting methods pulled from child frames issue #11683

bbondy added a commit that referenced this pull request Oct 31, 2017

Merge pull request #11708 from snyderp/11683-block-iframe-content-window
block access to fingerprinting methods pulled from child frames issue #11683
@bbondy

This comment has been minimized.

Show comment
Hide comment
@bbondy

bbondy Oct 31, 2017

Member

master: d1b6b52
0.21.x: 1b5a5c1
0.20.x: 50c2b8d
0.19.x: bd39b78

Member

bbondy commented Oct 31, 2017

master: d1b6b52
0.21.x: 1b5a5c1
0.20.x: 50c2b8d
0.19.x: bd39b78

@bbondy

This comment has been minimized.

Show comment
Hide comment
@bbondy

bbondy Nov 2, 2017

Member

Sorry but I had to revert this because of #11751
Please do a new pull request for this when that one is addressed. I moved it into 0.19.x hotfix 4.

Member

bbondy commented Nov 2, 2017

Sorry but I had to revert this because of #11751
Please do a new pull request for this when that one is addressed. I moved it into 0.19.x hotfix 4.

@snyderp

This comment has been minimized.

Show comment
Hide comment
@snyderp

snyderp Nov 2, 2017

Contributor
Contributor

snyderp commented Nov 2, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment