[hackerone] validate wayback URL before navigating

[diracdeltas]

see https://bravesoftware.slack.com/archives/C6R461GF4/p1692466879103279?thread_ts=1692442338.103219&cid=C6R461GF4 for details

reported at https://hackerone.com/reports/2117246 and https://hackerone.com/reports/2113111 by xiaoyinl

STR:

1. Launch and load brave.com/bo
2. Check wayback infobar is loaded
3. By using proxy tool such as (Proxyman or fiddler), modify response for https://brave-api.archive.org/wayback/available?url=https://brave.com/bo/.

   {
   "url": "https://brave.com/bo/",
   "archived_snapshots": {
   "closest": {
     "status": "200",
     "available": true,
     "url": "javascript:alert()",
     "timestamp": "20150906092942"
   }
   }
   }

4. Check infobar says Sorry, there is no saved version available.

Note: As it's platform independent, checking on one platform would be sufficient.

[kjozwiak]

The above requires 1.57.57 or higher for 1.57.x verification 👍

[LaurenWags]

Verified with

Brave   1.57.57 Chromium: 116.0.5845.163 (Official Build) (arm64) 
Revision    d85db1f5df3b20ffecf96ab3f0dc7fca1d536955
OS  macOS Version 13.5.1 (Build 22G90)

Using the STR/Cases outlined via https://github.com/brave/brave-browser/issues/32395#issue-1857816394, ensured that Sorry, there is no saved version available. was being displayed when visiting https://brave.com/bo/ and clicking on Check for saved versions via the Wayback Machine as per the following:

• using Fiddler, created a new rule to change the JSON response for https://brave-api.archive.org/wayback/available?url=https://brave.com/bo/ to the JSON that's mentioned via https://github.com/brave/brave-browser/issues/32395#issue-1857816394
• enabled the Fiddler rule and visited https://brave.com/bo/
• ensured that clicking Check for saved versions displayed Sorry, there is no saved version available. via the banner

Example	Example	Example	Example

---

Verification PASSED on

Brave | 1.57.57 Chromium: 116.0.5845.163 (Official Build) (64-bit)
-- | --
Revision | d85db1f5df3b20ffecf96ab3f0dc7fca1d536955
OS | Windows 11 Version 22H2 (Build 22621.2134)

Using the STR/Cases outlined via https://github.com/brave/brave-browser/issues/32395#issue-1857816394, ensured that Sorry, there is no saved version available. was being displayed when visiting https://brave.com/bo/ and clicking on Check for saved versions via the Wayback Machine as per the following:

• using Fiddler, created a new rule to change the JSON response for https://brave-api.archive.org/wayback/available?url=https://brave.com/bo/ to the JSON that's mentioned via https://github.com/brave/brave-browser/issues/32395#issue-1857816394
• enabled the Fiddler rule and visited https://brave.com/bo/
• ensured that clicking Check for saved versions displayed Sorry, there is no saved version available. via the banner

Example	Example	Example	Example