diracdeltas
commented
4 years ago this should be really easy to fix, just run with the --disable-databases flag by default
Open diracdeltas opened 4 years ago
diracdeltas
commented
4 years ago this should be really easy to fix, just run with the --disable-databases flag by default
bsclifton
commented
4 years ago Commit still exists in 1.6; but is reverted from Nightly (1.7) with https://github.com/brave/brave-core/pull/4842
jumde
commented
4 years ago Reverted because this api is used by extensions. @pes10k - do you have any tooling to check how many chrome extensions are using this api. Instead of disabling websql completely may be we just restrict it to extensions only
bsclifton
commented
4 years ago If we do disable again, we should update https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove) - I couldn't find an entry for this there
websql was disabled in browser-laptop as a quick fix for the original Magellan vulnerability: https://github.com/brave/browser-laptop/issues/15337
recently Chrome fixed magellan 2.0: https://www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/
we should consider disabling websql entirely since it's not supported by Firefox or Safari: https://caniuse.com/#feat=sql-storage
test plan:
window.openDatabaseshould be undefined