search

brave / brave-ios

Brave iOS Browser
https://brave.com
Mozilla Public License 2.0
1.7k stars 440 forks source link

Don't navigate to `javascript://` URLs from the omnibox #8453

Closed stoletheminerals closed 12 months ago

stoletheminerals commented 12 months ago

Description:

It seems that something was changed recently that enabled omnibox navigations to javascript:// URLs. It should be reverted.

Steps to Reproduce

  1. Go to any webpage
  2. Type javascript:alert(123) in the url bar
    1. Press enter

Actual result:

An alert is displayed

Expected result:

Nothing happens

Reproduces how often: [Easily reproduced, Intermittent Issue]

Brave Version:

Device details:

Website problems only:

Additional Information

diracdeltas commented 12 months ago

nice find. @brave/ios is there some kind of automated or QA test that can be added to make sure it doesn't regress again?

soner-yuksel commented 12 months ago

nice find. @brave/ios is there some kind of automated or QA test that can be added to make sure it doesn't regress again?

@kjozwiak can we add this small test case to manual passes ?

Sorry this was caused by me while refactoring visit type state inside the browser. @stoletheminerals I tagged you in the PR and thanks for the catch.

Uni-verse commented 11 months ago

Verified on iPhone 12 running iOS 17.1.1 using version 1.60 (23.11.24.16)

https://github.com/brave/brave-ios/assets/17885425/66eb74c9-fa54-4bcb-ab1c-82b96a89af98

kjozwiak commented 11 months ago

nice find. @brave/ios is there some kind of automated or QA test that can be added to make sure it doesn't regress again?

@kjozwiak can we add this small test case to manual passes ?

Sorry this was caused by me while refactoring visit type state inside the browser. @stoletheminerals I tagged you in the PR and thanks for the catch.

@soner-yuksel @diracdeltas we'll add a quick check/test into our manual passes. Created https://github.com/brave/qa-resources/issues/565 so we don't forget.