Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize chrome:// page state for serialized navigation entries #24625

Closed
spylogsster opened this issue Aug 12, 2022 · 2 comments · Fixed by brave/brave-core#14603
Closed

Sanitize chrome:// page state for serialized navigation entries #24625

spylogsster opened this issue Aug 12, 2022 · 2 comments · Fixed by brave/brave-core#14603
Assignees
@spylogsster
Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop priority/P4 Planned work. We expect to get to it "soon". privacy/feature User-facing privacy- & security-focused feature work. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.44.x - Release

Comments

@spylogsster
Copy link

spylogsster commented Aug 12, 2022
edited
Loading

Created from #22538 because the autocomplete=off doesnt work for textareas so we have decided to create a new one just to fix session restore payload for all chrome:// pages

Test Plan

  • Open brave://wallet
  • Open devtools console and execute next command document.write('<textarea width="500" height="300">ASDFSAFASDFSA</textarea>')
  • Close the browser and go to User Data/Default/Sessions in profile folder
  • Execute cat Session... for all Sessions files inside that folders
  • Output should not show infromation about textarea
  • Repeat same for input control
@spylogsster spylogsster changed the title Do not save session restore content of non-password text fields for chrome:// pages Sanitize chrome:// pages for serialized navigation entries Aug 12, 2022
@spylogsster spylogsster changed the title Sanitize chrome:// pages for serialized navigation entries Sanitize chrome:// page state for serialized navigation entries Aug 12, 2022
@spylogsster spylogsster self-assigned this Aug 12, 2022
@spylogsster spylogsster added this to the 1.44.x - Nightly milestone Aug 12, 2022
This was referenced Aug 12, 2022
Merged
Closed
@spylogsster spylogsster added security privacy/feature User-facing privacy- & security-focused feature work. labels Aug 12, 2022
@rebron rebron added the priority/P4 Planned work. We expect to get to it "soon". label Aug 12, 2022
@brave-builds brave-builds mentioned this issue Aug 24, 2022
Merged
7 tasks
@kjozwiak
Copy link
Member

kjozwiak commented Sep 1, 2022

The above will require 1.44.72 or higher for 1.42.x verification 👍

@LaurenWags LaurenWags added the feature/web3/wallet Integrating Ethereum+ wallet support label Sep 6, 2022
@srirambv
Copy link
Contributor

Verification passed on

Brave 1.44.95 Chromium: 106.0.5249.40 (Official Build) (64-bit)
Revision fab1d91915d2722d6339aaa7f4e9ce44f1e9b103-refs/branch-heads/5249@{#442}
OS Linux
  • Verified steps from issue description
  • Verified sessions file doesn't contain anything about textarea/input
    image

Verification passed on

Brave 1.44.95 Chromium: 106.0.5249.40 (Official Build) (64-bit)
Revision fab1d91915d2722d6339aaa7f4e9ce44f1e9b103-refs/branch-heads/5249@{#442}
OS Windows 11 Version 21H2 (Build 22000.978)
  • Verified steps from issue description
  • Verified sessions file doesn't contain anything about textarea/input
    image

Verification passed on

Brave 1.44.95 Chromium: 106.0.5249.40 (Official Build) (arm64)
Revision fab1d91915d2722d6339aaa7f4e9ce44f1e9b103-refs/branch-heads/5249@{#442}
OS macOS Version 12.4 (Build 21F79)
  • Verified steps from issue description
  • Verified sessions file doesn't contain anything about textarea/input
    image

@kjozwiak kjozwiak mentioned this issue Sep 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spylogsster spylogsster

Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop priority/P4 Planned work. We expect to get to it "soon". privacy/feature User-facing privacy- & security-focused feature work. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.44.x - Release
Development

Successfully merging a pull request may close this issue.

Sanitize chrome:// pages in serialized navigations brave/brave-core
7 participants
@kjozwiak @spylogsster @bsclifton @rebron @srirambv @LaurenWags @brave-builds