Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[hackerone] show eTLD+1 prominently in wallet #21787

Closed
diracdeltas opened this issue Mar 21, 2022 · 3 comments · Fixed by brave/brave-core#12701
Closed

[hackerone] show eTLD+1 prominently in wallet #21787

diracdeltas opened this issue Mar 21, 2022 · 3 comments · Fixed by brave/brave-core#12701

Comments

@diracdeltas
Copy link
Member

https://hackerone.com/reports/1514823

see thread here: https://bravesoftware.slack.com/archives/C023VS4HJ6Q/p1647647313657369

@diracdeltas diracdeltas added security feature/web3/wallet Integrating Ethereum+ wallet support OS/Android Fixes related to Android browser functionality OS/Desktop labels Mar 21, 2022
@darkdh darkdh added this to Web3 Mar 21, 2022
@diracdeltas
Copy link
Member Author

expected behavior:

  1. wallet permissions panel(s) should show the full hostname of the site wrapped, not clipped
  2. the eTLD+1 of the hostname should be in bold

@srirambv
Copy link
Contributor

Brave 1.39.96 Chromium: 101.0.4951.54 (Official Build) beta (64-bit)
Revision 67da1aeb32cedd27634ca6634fb79cbd85d3f0ab-refs/branch-heads/4951@{#1126}
OS ☑️ Linux ☑️ Windows 11 Version Dev
(Build 22616.1)
☑️ macOS Version 12.0.1
(Build 21C52)
  • Verified steps from brave/brave-core#12701
  • Verified eTLD+1 is shown in bold on panel while transacting with a Dapp

@srirambv
Copy link
Contributor

Removing Android label as Android specific issue is logged #22802

@srirambv srirambv removed the OS/Android Fixes related to Android browser functionality label May 12, 2022
avinassh pushed a commit to avinassh/brave-browser-hardening that referenced this issue May 29, 2022
 - Added Solana support for account creation, sending SOL and sending SPL tokens with Brave Wallet. ([#22348](brave/brave-browser#22348))
 - Added the ability to buy with Ramp using Brave Wallet. ([#21639](brave/brave-browser#21639))
 - Added JSONSanitizer to API helper requests for Brave Wallet. ([#21831](brave/brave-browser#21831))
 - Added Dapp UI for requesting a public key and for decrypting ciphers using Brave Wallet. ([#21177](brave/brave-browser#21177))
 - Added web3_clientVersion support for Brave Wallet. ([#19278](brave/brave-browser#19278))
 - Added the ability to allow users to search sites for RSS feeds for Brave News. ([#21768](brave/brave-browser#21768))
 - Added support for blob partitioning. ([#21746](brave/brave-browser#21746))
 - Added minimum macOS version for Sparkle update process. ([#22918](brave/brave-browser#22918))
 - [Security] Blocked "window.ethereum" completely in third party iframes. ([#22686](brave/brave-browser#22686))
 - [Security] Updated Brave Wallet panel to prominently display eTLD+1 as reported on HackerOne by renekroka. ([#21787](brave/brave-browser#21787))
 - [Security] Fixed incorrect origin being displayed in Brave Wallet when a spend approval is pending. ([#19557](brave/brave-browser#19557))
 - Implemented eth_getEncryptionPublicKey for Brave Wallet. ([#19276](brave/brave-browser#19276))
 - Implemented account discovery when restoring Brave Wallet. ([#18104](brave/brave-browser#18104))
 - Updated Omaha installer version for Windows to v1.3.36.113. ([#22060](brave/brave-browser#22060))
 - Updated default IPFS configuration values. ([#22068](brave/brave-browser#22068))
 - Updated Gas Limit validation and error messaging for unapproved transactions with Brave Wallet. ([#21714](brave/brave-browser#21714))
 - Updated Brave Wallet to automatically add swap taker asset to the visible asset list. ([#21428](brave/brave-browser#21428))
 - Updated Brave Wallet portfolio network filter for multichain support. ([#20780](brave/brave-browser#20780))
 - Reduced adblock filter memory usage by optimizing unused regex rules. ([#21970](brave/brave-browser#21970))
 - Removed known Dialog Insight user tracking parameters from URLs. ([#22082](brave/brave-browser#22082))
 - Removed ability to swap ERC721 tokens with Brave Wallet. ([#21550](brave/brave-browser#21550))
 - Fixed crash which occurred when opening Brave Shields while using Google Meet. ([#22814](brave/brave-browser#22814))
 - Fixed inability to rename Solana account in Brave Wallet after it has been created. ([#22958](brave/brave-browser#22958))
 - Fixed incorrectly computed insufficient funds errors in Brave Wallet. ([#22877](brave/brave-browser#22877))
 - Fixed ERC20 and ERC721 transfers being incorrectly displayed as ETH transfers in the Brave Wallet transactions panel. ([#22044](brave/brave-browser#22044))
 - Fixed text alignment issues under the Brave Wallet "Recent transactions" panel when using long account names. ([#21216](brave/brave-browser#21216))
 - Fixed breakage in webpack build caused by OpenSSL 3.0. ([#22305](brave/brave-browser#22305))
 - Fixed two windows being opened on launch when the browser was installed without administrator privileges on Windows. ([#22179](brave/brave-browser#22179))
 - Upgraded Chromium to 102.0.5005.61. ([#22923](brave/brave-browser#22923)) ([Changelog for 102.0.5005.61](https://chromium.googlesource.com/chromium/src/+log/101.0.4951.67..102.0.5005.61?pretty=fuller&n=1000))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

4 participants