Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[iOS] [hackerone] Drag and Drop issue #36092

Closed
soner-yuksel opened this issue Feb 14, 2024 · 2 comments · Fixed by brave/brave-core#22244
Closed

[iOS] [hackerone] Drag and Drop issue #36092

soner-yuksel opened this issue Feb 14, 2024 · 2 comments · Fixed by brave/brave-core#22244
Assignees
@Brandon-T
Labels
OS/iOS Fixes related to iOS browser functionality priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass - iPhone QA/Yes release-notes/exclude security
Milestone
1.65.x - Release

Comments

@soner-yuksel
Copy link

https://hackerone.com/reports/2369954

Reference: brave/brave-ios#8764
@soner-yuksel soner-yuksel added the OS/iOS Fixes related to iOS browser functionality label Feb 14, 2024
@soner-yuksel soner-yuksel added this to the 1.63.x - Release milestone Feb 14, 2024
@soner-yuksel soner-yuksel mentioned this issue Feb 14, 2024
Closed
@soner-yuksel soner-yuksel changed the title [hackerone] Drag and Drop issue [iOS] [hackerone] Drag and Drop issue Feb 14, 2024
@soner-yuksel soner-yuksel added priority/P2 A bad problem. We might uplift this to the next planned release. security labels Feb 20, 2024
@Brandon-T Brandon-T mentioned this issue Feb 21, 2024
Merged
24 tasks
@kjozwiak
Copy link
Member

Removing from the 1.63.x milestone. Once the above has been fixed, it will land in master and then will need to be uplifted into 1.63.x. Once it lands in master (which is 1.65.x at this time), the issue will automatically close/move into the 1.65.x milestone. It will then be moved to the appropriate milestone when uplifted.

@kjozwiak kjozwiak removed this from the 1.63.x - Release milestone Feb 22, 2024
@soner-yuksel soner-yuksel mentioned this issue Feb 28, 2024
Closed
4 tasks
@brave-builds brave-builds added this to the 1.65.x - Nightly milestone Mar 5, 2024
@hffvld
Copy link
Contributor

hffvld commented Mar 29, 2024

Verified on iPhone 14 using version(s):

Device/OS: iPhone 14 / iOS 17.4.1
Brave build: 1.65 (96)
BraveCore: 1.65.96 (123.0.6312.86)

STEPS:

  1. Launch Brave
  2. Go to https://csrf.jp/2024/brave-jsurl.php
  3. Drag and drop the URL into the URL search bar > Verify

ACTUAL RESULTS:

  • Verified that javascript: and javascript:// URLs are both blocked

Reproed with 1.63.1

2024-03-29_10-41-02.mp4

Verified with 1.65 (96)

2024-03-29_10-44-41.mp4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Brandon-T Brandon-T

Labels
OS/iOS Fixes related to iOS browser functionality priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass - iPhone QA/Yes release-notes/exclude security
Projects
None yet
Milestone
1.65.x - Release
Development

Successfully merging a pull request may close this issue.

Fix #36092: Fix Javascript URL navigation on iOS brave/brave-core
5 participants
@Brandon-T @kjozwiak @soner-yuksel @brave-builds @hffvld