Merge pull request #8410 from brave/fix/8403

fix various noscript issues

app/renderer/components/navigation/urlBar.js

@@ -58,7 +58,6 @@ class UrlBar extends React.Component {
         this.urlInput.setSelectionRange(len, len + suffixLen)
       }
     }, 10)
-    this.onNoScript = this.onNoScript.bind(this)
   }
 
   // restores the url bar to the current location
@@ -413,7 +412,7 @@ class UrlBar extends React.Component {
   }
 
   onNoScript () {
-    windowActions.setNoScriptVisible(!this.props.noScriptIsVisible)
+    windowActions.setNoScriptVisible()
   }
 
   onContextMenu (e) {
@@ -556,12 +555,12 @@ class UrlBar extends React.Component {
       {
         !this.showNoScriptInfo
         ? null
-        : <span className={css(styles.noScriptContainer)}>
-          <button
+        : <span className={css(styles.noScriptContainer)}
+          onClick={this.onNoScript}>
+          <span
             data-l10n-id='noScriptButton'
             data-test-id='noScriptButton'
-            className={css(styles.noScriptButton)}
-            onClick={this.onNoScript} />
+            className={css(styles.noScriptButton)} />
         </span>
       }
       {
@@ -580,8 +579,8 @@ class UrlBar extends React.Component {
 const styles = StyleSheet.create({
   noScriptContainer: {
     display: 'flex',
-    paddingLeft: '5px',
-    marginRight: '-3px',
+    padding: '5px',
+    marginRight: '-8px',
     WebkitAppRegion: 'drag'
   },
   noScriptButton: {

docs/state.md

@@ -474,7 +474,6 @@ WindowStore
     security: {
       blockedRunInsecureContent: Array<string>, // sources of blocked active mixed content
       isSecure: (boolean|number), // true = fully secure, false = fully insecure, 1 = partially secure
-      isExtendedValidation: boolean, // is using https ev. not currently used.
       loginRequiredDetail: {
         isProxy: boolean,
         host: string,

docs/windowActions.md

@@ -683,25 +683,13 @@ Similar to setBlockedBy but for httpse redirects
 
 
 
-### setNoScript(frameProps, source) 
-
-Sets which scripts were blocked on a page.
-
-**Parameters**
-
-**frameProps**: `Object`, The frame to set blocked info on
-
-**source**: `string`, Source of blocked js
-
-
-
 ### setNoScriptVisible(isVisible) 
 
-Sets whether the noscript icon is visible.
+Sets/toggles whether the noscriptinfo dialog is visible.
 
 **Parameters**
 
-**isVisible**: `boolean`, Sets whether the noscript icon is visible.
+**isVisible**: `boolean`, if undefined, toggle the current state
 
 
 

js/actions/windowActions.js

@@ -806,21 +806,8 @@ const windowActions = {
   },
 
   /**
-   * Sets which scripts were blocked on a page.
-   * @param {Object} frameProps - The frame to set blocked info on
-   * @param {string} source - Source of blocked js
-   */
-  setNoScript: function (frameProps, source) {
-    dispatch({
-      actionType: windowConstants.WINDOW_SET_NOSCRIPT,
-      frameProps,
-      source
-    })
-  },
-
-  /**
-   * Sets whether the noscript icon is visible.
-   * @param {boolean} isVisible
+   * Sets/toggles whether the noscriptinfo dialog is visible.
+   * @param {boolean=} isVisible - if undefined, toggle the current state
    */
   setNoScriptVisible: function (isVisible) {
     dispatch({

js/components/frame.js

@@ -667,13 +667,14 @@ class Frame extends ImmutableComponent {
         return
       }
       if (e.isMainFrame && !e.isErrorPage && !e.isFrameSrcDoc) {
+        if (e.url && e.url.startsWith(appConfig.noScript.twitterRedirectUrl) &&
+          this.getFrameBraverySettings(this.props).get('noScript') === true) {
+          // This result will be canceled immediately by sitehacks, so don't
+          // update the load state; otherwise it will not show the security
+          // icon.
+          return
+        }
         windowActions.onWebviewLoadStart(this.frame, e.url)
-        // Clear security state
-        windowActions.setBlockedRunInsecureContent(this.frame)
-        windowActions.setSecurityState(this.frame, {
-          secure: null,
-          runInsecureContent: false
-        })
       }
     }
 

js/constants/appConfig.js

@@ -40,7 +40,8 @@ module.exports = {
     enabled: false
   },
   noScript: {
-    enabled: false
+    enabled: false,
+    twitterRedirectUrl: 'https://mobile.twitter.com/i/nojs_router'
   },
   flash: {
     enabled: false,

js/data/siteHacks.js

@@ -4,6 +4,7 @@
 
 const urlParse = require('../../app/common/urlParse')
 const base64Encode = require('../lib/base64').encode
+const appConfig = require('../constants/appConfig')
 
 // Polyfill similar to this: https://github.com/gorhill/uBlock/blob/de1ed89f62bf041416d2a721ec00741667bf3fa8/assets/ublock/resources.txt#L385
 const googleTagManagerRedirect = 'data:application/javascript;base64,' + base64Encode(`(function() { var noopfn = function() { ; }; window.ga = window.ga || noopfn; })();`)
@@ -119,7 +120,7 @@ module.exports.siteHacks = {
     onBeforeSendHeaders: function(details) {
       if (details.requestHeaders.Referer &&
         details.requestHeaders.Referer.startsWith('https://twitter.com/') &&
-        details.url.startsWith('https://mobile.twitter.com/')) {
+        details.url.startsWith(appConfig.noScript.twitterRedirectUrl)) {
         return {
           cancel: true
         }

js/state/frameStateUtil.js

@@ -143,7 +143,7 @@ function getFrameByKey (windowState, key) {
 
 function isFrameSecure (frame) {
   frame = makeImmutable(frame)
-  if (frame && frame.getIn(['security', 'isSecure']) != null) {
+  if (frame && typeof frame.getIn(['security', 'isSecure']) === 'boolean') {
     return frame.getIn(['security', 'isSecure'])
   } else {
     return false
@@ -487,8 +487,7 @@ function addFrame (windowState, tabs, frameOpts, newKey, partitionNumber, active
       caseSensitivity: false
     },
     security: {
-      isSecure: urlParse(url).protocol === 'https:',
-      certDetails: null
+      isSecure: null
     },
     unloaded: frameOpts.unloaded,
     parentFrameKey,

js/stores/windowStore.js

@@ -308,22 +308,33 @@ const doAction = (action) => {
       })
       break
     case windowConstants.WINDOW_WEBVIEW_LOAD_START:
-      windowState = windowState.mergeIn(['frames', frameStateUtil.getFramePropsIndex(frameStateUtil.getFrames(windowState), action.frameProps)], {
-        loading: true,
-        provisionalLocation: action.location,
-        startLoadTime: new Date().getTime(),
-        endLoadTime: null
-      })
-      windowState = windowState.mergeIn(['tabs', frameStateUtil.getFramePropsIndex(frameStateUtil.getFrames(windowState), action.frameProps)], {
-        loading: true,
-        provisionalLocation: action.location
-      })
-      // For about:newtab we want to have the urlbar focused, not the new frame.
-      // Otherwise we want to focus the new tab when it is a new frame in the foreground.
-      if (action.location !== getTargetAboutUrl('about:newtab')) {
-        focusWebview(activeFrameStatePath(windowState))
+      {
+        const framePath = ['frames', frameStateUtil.getFramePropsIndex(frameStateUtil.getFrames(windowState), action.frameProps)]
+        // Reset security state
+        windowState =
+          windowState.deleteIn(framePath.concat(['security', 'blockedRunInsecureContent']))
+        windowState = windowState.mergeIn(framePath.concat(['security']), {
+          isSecure: null,
+          runInsecureContent: false
+        })
+        // Update loading UI
+        windowState = windowState.mergeIn(framePath, {
+          loading: true,
+          provisionalLocation: action.location,
+          startLoadTime: new Date().getTime(),
+          endLoadTime: null
+        })
+        windowState = windowState.mergeIn(['tabs'].concat(framePath), {
+          loading: true,
+          provisionalLocation: action.location
+        })
+        // For about:newtab we want to have the urlbar focused, not the new frame.
+        // Otherwise we want to focus the new tab when it is a new frame in the foreground.
+        if (action.location !== getTargetAboutUrl('about:newtab')) {
+          focusWebview(activeFrameStatePath(windowState))
+        }
+        break
       }
-      break
     case windowConstants.WINDOW_WEBVIEW_LOAD_END:
       windowState = windowState.mergeIn(['frames', frameStateUtil.getFramePropsIndex(frameStateUtil.getFrames(windowState), action.frameProps)], {
         loading: false,
@@ -512,7 +523,9 @@ const doAction = (action) => {
       windowState = windowState.setIn(['ui', 'mouseInTitlebar'], action.mouseInTitlebar)
       break
     case windowConstants.WINDOW_SET_NOSCRIPT_VISIBLE:
-      windowState = windowState.setIn(['ui', 'noScriptInfo', 'isVisible'], action.isVisible)
+      const noScriptInfoPath = ['ui', 'noScriptInfo', 'isVisible']
+      windowState = windowState.setIn(noScriptInfoPath,
+        typeof action.isVisible === 'boolean' ? action.isVisible : !windowState.getIn(noScriptInfoPath))
       break
     case windowConstants.WINDOW_SET_SITE_INFO_VISIBLE:
       windowState = windowState.setIn(['ui', 'siteInfo', 'isVisible'], action.isVisible)
@@ -598,10 +611,6 @@ const doAction = (action) => {
         windowState = windowState.setIn(path.concat(['security', 'runInsecureContent']),
                                         action.securityState.runInsecureContent)
       }
-      if (action.securityState.certDetails) {
-        windowState = windowState.setIn(path.concat(['security', 'certDetails']),
-                                        action.securityState.certDetails)
-      }
       break
     case windowConstants.WINDOW_SET_BLOCKED_BY:
       const blockedByPath = ['frames', frameStateUtil.getFramePropsIndex(frameStateUtil.getFrames(windowState), action.frameProps), action.blockType, 'blocked']