Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Commit

Permalink
disable webusb API
Browse files Browse the repository at this point in the history
fix #13374

Test Plan:
automated tests for content loading should pass
  • Loading branch information
diracdeltas committed Mar 2, 2018
1 parent ab32f5e commit 7570fcb
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 0 deletions.
15 changes: 15 additions & 0 deletions app/extensions/brave/content/scripts/navigator.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,21 @@ chrome.webFrame.setGlobal("navigator.getBattery", function () {
return new Promise((resolve, reject) => { reject(new Error('navigator.getBattery not supported.')) })
})

// bluetooth is not currently supported anyway, but disable it just in case
chrome.webFrame.setGlobal("navigator.bluetooth.requestDevice", function () {
return new Promise((resolve, reject) => { reject(new Error('navigator.bluetooth not supported.')) })
})

// disable webusb due to
// https://www.wired.com/story/chrome-yubikey-phishing-webusb/
chrome.webFrame.setGlobal("navigator.usb.getDevices", function () {
return new Promise((resolve, reject) => { resolve([]) })
})
chrome.webFrame.setGlobal("navigator.usb.requestDevice", function () {
return new Promise((resolve, reject) => { reject(new Error('navigator.usb not supported.')) })
})


if (chrome.contentSettings.doNotTrack == 'allow') {
executeScript("window.Navigator.prototype.__defineGetter__('doNotTrack', () => { return 1 })")
}
Expand Down
19 changes: 19 additions & 0 deletions test/contents/contentLoadingTest.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,23 @@ describe('content loading', function () {
.windowByUrl(Brave.browserWindowUrl)
.waitForTextValue('[data-test-id="tabTitle"]', 'fail')
})

it('does not support bluetooth API', function * () {
const page1 = Brave.fixtureUrl('navigator.html')
yield this.app.client
.tabByIndex(0)
.url(page1)
.click('#button')
.waitForTextValue('#bluetooth', 'Error: navigator.bluetooth not supported.')
})

it('does not support webusb API', function * () {
const page1 = Brave.fixtureUrl('navigator.html')
yield this.app.client
.tabByIndex(0)
.url(page1)
.click('#button2')
.waitForTextValue('#webusb', 'Error: navigator.usb not supported.')
.waitForTextValue('#devices', '0')
})
})
30 changes: 30 additions & 0 deletions test/fixtures/navigator.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<html>
<button id='button'>bluetooth</button>
<button id='button2'>webusb</button>
<div id='bluetooth'>
testing...
</div>
<div id='webusb'>
testing...
</div>
<div id='devices'>
testing...
</div>
<script>
button.onclick = () => {
navigator.bluetooth.requestDevice({acceptAllDevices: true}).catch((err) => {
bluetooth.innerText = err
})
}
button2.onclick = () => {
navigator.usb.getDevices().then((dev) => {
devices.innerText = dev.length
}).catch((err) => {
devices.innerText = err
})
navigator.usb.requestDevice({filters: []}).catch((err) => {
webusb.innerText = err
})
}
</script>
</html>

0 comments on commit 7570fcb

Please sign in to comment.