Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

fix some favicon leaks #14654

Merged
merged 2 commits into from
Jul 5, 2018
Merged

fix some favicon leaks #14654

merged 2 commits into from
Jul 5, 2018

Conversation

diracdeltas
Copy link
Member

fix #14653
fix #14641

test plan:

  1. open browser console and inspect the urlbar icon
  2. hit any search shortcut, ex: ':g' for google
  3. notice that the favicon for the search engine is loaded as a local resource instead of as a 'http(s)://' URL
  4. open tor tab
  5. browse to a few sites in the tor tab
  6. long-click the back button. no favicons should appear.
  7. go back a few sites, then repeat step 6 with the forward button.

@diracdeltas
load favicons locally in search bar
659ba92 
Test Plan:
1. open browser console and inspect the urlbar icon
2. hit any search shortcut, ex: ':g' for google
3. notice that the favicon for the search engine is loaded as a local
   resource instead of as a 'http(s)://' URL
@diracdeltas
disable favicons in back/forward menus in tor tabs
f33ad9a
@diracdeltas diracdeltas self-assigned this Jul 4, 2018
@diracdeltas diracdeltas requested a review from petemill July 4, 2018 00:16
diracdeltas
diracdeltas commented Jul 5, 2018
View reviewed changes
js/data/searchProviders.js
* Returns path of a favicon resource
*/
const getPath = (name, ext = 'ico') => {
return path.join(__dirname, '..', '..', 'img', 'favicons', `${name}.${ext}`)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

verified this works on packaged builds as well as in dev

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@diracdeltas does it not work just to use the same localImage property which calls getFaviconUrl?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@petemill it doesn't work because you can't load chrome-extension:// URLs in a cross-origin context unless they're whitelisted in web_accessible_resources, but we'd rather not whitelist them for privacy reasons

petemill
petemill approved these changes Jul 5, 2018
View reviewed changes
Copy link
Member

@petemill petemill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works nicely, nice the way it is, but left some comments and very optional change idea.

app/renderer/components/common/contextMenu/contextMenuItem.js
@@ -179,7 +179,7 @@ class ContextMenuItem extends ImmutableComponent {
width: iconSize
}

const icon = this.props.contextMenuItem.get('icon')
const icon = !this.props.isTor && this.props.contextMenuItem.get('icon')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small nitpick here that IMO it would be preferrable to have the prop be more semantic, e.g. shouldDisplayIcon

js/data/searchProviders.js
* Returns path of a favicon resource
*/
const getPath = (name, ext = 'ico') => {
return path.join(__dirname, '..', '..', 'img', 'favicons', `${name}.${ext}`)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@diracdeltas does it not work just to use the same localImage property which calls getFaviconUrl?

@diracdeltas diracdeltas merged commit 3f8feb2 into master Jul 5, 2018
diracdeltas added a commit that referenced this pull request Jul 5, 2018
@diracdeltas
Merge pull request #14654 from brave/fix/tor-favicons
a0e52ed 
fix some favicon leaks
diracdeltas added a commit that referenced this pull request Jul 5, 2018
@diracdeltas
Merge pull request #14654 from brave/fix/tor-favicons
c59de37 
fix some favicon leaks
@diracdeltas
Copy link
Member Author

master: 3f8feb2
0.24.x: a0e52ed
0.23.x: c59de37

@diracdeltas diracdeltas deleted the fix/tor-favicons branch July 5, 2018 21:45
@diracdeltas diracdeltas mentioned this pull request Jul 13, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@petemill petemill petemill approved these changes

Assignees

@diracdeltas diracdeltas

Labels
None yet
Projects
None yet
Milestone
0.23.x Release 3 (Release Channel)
Development

Successfully merging this pull request may close these issues.

search icon in URLbar should be a local resource [hackerone] favicon issue
2 participants
@diracdeltas @petemill