brave-core icon indicating copy to clipboard operation
brave-core copied to clipboard

Published 20 hours ago verified publisher icon brave

[WIP] fix: load remote images in untrusted iframe

Open josheleonard opened this issue 2 years ago • 7 comments

Resolves https://github.com/brave/brave-browser/issues/24527

Submitter Checklist:

  • [ ] I confirm that no security/privacy review is needed, or that I have requested one
  • [x] There is a ticket for my issue
  • [x] Used Github auto-closing keywords in the PR description above
  • [x] Wrote a good PR/commit description
  • [x] Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • [x] Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • [ ] Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • [ ] Ran git rebase master (if needed)

Reviewer Checklist:

  • [ ] A security review is not needed, or a link to one is included in the PR description
  • [ ] New files have MPL-2.0 license header
  • [ ] Adequate test coverage exists to prevent regressions
  • [ ] Major classes, functions and non-trivial code blocks are well-commented
  • [ ] Changes in component dependencies are properly reflected in gn
  • [ ] Code follows the style guide
  • [ ] Test plan is specified in PR before merging

After-merge Checklist:

  • [ ] The associated issue milestone is set to the smallest version that the changes has landed on
  • [ ] All relevant documentation has been updated, for instance:
    • [ ] https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
    • [ ] https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
    • [ ] https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
    • [ ] https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
    • [ ] https://github.com/brave/brave-browser/wiki/Custom-Headers
    • [ ] https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
    • [ ] https://github.com/brave/brave-browser/wiki/QA-Guide
    • [ ] https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

josheleonard avatar Aug 08 '22 17:08 josheleonard

A Storybook has been deployed to preview UI for the latest push

brave-builds avatar Aug 08 '22 18:08 brave-builds

A Storybook has been deployed to preview UI for the latest push

brave-builds avatar Aug 11 '22 16:08 brave-builds

A Storybook has been deployed to preview UI for the latest push

brave-builds avatar Aug 11 '22 17:08 brave-builds

A Storybook has been deployed to preview UI for the latest push

brave-builds avatar Aug 12 '22 00:08 brave-builds

thanks, looks like my concerns have been addressed. will let @kdenhartog approve this on behalf of sec team.

diracdeltas avatar Aug 16 '22 20:08 diracdeltas

A Storybook has been deployed to preview UI for the latest push

brave-builds avatar Oct 03 '22 18:10 brave-builds

A Storybook has been deployed to preview UI for the latest push

brave-builds avatar Oct 05 '22 20:10 brave-builds

Closing. Loading numerous iFrames had a noticeable performance impact

josheleonard avatar Mar 14 '23 15:03 josheleonard