brave-core icon indicating copy to clipboard operation
brave-core copied to clipboard

Published 20 hours ago verified publisher icon brave

Sanitize chrome:// pages in serialized navigations

Open spylogsster opened this issue 2 years ago • 1 comments

Resolves https://github.com/brave/brave-browser/issues/24625

Session restore service periodically saves PageState to disc even on chrome pages. Added sanitizing for all chrome:// pages to prevent leaks of data inside session restore files

Submitter Checklist:

  • [x] I confirm that no security/privacy review is needed, or that I have requested one
  • [x] There is a ticket for my issue
  • [x] Used Github auto-closing keywords in the PR description above
  • [x] Wrote a good PR/commit description
  • [x] Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • [x] Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • [x] Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • [x] Ran git rebase master (if needed)

Reviewer Checklist:

  • [ ] A security review is not needed, or a link to one is included in the PR description
  • [ ] New files have MPL-2.0 license header
  • [ ] Adequate test coverage exists to prevent regressions
  • [ ] Major classes, functions and non-trivial code blocks are well-commented
  • [ ] Changes in component dependencies are properly reflected in gn
  • [ ] Code follows the style guide
  • [ ] Test plan is specified in PR before merging

After-merge Checklist:

  • [ ] The associated issue milestone is set to the smallest version that the changes has landed on
  • [ ] All relevant documentation has been updated, for instance:
    • [ ] https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
    • [ ] https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
    • [ ] https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
    • [ ] https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
    • [ ] https://github.com/brave/brave-browser/wiki/Custom-Headers
    • [ ] https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
    • [ ] https://github.com/brave/brave-browser/wiki/QA-Guide
    • [ ] https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

  • Steps from issue

spylogsster avatar Aug 12 '22 14:08 spylogsster

I'd like to limit this to clearing text fields/areas to avoid unintended side effects of clearing the entire serialized page state

We can go two routes with limiting this issue:

  1. Limiting to just any custom new internal URLs we added (likely brave://wallet*, brave://settings/braveSync*)
  2. Not serializing/deserializing just the input data and not the rest of the browser state, as discussed with @bridiver

Personally I'd rather go route (2)

thypon avatar Aug 15 '22 21:08 thypon

gtg

thypon avatar Aug 18 '22 15:08 thypon

Verification passed on

Brave 1.45.5 Chromium: 105.0.5195.52 (Official Build) nightly (64-bit)
Revision 412c95e518836d8a7d97250d62b29c2ae6a26a85-refs/branch-heads/5195@{#853}
OS Windows 11 Version 21H2 (Build 22000.856)
  • Verified steps from issue description
  • Verified sessions file doesn't contain anything about textarea/input image

srirambv avatar Sep 01 '22 07:09 srirambv