Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hackerone] Disable block element picker in private sessions #25858

Closed
diracdeltas opened this issue Oct 7, 2022 · 3 comments · Fixed by brave/brave-core#15444
Closed

[hackerone] Disable block element picker in private sessions #25858

diracdeltas opened this issue Oct 7, 2022 · 3 comments · Fixed by brave/brave-core#15444
Assignees
@antonok-edm
Labels
OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.46.x - Release

Comments

@diracdeltas
Copy link
Member

https://hackerone.com/reports/1726268

credit: xiaoyinl
@diracdeltas diracdeltas added security priority/P2 A bad problem. We might uplift this to the next planned release. QA/Yes release-notes/include OS/Desktop labels Oct 7, 2022
@antonok-edm antonok-edm mentioned this issue Oct 12, 2022
Merged
25 tasks
@diracdeltas diracdeltas changed the title [hackerone] Tor persistence issue [hackerone] Disable block element picker in private sessions Oct 12, 2022
@brave-builds brave-builds added this to the 1.46.x - Nightly milestone Oct 12, 2022
@MadhaviSeelam
Copy link

Verification PASSED using

Brave | 1.46.56 Chromium: 106.0.5249.119 (Official Build) nightly (64-bit)
-- | --
Revision | 9f2101830b56fd2ea1408287f6c74e253ebcb7c6-refs/branch-heads/5249@{#797}
OS | Windows 11 Version 21H2 (Build 22000.1098)
  • Install 1.46.56
  • launch Brave

Normal Window

  • open Normal window
  • visit a website (https://cnn.com)
  • right click to open context menu
  • click Brave-->Block element

Confirmed Block element is enabled and able to block page element

image

Private Window

  • open Private window
  • visit a website (https://cnn.com)
  • right click to open context menu
  • scroll down to Brave-->Block element

Confirmed Block element is disabled

image

Private window with TOR

  • open private window with TOR
  • visit a website (https://cnn.com)
  • right click to open context menu
  • scroll down to Brave-->Block element

Confirmed Block element is disabled

image

Guest window

  • open Guest window
  • visit a website (https://cnn.com)
  • right click to open context menu
  • scroll down to Brave-->Block element

Confirmed Block element is disabled

image

@stephendonner stephendonner added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Oct 24, 2022
@stephendonner
Copy link

Verified PASSED using

Brave 1.46.76 Chromium: 107.0.5304.62 (Official Build) beta (x86_64)
Revision 1eec40d3a5764881c92085aaee66d25075c159aa-refs/branch-heads/5304@{#942}
OS macOS Version 11.7 (Build 20G817)

Steps:

  1. installed 1.46.76
  2. launched Brave
  3. loaded cnn.com in each of the following window types: Normal, Private, Private w/Tor, and Guest
  4. context-clicked on the largest image

Confirmed Brave -> Block element is disabled in all window types except for Normal:

Normal window Private window Private w/Tor Guest window
Screen Shot 2022-10-24 at 12 25 25 PM Screen Shot 2022-10-24 at 12 26 34 PM Screen Shot 2022-10-24 at 12 27 48 PM Screen Shot 2022-10-24 at 12 28 21 PM

@stephendonner stephendonner added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Oct 24, 2022
@LaurenWags LaurenWags added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Nov 11, 2022
@LaurenWags
Copy link
Member

LaurenWags commented Nov 11, 2022
edited
Loading

Verified with

Brave	1.46.106 Chromium: 107.0.5304.110 (Official Build) beta (64-bit) 
Revision	2a558545ab7e6fb8177002bf44d4fc1717cb2998-refs/branch-heads/5304@{#1202}
OS	Linux

Steps:

  1. installed 1.46.106
  2. launched Brave
  3. loaded cnn.com in each of the following window types: Normal, Private, Private w/Tor, and Guest
  4. context-clicked on the largest image

Confirmed Brave -> Block element is disabled in all window types except for Normal:

Normal window Private window Private w/Tor Guest window
1 2 3 4

@LaurenWags LaurenWags added QA Pass-Linux and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Nov 11, 2022
@LaurenWags LaurenWags mentioned this issue Nov 30, 2022
Closed
@RaitoBezarius RaitoBezarius mentioned this issue Dec 3, 2022
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@antonok-edm antonok-edm

Labels
OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.46.x - Release
Development

Successfully merging a pull request may close this issue.

Disable block element picker in private sessions brave/brave-core
6 participants
@stephendonner @diracdeltas @antonok-edm @LaurenWags @brave-builds @MadhaviSeelam