Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[hackerone] Disable block element picker in private sessions #25858

Closed
diracdeltas opened this issue Oct 7, 2022 · 3 comments · Fixed by brave/brave-core#15444
Closed

[hackerone] Disable block element picker in private sessions #25858

diracdeltas opened this issue Oct 7, 2022 · 3 comments · Fixed by brave/brave-core#15444
Assignees
@antonok-edm
Labels
OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.46.x - Release

Comments

@diracdeltas
Copy link
Member

https://hackerone.com/reports/1726268

credit: xiaoyinl
@diracdeltas diracdeltas added security priority/P2 A bad problem. We might uplift this to the next planned release. QA/Yes release-notes/include OS/Desktop labels Oct 7, 2022
@antonok-edm antonok-edm mentioned this issue Oct 12, 2022
Merged
25 tasks
@diracdeltas diracdeltas changed the title [hackerone] Tor persistence issue [hackerone] Disable block element picker in private sessions Oct 12, 2022
@brave-builds brave-builds added this to the 1.46.x - Nightly milestone Oct 12, 2022
@MadhaviSeelam
Copy link

Verification PASSED using

Brave | 1.46.56 Chromium: 106.0.5249.119 (Official Build) nightly (64-bit)
-- | --
Revision | 9f2101830b56fd2ea1408287f6c74e253ebcb7c6-refs/branch-heads/5249@{#797}
OS | Windows 11 Version 21H2 (Build 22000.1098)
  • Install 1.46.56
  • launch Brave

Normal Window

  • open Normal window
  • visit a website (https://cnn.com)
  • right click to open context menu
  • click Brave-->Block element

Confirmed Block element is enabled and able to block page element

image

Private Window

  • open Private window
  • visit a website (https://cnn.com)
  • right click to open context menu
  • scroll down to Brave-->Block element

Confirmed Block element is disabled

image

Private window with TOR

  • open private window with TOR
  • visit a website (https://cnn.com)
  • right click to open context menu
  • scroll down to Brave-->Block element

Confirmed Block element is disabled

image

Guest window

  • open Guest window
  • visit a website (https://cnn.com)
  • right click to open context menu
  • scroll down to Brave-->Block element

Confirmed Block element is disabled

image

@stephendonner stephendonner added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Oct 24, 2022
@stephendonner
Copy link

Verified PASSED using

Brave 1.46.76 Chromium: 107.0.5304.62 (Official Build) beta (x86_64)
Revision 1eec40d3a5764881c92085aaee66d25075c159aa-refs/branch-heads/5304@{#942}
OS macOS Version 11.7 (Build 20G817)

Steps:

  1. installed 1.46.76
  2. launched Brave
  3. loaded cnn.com in each of the following window types: Normal, Private, Private w/Tor, and Guest
  4. context-clicked on the largest image

Confirmed Brave -> Block element is disabled in all window types except for Normal:

Normal window Private window Private w/Tor Guest window
Screen Shot 2022-10-24 at 12 25 25 PM Screen Shot 2022-10-24 at 12 26 34 PM Screen Shot 2022-10-24 at 12 27 48 PM Screen Shot 2022-10-24 at 12 28 21 PM

@stephendonner stephendonner added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Oct 24, 2022
@LaurenWags LaurenWags added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Nov 11, 2022
@LaurenWags
Copy link
Member

LaurenWags commented Nov 11, 2022
edited
Loading

Verified with

Brave	1.46.106 Chromium: 107.0.5304.110 (Official Build) beta (64-bit) 
Revision	2a558545ab7e6fb8177002bf44d4fc1717cb2998-refs/branch-heads/5304@{#1202}
OS	Linux

Steps:

  1. installed 1.46.106
  2. launched Brave
  3. loaded cnn.com in each of the following window types: Normal, Private, Private w/Tor, and Guest
  4. context-clicked on the largest image

Confirmed Brave -> Block element is disabled in all window types except for Normal:

Normal window Private window Private w/Tor Guest window
1 2 3 4

@LaurenWags LaurenWags added QA Pass-Linux and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Nov 11, 2022
@LaurenWags LaurenWags mentioned this issue Nov 30, 2022
Closed
@RaitoBezarius RaitoBezarius mentioned this issue Dec 3, 2022
Merged
13 tasks
@diracdeltas diracdeltas mentioned this issue Jan 27, 2025
Closed
@LaurenWags LaurenWags mentioned this issue Feb 5, 2025
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@antonok-edm antonok-edm

Labels
OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.46.x - Release
Development

Successfully merging a pull request may close this issue.

Disable block element picker in private sessions brave/brave-core
6 participants
@stephendonner @diracdeltas @antonok-edm @LaurenWags @brave-builds @MadhaviSeelam