Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Hackerone] - Fix continuation leak in AlertPopupView #42986

Closed
3 of 5 tasks
Brandon-T opened this issue Dec 19, 2024 · 2 comments · Fixed by brave/brave-core#27069
Closed
3 of 5 tasks

[Hackerone] - Fix continuation leak in AlertPopupView #42986

Brandon-T opened this issue Dec 19, 2024 · 2 comments · Fixed by brave/brave-core#27069
Assignees
@Brandon-T
Labels
OS/iOS Fixes related to iOS browser functionality QA Pass - iPad QA Pass - iPhone QA/Test-All-Platforms QA/Yes release-notes/include
Milestone
1.75.x - Release

Comments

@Brandon-T
Copy link

Description

  • AlertPopupView can leak the continuation when WebKit cancels the requests or starts another request while the popup is displayed.

Steps to reproduce

  1. https://hackerone.com/reports/2909560

Actual result

  • Popup is shown on the wrong page

Expected result

  • Popup should show not show

Reproduces how often

Easily reproduced

Brave version

  • All

Device/iOS version

  • All

Affected browser versions

  • latest AppStore
  • latest TestFlight
  • previous TestFlight

Reproducibility

  • with Brave Shields disabled
  • in the latest version of mobile Safari

Miscellaneous information

No response
@Brandon-T Brandon-T added OS/iOS Fixes related to iOS browser functionality QA/Yes release-notes/exclude labels Dec 19, 2024
@Brandon-T Brandon-T self-assigned this Dec 19, 2024
@Brandon-T Brandon-T mentioned this issue Dec 19, 2024
Merged
24 tasks
@brave-builds brave-builds added this to the 1.75.x - Nightly milestone Dec 20, 2024
@hffvld hffvld added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Jan 6, 2025
@hffvld
Copy link
Contributor

hffvld commented Jan 6, 2025

Verified on iPhone 14 using version(s):

Device/OS: iPhone 14 / iOS 17.7.2
Brave build: 1.75 (148)
BraveCore: 1.75.148 (132.0.6834.57)

STEPS:

  1. Follow the STR/TP from https://hackerone.com/reports/2909560
  2. Verify

ACTUAL RESULTS:

  • Verified that the pop-up is not shown on the wrong page.
2025-01-06_15-39-55.mp4

@hffvld hffvld added QA Pass - iPhone and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Jan 6, 2025
@kjozwiak kjozwiak changed the title [iOS] - Fix continuation leak in AlertPopupView [Hackerone] - Fix continuation leak in AlertPopupView Jan 17, 2025
@hffvld hffvld added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Jan 22, 2025
@hffvld
Copy link
Contributor

hffvld commented Jan 22, 2025

Verified on iPad Mini (6th gen) using version(s):

Device/OS: iPad Mini (6th gen) / iPadOS 18.2.1
Brave build: 1.75 (164)
BraveCore: 1.75.164 (132.0.6834.83)

STEPS:

  1. Follow the STR/TP from https://hackerone.com/reports/2909560
  2. Verify

ACTUAL RESULTS:

  • Verified that the pop-up is not shown on the wrong page.
2025-01-22_15-49-56.mp4

@hffvld hffvld added QA Pass - iPad and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Jan 22, 2025
@kjozwiak kjozwiak mentioned this issue Feb 11, 2025
Closed
7 tasks
@Uni-verse Uni-verse mentioned this issue Feb 13, 2025
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@Brandon-T Brandon-T

Labels
OS/iOS Fixes related to iOS browser functionality QA Pass - iPad QA Pass - iPhone QA/Test-All-Platforms QA/Yes release-notes/include
Projects
None yet
Milestone
1.75.x - Release
Development

Successfully merging a pull request may close this issue.

[iOS] - Fix alert continuation leak when WebKit automatically cancels the request brave/brave-core
5 participants
@Brandon-T @kjozwiak @Uni-verse @brave-builds @hffvld