-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shields should be robust against invalid CSS in stylesheet injections #40177
Shields should be robust against invalid CSS in stylesheet injections #40177
Comments
see also #40151 (comment) |
Verified with
Verified test plan from brave/brave-core#25015.
|
@brave/qa-team use the test plan under brave/brave-core#25015 for verifying this issue 👍🏻 |
Verification PASSED on
Verified test plan from brave/brave-core#25015.
|
This issue also affects |
Verification PASSED on
Verified test plan from brave/brave-core#25015.
|
Verified on
STEPS:
ACTUAL RESULTS:
|
A recent change to uBO filter lists resulted in the following two cosmetic filters being shipped out to Brave users:
Users who received those rules faced some issues with cosmetic filtering, due to errors thrown by Brave's injected content script. The issue was ultimately resolved by a serverside patch to remove the problematic rules.
An error was shown in the console for affected users:
That error ultimately traces to this
insertRule
call. It turns out that invalid CSS injected here can abort the rest of the injections.We should add a
try
/catch
block around the injection to improve robustness against invalid data.The text was updated successfully, but these errors were encountered: