Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update adblock-rust to v0.8.12 #25015

Merged
merged 1 commit into from
Aug 12, 2024
Merged

Update adblock-rust to v0.8.12 #25015

merged 1 commit into from
Aug 12, 2024

Conversation

antonok-edm
Copy link
Collaborator

@antonok-edm antonok-edm commented Aug 7, 2024

Resolves brave/brave-browser#40177

Includes:
v0.8.12 - escape quotes in selector tag names during CSS canonicalization

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

Notes:

  • OK to skip testing on Android (no access to devtools console)
  • Make sure not to perform any part of this test within the first or last 5 minutes of any hour, as the normal adblock list component update process may interfere with the results.

Instructions:

  1. Launch Brave
  2. Visit brave://settings/shields/filters and press Update lists
  3. Close Brave
  4. Locate the default adblock list within Brave's profile directory. The path should look like <profile-directory>/iodkpdagapdfkphljnddpjlldadblomo/1.0.7299/list.txt (perhaps with a higher version number)
  5. Add the following rules as new lines anywhere in the file, and save it:
##html[lang] > body#body > head\" > div.cv-xwrapper > div.cvc > div.cv-inner
##html[lang] > body#body > head\" > div.cvh.BlockClicksActivityBusy
  1. Relaunch Brave
  2. Visit https://bravesoftware.com and enter credentials from 1Password under Brave.com Staging/Previews
  3. Open the devtools console
  4. There should not be any messages about Uncaught DOMException: Failed to execute 'insertRule' on 'CSSStyleSheet'

@antonok-edm antonok-edm self-assigned this Aug 7, 2024
@antonok-edm antonok-edm requested review from a team and bridiver as code owners August 7, 2024 04:01
@github-actions github-actions bot added the CI/run-audit-deps Check for known npm/cargo vulnerabilities (audit_deps) label Aug 7, 2024
Copy link
Contributor

github-actions bot commented Aug 7, 2024

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "password" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

@antonok-edm antonok-edm merged commit b4e2782 into master Aug 12, 2024
22 checks passed
@antonok-edm antonok-edm deleted the adblock-rust-0.8.12 branch August 12, 2024 17:09
@github-actions github-actions bot added this to the 1.70.x - Nightly milestone Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CI/run-audit-deps Check for known npm/cargo vulnerabilities (audit_deps) needs-security-review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Shields should be robust against invalid CSS in stylesheet injections
4 participants