Merge pull request #1196 from brave/prevent_brave_scheme_loading_from_js

Prevent loading brave scheme url from javascript

browser/resources/settings/brave_sync_page/brave_sync_page.html

@@ -12,7 +12,7 @@
     </style>
     <div class="settings-box">
       <div class="start">
-        $i18n{braveSyncLabel} <a href="brave://sync" target="_blank">brave://sync</a>
+        $i18n{braveSyncLabel} <a href="chrome://sync" target="_blank">brave://sync</a>
       </div>
     </div>
   </template>

chromium_src/chrome/browser/profiles/profile_io_data.cc

@@ -1,3 +1,8 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
 #include "brave/browser/net/brave_profile_network_delegate.h"
+#include "brave/common/url_constants.h"
 
 #include "../../../../../../chrome/browser/profiles/profile_io_data.cc"

chromium_src/content/public/common/url_constants.cc

@@ -0,0 +1,10 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "../../../../../content/public/common/url_constants.cc"
+
+namespace content {
+const char kBraveUIScheme[] = "brave";
+}
+

chromium_src/content/public/common/url_constants.h

@@ -0,0 +1,10 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "../../../../../content/public/common/url_constants.h"
+
+namespace content {
+CONTENT_EXPORT extern const char kBraveUIScheme[];
+}
+

components/brave_welcome_ui/components/app.tsx

@@ -63,15 +63,15 @@ export class WelcomePage extends React.Component<Props, State> {
   }
 
   onClickConfirmDefaultSearchEngine = () => {
-    this.props.actions.goToTabRequested('brave://settings/search', '_blank')
+    this.props.actions.goToTabRequested('chrome://settings/search', '_blank')
   }
 
   onClickChooseYourTheme = () => {
-    this.props.actions.goToTabRequested('brave://settings/appearance', '_blank')
+    this.props.actions.goToTabRequested('chrome://settings/appearance', '_blank')
   }
 
   onClickRewardsGetStarted = () => {
-    this.props.actions.goToTabRequested('brave://rewards', '_blank')
+    this.props.actions.goToTabRequested('chrome://rewards', '_blank')
   }
 
   onClickSlideBullet = (nextScreen: number) => {
@@ -83,11 +83,11 @@ export class WelcomePage extends React.Component<Props, State> {
   }
 
   onClickDone = () => {
-    this.props.actions.goToTabRequested('brave://newtab', '_self')
+    this.props.actions.goToTabRequested('chrome://newtab', '_self')
   }
 
   onClickSkip = () => {
-    this.props.actions.goToTabRequested('brave://newtab', '_self')
+    this.props.actions.goToTabRequested('chrome://newtab', '_self')
   }
 
   render () {

patches/chrome-browser-profiles-profile_io_data.cc.patch

@@ -1,5 +1,5 @@
 diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
-index 5664ba395badcea25fdbb33a274b522747b7b2cf..d3f5e852b0d0ff5909da6cc0760e51142115d7bc 100644
+index 5664ba395badcea25fdbb33a274b522747b7b2cf..b14d6e5150c2bab6c15acaf164cd4b4ad139122c 100644
 --- a/chrome/browser/profiles/profile_io_data.cc
 +++ b/chrome/browser/profiles/profile_io_data.cc
 @@ -25,6 +25,7 @@
@@ -10,7 +10,17 @@ index 5664ba395badcea25fdbb33a274b522747b7b2cf..d3f5e852b0d0ff5909da6cc0760e5114
  #include "build/build_config.h"
  #include "chrome/browser/browser_process.h"
  #include "chrome/browser/chrome_notification_types.h"
-@@ -966,7 +967,7 @@ void ProfileIOData::Init(
+@@ -657,6 +658,9 @@ bool ProfileIOData::IsHandledProtocol(const std::string& scheme) {
+     extensions::kExtensionScheme,
+ #endif
+     content::kChromeUIScheme,
++#if defined(BRAVE_CHROMIUM_BUILD)
++    kBraveUIScheme,
++#endif
+     url::kDataScheme,
+ #if defined(OS_CHROMEOS)
+     content::kExternalFileScheme,
+@@ -966,7 +970,7 @@ void ProfileIOData::Init(
          std::make_unique<network::URLRequestContextBuilderMojo>();
 
      std::unique_ptr<ChromeNetworkDelegate> chrome_network_delegate(

patches/content-browser-child_process_security_policy_impl.cc.patch

@@ -0,0 +1,14 @@
+diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
+index 65abcbd4bb87a0a3e9661c97e8fd38556ee19f8b..06adc3f5b231e863d7a2ceaa43a227ac5c046ed3 100644
+--- a/content/browser/child_process_security_policy_impl.cc
++++ b/content/browser/child_process_security_policy_impl.cc
+@@ -691,6 +691,9 @@ void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id,
+
+   // Web UI bindings need the ability to request chrome: URLs.
+   state->second->GrantRequestScheme(kChromeUIScheme);
++#if defined(BRAVE_CHROMIUM_BUILD)
++  state->second->GrantRequestScheme(kBraveUIScheme);
++#endif
+
+   // Web UI pages can contain links to file:// URLs.
+   state->second->GrantRequestScheme(url::kFileScheme);

patches/content-renderer-render_thread_impl.cc.patch

@@ -0,0 +1,19 @@
+diff --git a/content/renderer/render_thread_impl.cc b/content/renderer/render_thread_impl.cc
+index 68682fd876dd8a07d2548e32a0ce453ca41a339b..4fb31f452139df4043fc0b8816b2a2bd42fcc27b 100644
+--- a/content/renderer/render_thread_impl.cc
++++ b/content/renderer/render_thread_impl.cc
+@@ -1246,6 +1246,14 @@ void RenderThreadImpl::InitializeWebKit(
+ }
+
+ void RenderThreadImpl::RegisterSchemes() {
++#if defined(BRAVE_CHROMIUM_BUILD)
++  // brave:
++  WebString brave_scheme(WebString::FromASCII(kBraveUIScheme));
++  WebSecurityPolicy::RegisterURLSchemeAsDisplayIsolated(brave_scheme);
++  WebSecurityPolicy::RegisterURLSchemeAsNotAllowingJavascriptURLs(
++      brave_scheme);
++#endif
++
+   // chrome:
+   WebString chrome_scheme(WebString::FromASCII(kChromeUIScheme));
+   WebSecurityPolicy::RegisterURLSchemeAsDisplayIsolated(chrome_scheme);