-
Notifications
You must be signed in to change notification settings - Fork 893
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added sanitizer step for api helper #12685
Conversation
219a586
to
e549ee1
Compare
7b75bb6
to
9e11646
Compare
eb6806a
to
adc643f
Compare
d3b0cc2
to
8dfa692
Compare
93d1ba5
to
c1411d9
Compare
c1411d9
to
822133f
Compare
0a6b9ab
to
21ad38a
Compare
17708e0
to
6af6d2e
Compare
Deferring my review to @emerick as he led all the client-side implementation of adaptive captcha. |
54de0ad
to
0e8834b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM re: adaptive captcha
78da5b3
to
0c100a0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM (cc @emerick)
0c100a0
to
cda598d
Compare
Just noting this broke Brave News which uses this helper to download the image from the brave news private cdn. We'll fix that by stopping it use api request helper for that request. |
maybe sanitize by response content-type? |
Resolves brave/brave-browser#21831
Added
JsonSanitizer
toApiRequestHelper
to validate server responses. It sanitizes and normalizes JSON by parsing it in a safe environment and re-serializing it. Parsing the sanitized JSON should result in a value identical to parsing the original JSON.For those cases where we expect data that cannot be correctly processed by the
JsonSanitizer
andbase/json
parser, a preprocessing callback for the response text was added to convert the necessary values into strings by using safe parsers.Example can be seen in this test.
Mandatory updates in unittests:
data_decoder::test::InProcessDataDecoder in_process_data_decoder_;
is required to be created for tests that useJsonSanitizer
JsonSerializer
removes spaces, some testing payloads have been fixed due to the requirement.Submitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
,npm run lint
,npm run gn_check
,npm run tslint
git rebase master
(if needed)Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on
Test Plan:
APIRequestHelper
is used inBraveWallet
,BraveAdaptiveCaptcha
,BraveToday
, need to check that these components work as expected