-
Notifications
You must be signed in to change notification settings - Fork 893
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent brave wallet providers from being generated in third party iframe #13268
Conversation
@@ -45,6 +45,10 @@ void BraveWalletRenderFrameObserver::DidCreateScriptContext( | |||
js_ethereum_provider_.reset(); | |||
return; | |||
} | |||
// Wallet provider objects won't be generated for third party iframe | |||
if (!render_frame()->IsMainFrame() && !render_frame()->GetMainRenderFrame()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably better to use render_frame()->GetWebFrame()->IsCrossOriginToMainFrame()
to check if it's 3rd party iframe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That sounds better, fixed and force-pushed
542851a
to
75f935c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thx for doing this
Prevent brave wallet providers from being generated in third party iframe
Verification passed on
|
Resolves brave/brave-browser#22686
window.ethereum
andwindow.solana
will be unavailable in 3rd party iframeSubmitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
,npm run lint
,npm run gn_check
,npm run tslint
git rebase master
(if needed)Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on
Test Plan:
Same party test
id="test"
to iframe element and clickRun
iframe
result in console like this5. Type these in console
Third party test
id="test"
to iframe element and change src to https://metamask.github.io/test-dapp/ and clickRun
iframe
result in console like this5. Type these in console