Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(18194): fix trigger to close window when clicking "back to safety" #84

Merged
merged 4 commits into from
Mar 30, 2023
Merged

fix(18194): fix trigger to close window when clicking "back to safety" #84

merged 4 commits into from
Mar 30, 2023

Conversation

DDDDDanica
Copy link
Contributor

@DDDDDanica DDDDDanica commented Mar 20, 2023
edited
Loading

Fixes: https://app.zenhub.com/workspaces/extension-client-team-63529dce65cbb100265a3842/issues/gh/metamask/metamask-extension/18194

Before:

  • [user visits blocked page] -> [window.location.href = "warning page URL" in contentScript] -> [warning page] -> [user clicks "Back to safety"] -> [ window.close() ] -> not working in Firefox

Trials:

  • [user visits blocked page] -> [ location.href = "warning page URL" ] -> [warning page] -> [user clicks "Back to safety"] -> [window.open('location', '_self', '');window.close();] -> not working for Firefox

  • [user visits blocked page] -> [window.location.replace("warning page URL") ] -> [warning page] -> [user clicks "Back to safety"] -> [window.close() ] -> not working for Firefox

  • [user visits blocked page] -> [window.location.hrer("warning page URL") ] -> [warning page] -> [user clicks "Back to safety"] -> [open a new blank page] -> [document.visibilitystate === hidden, detect user has left previous warning page] -> [window.close() inactive page] -> not working for Firefox

Temporary solution:

  • [user visits blocked page] -> [ location.href = "warning page URL" ] -> [warning page] -> [user clicks "Back to safety"] -> [ location.replace("about:blank") ] -> page stays open on blank tab, works for both browsers

Proposed by @danjm :
- [user visits blocked page] -> [ location.href = "warning page URL" ] -> [warning page] -> [user clicks "Back to safety"] -> [ location.replace(MM extension expanded view)] -> page stays open on a specific route, works for both browsers

After:

phishing.mov

@DDDDDanica DDDDDanica requested a review from a team as a code owner March 20, 2023 19:21
@DDDDDanica DDDDDanica mentioned this pull request Mar 20, 2023
Closed
@DDDDDanica DDDDDanica self-assigned this Mar 20, 2023
@DDDDDanica DDDDDanica added the bug Something isn't working label Mar 20, 2023
@Gudahtt
Copy link
Member

Gudahtt commented Mar 21, 2023

Huh, interesting solution! It seems that this is an attempt to circumvent browser protections against programmatically closing a window, by "opening" the window programmatically first before closing it. I have seen references to this approach not working on some browser versions, but I don't know how that affects the range of versions we support.

The e2e tests here are passing, but the test for this close button might not be sufficient. Right now that test is configured to ensure the length of history on the phishing warning page is exactly 1 so that the browser considers it as being opened programmatically. The reason this test didn't catch the bug in the extension is that today the extension redirects to this page, resulting in a history length of 2. We should try to ensure the test accurately captures this scenario, so that it can protect against future regressions.

So I have 2 suggestions overall: consider browser support, and ensure the test is updated to catch this problem.

@danjm
Copy link
Contributor

danjm commented Mar 23, 2023

with the change here, the tab is now left open, right? fca89f3

Gudahtt
Gudahtt reviewed Mar 30, 2023
View reviewed changes
tests/defaults.spec.ts Outdated Show resolved Hide resolved
danjm
danjm requested changes Mar 30, 2023
View reviewed changes
Copy link
Contributor

@danjm danjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Just Mark's test suggestion to address

danjm
danjm previously approved these changes Mar 30, 2023
View reviewed changes
Copy link
Contributor

@danjm danjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Gudahtt
Gudahtt previously approved these changes Mar 30, 2023
View reviewed changes
Copy link
Member

@Gudahtt Gudahtt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@DDDDDanica DDDDDanica dismissed stale reviews from Gudahtt and danjm via c08efe2 March 30, 2023 13:39
@danjm danjm merged commit fb6912c into main Mar 30, 2023
@danjm danjm deleted the fix/18194 branch March 30, 2023 17:26
@danjm danjm mentioned this pull request Mar 30, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danjm danjm danjm approved these changes

@Gudahtt Gudahtt Gudahtt left review comments

Assignees

@DDDDDanica DDDDDanica

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DDDDDanica @Gudahtt @danjm