(Wallet) Implement NFT asset details screen

[simoarpe]

Resolves brave/brave-browser#27276

Implements new NFT asset detail screen supporting GIF, BMP, PNG and JPG images.

demo.mov

Security Review

Requested security review: https://github.com/brave/security/issues/1168.

Light Theme	Dark Theme

Related Issues

• Add support for Solana NFT in NFT detail screen
• Show "Send" button in NFT detail screen for owned NFTs
• Add SVG support to NFT images

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

• Open the wallet section
• If not already present, add a new NFT selecting "Edit visible assets" > "Add custom assets"
  (E.g 0x59468516a8259058bad1ca5f8f4bff190d30e066, id 183 - Invisible Friends)
• Tap on the NFT item
• Observe the new NFT detail screen loads correctly image, title and description.

[SergeyZhukovsky]

check lint, but ++ otherwise

[diracdeltas]

Is there a security review for this? Particularly SVG support. CC @kdenhartog

[simoarpe]

@diracdeltas, requested a security review: https://github.com/brave/security/issues/1168.

[Pavneet-Sing]

Is there a security review for this? Particularly SVG support. CC @kdenhartog

We haven't added SVG support with any new lib yet so no security review is needed for now.
It will/should be opened with the implementation of

• (Wallet) Add SVG support to NFT images

cc: @diracdeltas @simoarpe

[kdenhartog]

One non blocker from me and I see you've addressed the concern about arbitrary URL file types by limiting this to Network and Data URLs only. LGTM

[kdenhartog]

Non blocking: is there a reason this needs to be an array if we're just grabbing the first index here always?

[Pavneet-Sing]

It's a Mojom generated NetworkInfo class to get response data of network as an object from backend so it cannot be changed as it's being used across platforms and since there can be 0,1 or 1+ values so array is the ideal type for this kind of data. Changing this would require changes across platforms, backend and there could be a use case where more than the first url is being used.

[simoarpe]

That's a very good question!
The blockExplorerUrls is an array because some tokens may have multiple blockchain explorer endpoints, this could be useful in case one endpoint is down. Of course, we should add the required logic on top where we check if an endpoint is down and process the next one if present. (It could be an improvement to implement in the future).

Another constraint to consider is about our current configuration as well: NetworkInfo.java (defaultNetwork) is a Java class generated by the mojo binding generator. So the original type is a struct defined in brave_wallet.mojom here.
Not savvy enough to know how much room we have to modify these mojom files. I'm sure @SergeyZhukovsky could tell us more.

[kdenhartog]

Spotted one blocker to make sure we're disabling support for http. Also one other non blocker for resolving IPFS content which we could do via a gateway if we don't have support for nodes in Android (which I'm pretty sure is the case)

[kdenhartog]

Blocker: Just double checked brave-core and noticed that we support only HTTPS here, so going to block to make sure we're not supporting http URLs here.

[Pavneet-Sing]

In case http, we should

1. Not load the URL
2. Try replacing it with https before loading?

[simoarpe]

Okay, I'm going to replace URLUtil.isNetworkUrl(url) with URLUtil.isHttpsUrl(url). Doing so, only HTTPS will be allowed.

[simoarpe]

Addressed in this commit 👉 66efe7e (#16671)

[kdenhartog]

Lgtm

[simoarpe]

@kdenhartog security feedback addressed. Re-requesting your review, thanks.

[kdenhartog]

Looks good to me. All security concerns have been addressed

[srirambv]

Verification passed on Oppo Reno 5 with Android 13 running 1.49.75 x64 Nighty build

• Verified NFT asset details view is shown when clicked on the NFT
• Verified clicking on the Token ID loads the NFT's page on blockexplorer
• Verified able to view both Solana NFT and Ethereum NFT

16671.mp4