Fix websockets bypass in Brave filtering

Fix #6997. Requires brave/muon#160 Auditors: @bridiver Test Plan: covered by automated test
brave · Feb 16, 2017 · f91f678 · f91f678
1 parent 0d3dacf
commit f91f678
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/app/filtering.js b/app/filtering.js
@@ -568,7 +568,7 @@ function initForPartition (partition) {
   fns.forEach((fn) => { fn(ses, partition, module.exports.isPrivate(partition)) })
 }
 
-const filterableProtocols = ['http:', 'https:']
+const filterableProtocols = ['http:', 'https:', 'ws:', 'wss:']
 
 function shouldIgnoreUrl (details) {
   // internal requests

diff --git a/test/components/braveryPanelTest.js b/test/components/braveryPanelTest.js
@@ -268,6 +268,24 @@ describe('Bravery Panel', function () {
         .click(blockAdsOption)
         .waitForTextValue(adsBlockedStat, '2')
     })
+    it('blocks websocket tracking', function * () {
+      const url = Brave.server.url('websockets.html')
+      yield this.app.client
+        .waitForDataFile('adblock')
+        .tabByIndex(0)
+        .loadUrl(url)
+        .waitForTextValue('#result', 'success')
+        .waitForTextValue('#error', 'error')
+        .openBraveMenu(braveMenu, braveryPanel)
+        .waitForTextValue(adsBlockedStat, '1')
+        .click(adsBlockedStat)
+        .waitUntil(function () {
+          return this.getText('.braveryPanelBody li')
+            .then((body) => {
+              return body[0] === 'ws://ag.innovid.com/dv/sync?tid=2'
+            })
+        })
+    })
     // TODO(bridiver) using slashdot won't provide reliable results so we should
     // create our own iframe page with urls we expect to be blocked
     it('detects blocked elements in iframe in private tab', function * () {

diff --git a/test/fixtures/websockets.html b/test/fixtures/websockets.html
@@ -0,0 +1,14 @@
+<div id='result'></div>
+<div id='error'></div>
+<script>
+  // This should get blocked by adblock if it is on
+  var exampleSocket = new WebSocket("ws://ag.innovid.com/dv/sync?tid=2");
+  exampleSocket.onerror = (e) => {
+    document.getElementById('error').innerText = 'error'
+  }
+  // This should be a valid connection
+  var ws = new WebSocket("wss://wss.websocketstest.com:443/service")
+  ws.onopen = function() {
+    document.getElementById('result').innerText = 'success'
+  }
+</script>