Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ads] Suppress RichNTT if brave://settings/content/javascript is disabled #27783

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[ads] Suppress RichNTT if brave://settings/content/javascript is disabled #27783

wants to merge 1 commit into from
+1,678 −650

Conversation

tmancey
Copy link
Collaborator

@tmancey tmancey commented Feb 24, 2025
edited
Loading

Resolves brave/brave-browser#43655

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

Confirm rich media NTTs are shown if brave://settings/content/javascript is enable and not shown if disabled.

@tmancey tmancey self-assigned this Feb 24, 2025
@tmancey tmancey requested a review from a team February 24, 2025 20:43
@tmancey tmancey force-pushed the issues/43655 branch 2 times, most recently from 9eb2be7 to 9532f22 Compare February 24, 2025 20:52
@tmancey tmancey marked this pull request as ready for review February 24, 2025 20:53
@tmancey tmancey requested a review from a team as a code owner February 24, 2025 20:53
@tmancey tmancey force-pushed the issues/43655 branch 2 times, most recently from 5bc6b3e to d2e1a66 Compare February 24, 2025 21:00
@tmancey tmancey marked this pull request as draft February 24, 2025 21:57
@tmancey tmancey force-pushed the issues/43655 branch 5 times, most recently from 7f0b621 to 811b39e Compare February 25, 2025 16:25
@tmancey tmancey marked this pull request as ready for review February 25, 2025 16:27
kylehickinson
kylehickinson approved these changes Feb 25, 2025
View reviewed changes
Copy link
Collaborator

@kylehickinson kylehickinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iOS++

@tmancey tmancey requested a review from diracdeltas February 25, 2025 16:35
@tmancey tmancey requested a review from diracdeltas February 25, 2025 16:45
diracdeltas
diracdeltas approved these changes Feb 25, 2025
View reviewed changes
Copy link
Member

@diracdeltas diracdeltas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i would add a manual test plan that toggling brave://settings/content/javascript on and off works as expected but otherwise lgtm

@tmancey
Copy link
Collaborator Author

tmancey commented Feb 25, 2025

i would add a manual test plan that toggling brave://settings/content/javascript on and off works as expected but otherwise lgtm

Just finishing adding the tests, and thank you.

@tmancey tmancey marked this pull request as draft February 26, 2025 15:12
@tmancey tmancey force-pushed the issues/43655 branch 5 times, most recently from cbc9b69 to 8511755 Compare February 28, 2025 19:59
@tmancey tmancey force-pushed the issues/43655 branch 2 times, most recently from 4a981b3 to 6f81487 Compare February 28, 2025 20:36
@tmancey tmancey marked this pull request as ready for review February 28, 2025 21:52
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 1, 2025

[puLL-Merge] - brave/brave-core@27783

Here's my analysis of this pull request:

Description

This PR modifies the Brave browser codebase to respect JavaScript content settings when displaying sponsored rich media content in new tab takeovers. It adds logic to check if JavaScript is enabled before allowing rich media wallpapers, while still allowing image-based wallpapers regardless of JavaScript settings. The PR also includes significant refactoring of related components and test improvements.

Changes

Changes

By filename:

  1. browser/brave_ads/ads_service_factory.cc:

    • Adds HostContentSettingsMap dependency to AdsService

  2. components/brave_ads/browser/ads_service_impl.cc:

    • Implements JavaScript content settings check
    • Adds observer for content settings changes
    • Updates prefetch logic based on content settings

  3. components/ntp_background_images/:

    • Adds wallpaper type distinction between image and rich media
    • Updates logic to filter rich media content based on JavaScript settings
    • Improves testing coverage around content settings

  4. Database changes:

    • Adds 'type' column to creative_new_tab_page_ads table
    • Updates schema version to 49
    • Adds migration logic for existing data
sequenceDiagram
    participant User
    participant Browser
    participant ContentSettings
    participant AdsService
    participant Database

    User->>Browser: Opens New Tab
    Browser->>ContentSettings: Check JavaScript settings
    ContentSettings->>AdsService: Allow/Block rich media
    AdsService->>Database: Query eligible wallpapers
    Database->>AdsService: Return filtered wallpapers
    AdsService->>Browser: Return appropriate wallpaper
    Browser->>User: Display wallpaper
Loading

Security Hotspots

  1. Content Settings Validation:

    • The PR correctly implements content setting checks for JavaScript, but special attention should be paid to ensuring these checks cannot be bypassed

  2. Database Migration:

    • The migration for schema v49 sets default type to 'image' for existing records
    • Migration path needs to be carefully tested to avoid data corruption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@kylehickinson kylehickinson kylehickinson approved these changes

@diracdeltas diracdeltas diracdeltas approved these changes

@aseren aseren aseren approved these changes

Assignees

@thypon thypon

@tmancey tmancey

@stoletheminerals stoletheminerals

@cdesouza-chromium cdesouza-chromium

Labels
needs-security-review puLL-Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ads] Suppress RichNTT if brave://settings/content/javascript is disabled
7 participants
@tmancey @kylehickinson @diracdeltas @aseren @thypon @stoletheminerals @cdesouza-chromium