Update DSMessage and Navigation links to use SafeAnchor
Categories
(Firefox :: New Tab Page, defect, P1)
Tracking
()
People
(Reporter: pdahiya, Assigned: pdahiya)
References
Details
(Keywords: github-merged)
Attachments
(2 files)
(deleted),
text/x-github-pull-request
|
Details | |
(deleted),
text/x-phabricator-request
|
lizzard
:
approval-mozilla-beta+
|
Details |
Links inside DSMessage and Navigation discovery stream components should be updated to use Safe Anchor tag.
Updated•6 years ago
|
Comment 1•6 years ago
|
||
Assignee | ||
Comment 2•6 years ago
|
||
[Tracking Requested - why for this release]: Follow up of security feedback bug 1524669, its covering protocol check on anchor link for navigation and message discovery stream components.
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 3•6 years ago
|
||
How to test using test feed:
-
go to about:config
-
search for discoverystream.config and set preference to {"api_key_pref":"extensions.pocket.oAuthConsumerKey","enabled":true,"show_spocs":true,"layout_endpoint":"https://gist.githubusercontent.com/punamdahiya/44f78e2f338cbf95f5c28d31faed4639/raw/1c61974ca8ebd02431512d9425031e3a9c8e04f4/test-message-feed.json"}
-
Open new tab and search for text 'Must Reads' in navigation component and it should not be linked.
-
Search for 'Learn more' to find rendered message component and Learn More should not be linked.
-
Search for text 'Health' in navigation component and it should not be linked.
-
Open test feed in new tab
https://gist.githubusercontent.com/punamdahiya/44f78e2f338cbf95f5c28d31faed4639/raw/1c61974ca8ebd02431512d9425031e3a9c8e04f4/test-message-feed.json -
Search for navigation item with title 'Must Reads' and url should be 'javascript://getpocket.com/explore/must-reads?src=fx_new_tab'
-
Search for text 'Learn more' in json feed and respective link_url should be 'javascript://getpocket.com/firefox/new_tab_learn_more'
-
Search for text 'health' in json feed and respective url should be 'ftp://getpocket.com/explore/health?src=fx_new_tab'
Comment 4•6 years ago
|
||
Comment 6•6 years ago
|
||
Assignee | ||
Comment 7•6 years ago
|
||
Comment on attachment 9044310 [details]
Bug 1527701 - Use SafeAnchor in navigation and message component
Beta/Release Uplift Approval Request
Feature/Bug causing the regression
User impact if declined
Patch implements security feedback and ensures at UI end that links shown on message and navigation component in pocket new tab experiments are using protocol http[s].
Is this code covered by automated tests?
No
Has the fix been verified in Nightly?
Yes
Needs manual test from QE?
Yes
If yes, steps to reproduce
See https://bugzilla.mozilla.org/show_bug.cgi?id=1527701#c3
List of other uplifts needed
Risk to taking this patch
Low
Why is the change risky/not risky? (and alternatives if risky)
This patch touches message and navigation components for pocket new tab discovery experiment that's not turned on by default in beta
String changes made/needed
None
Comment on attachment 9044310 [details]
Bug 1527701 - Use SafeAnchor in navigation and message component
Planned work for pocket/new tab.
I'm ok with this being verified after uplift. Let's get all this into beta 9.
Landing order: bug 1519879, bug 1525494, bug 1526861, bug 1524669, bug 1527195, bug 1525391, bug 1527347, bug 1525366, bug 1527626, bug 1527397, bug 1518258, bug 1527701, bug 1527370.
Comment 9•6 years ago
|
||
bugherder uplift |
Comment 10•6 years ago
|
||
(In reply to Punam Dahiya [:pdahiya] from comment #3)
How to test using test feed:
go to about:config
search for discoverystream.config and set preference to {"api_key_pref":"extensions.pocket.oAuthConsumerKey","enabled":true,"show_spocs":true,"layout_endpoint":"https://gist.githubusercontent.com/punamdahiya/44f78e2f338cbf95f5c28d31faed4639/raw/1c61974ca8ebd02431512d9425031e3a9c8e04f4/test-message-feed.json"}
Open new tab and search for text 'Must Reads' in navigation component and it should not be linked.
Search for 'Learn more' to find rendered message component and Learn More should not be linked.
Open test feed in new tab
https://gist.githubusercontent.com/punamdahiya/44f78e2f338cbf95f5c28d31faed4639/raw/1c61974ca8ebd02431512d9425031e3a9c8e04f4/test-message-feed.jsonSearch for navigation item with title 'Must Reads' and url should be 'javascript://getpocket.com/explore/must-reads?src=fx_new_tab'
Search for text 'Learn more' in json feed and respective link_url should be 'javascript://getpocket.com/firefox/new_tab_learn_more'
Tested on:
FF Nightly version : 67.0a1 (2019-02-15)
OS : Mac and Windows 10 Pro
I'm seeing that the link for Health in navigation is missing.
Can you confirm - should we expect link or not?
Recording : https://www.dropbox.com/s/owhpuo9krp2xefo/bug%201527701%20%28%3F%29.mp4?dl=0
Comment 11•6 years ago
|
||
Yes, it's expected that Health does not open a link. It's pointing at "ftp://getpocket.com/…"
Comment 12•6 years ago
|
||
Considering latest QA steps, below are the test results.
Tested on :
FF Nightly version : 67.0a1 (2019-02-15)
OS : Mac and Windows 10 Pro
- From Navigation component -
Must Reads
,Learn more
andHealth
are not linked. - Seeing expected urls for the items from Json feed :
- Must Reads -
javascript://getpocket.com/explore/must-reads?src=fx_new_tab
- Learn more -
javascript://getpocket.com/firefox/new_tab_learn_more
- Health -
ftp://getpocket.com/explore/health?src=fx_new_tab
- Must Reads -
Works as expected.
Closing as verified.
Updated•6 years ago
|
Updated•6 years ago
|
Comment 13•6 years ago
|
||
(In reply to Brahmini Nagabandi from comment #12)
Considering latest QA steps, below are the test results.
Tested on :
FF Nightly version : 67.0a1 (2019-02-15)
OS : Mac and Windows 10 Pro
- From Navigation component -
Must Reads
,Learn more
andHealth
are
not linked.- Seeing expected urls for the items from Json feed :
- Must Reads -
javascript://getpocket.com/explore/must-reads?src=fx_new_tab
- Learn more -
javascript://getpocket.com/firefox/new_tab_learn_more
- Health -
ftp://getpocket.com/explore/health?src=fx_new_tab
Works as expected.
Closing as verified.
Can you please verify this issue on Firefox 66 Beta 9 (https://archive.mozilla.org/pub/firefox/candidates/66.0b9-candidates/build1/)?
Updated•6 years ago
|
Comment 14•5 years ago
|
||
BETA Testing:
QA Results:
Tested on :
FF Beta version : 66.0b9 (64-bit)
OS : Mac and Windows 10 Pro
Date : Feb 21
Verified on the latest Beta. Works as expected.
Marking as verified.
Updated•5 years ago
|
Comment 15•5 years ago
|
||
(In reply to Brahmini Nagabandi from comment #14)
BETA Testing:
QA Results:
Tested on :
FF Beta version : 66.0b9 (64-bit)
OS : Mac and Windows 10 Pro
Date : Feb 21Verified on the latest Beta. Works as expected.
Marking as verified.
Thanks for verifying this!
Updated•5 years ago
|
Description
•