This is an archived project. Repository and other project resources are read-only.

Only allow adding filter lists loaded via HTTPS

Background / User story

See https://gitlab.com/eyeo/adblockplus/adblockpluscore/issues/5.

What to change

Design: N/A
Research: N/A
Spec: eyeo/specs/spec!283
Development: Reuse existing URL validation to prevent users from adding a filter list whose URL uses any other protocol than HTTPS.

Hints for testers

Custom filter list dialog

No error message is expected to be shown as long as the custom filter list URL input field is empty.
In addition to https: URLs, Core also allows data: URIs so users should be able to enter either one and only receive an error message when attempting to add a URL with a different protocol than those.
Otherwise invalid URLs should continue to show existing error message.

Filter list table

Filter list download error messages shown in filter list table should correspond to the ones mentioned in the spec.
Filter lists using https: or data: should be shown the new error message. If the URL is invalid in other ways, the existing error message should be shown.

Hints for translators

Added the following strings:
- options_filterList_lastDownload_invalidURLProtocol
- options_dialog_import_subscription_location_error_protocol
Updated the following strings:
- options_filterList_lastDownload_invalidURL
- options_filterList_lastDownload_connectionError
- options_filterList_lastDownload_invalidData

Integration notes

N/A

Edited Dec 09, 2019 by Thomas Greiner

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information