* Fix warning dialog when sending tokens to a known token contract address
Fixing after rebase
Covering missed cases
Rebased and ran yarn setup
Rebased
Fix checkContractAddress condition
Lint fix
Applied requested changes
Fix unit tests
Applying requested changes
Applied requested changes
Refactor and update
Lint fix
Use V2 of ActionableMessage component
Adding Learn More Link
Updating warning copy
Addressing review feedback
Fix up copy changes
Simplify validation of pasted addresses
Improve detection of whether this is a token contract
Refactor to leave updateRecipient unchanged, and to prevent the double calling of update recipient
Update tests
fix
* Fix unit tests
* Fix e2e tests
* Ensure next button is disabled while recipient type is loading
* Add optional chaining and a fallback to getRecipientWarningAcknowledgement
* Fix lint
* Don't reset recipient warning on asset change, because we should show recipient warnings regardless of asset
* Update unit tests
* Update unit tests
Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net>
This reverts commit f09ab88891, reversing
changes made to effc761e0e.
This is being temporarily reverted to make it easier to release an
urgent fix for v10.15.1.
* Update xDAI E2E information
* Use local Ganache instance instead of Gnosis Chain
* Bump test-dapp
* Bump test-dapp
* Enable secondary Ganache server for other test
* Fix linting
* Improve E2E stability
* Update network selector
* Update xDAI E2E information
* Use local Ganache instance instead of Gnosis Chain
* Bump test-dapp
* Bump test-dapp
* Enable secondary Ganache server for other test
* Fix linting
* Improve E2E stability
* Update network selector
* Update xDAI E2E information
* Use local Ganache instance instead of Gnosis Chain
* Bump test-dapp
* Bump test-dapp
* Enable secondary Ganache server for other test
* Fix linting
* Improve E2E stability
* Update network selector
Previously Chrome would ignore an attempt to navigate to a restricted
URL like an extension page that is not web accessible. In a recent
Chrome update, this has changed. Now it does perform the navigation,
but to an error page that explains that the request was invalid.
The last assertion, responsible for checking that the warning page is
still shown, has been removed. The test still ensures the main wallet
UI is not loaded, that assertion was not needed.
Previously Chrome would ignore an attempt to navigate to a restricted
URL like an extension page that is not web accessible. In a recent
Chrome update, this has changed. Now it does perform the navigation,
but to an error page that explains that the request was invalid.
The last assertion, responsible for checking that the warning page is
still shown, has been removed. The test still ensures the main wallet
UI is not loaded, that assertion was not needed.
The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`.
The iframe case was updated with a new design, which required test
changes. The third test that was meant to ensure the phishing page
can't redirect to an extension page has been updated to navigate
directly to the phishing warning page and setting the URL manually via
query parameters, as that was the only way to test that redirect.
* styling updates
Co-authored-by: Alex Donesky <adonesky@gmail.com>
Co-authored-by: George Marshall <george.marshall@consensys.net>
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.
The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.
The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.
The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.
New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
* created new test for bip-44 snap test
* added driver.Key.SPACE to allow sending spacebar
* made changes to final result check
* fixed expected pk result to proper value
* fixed to use npm package instead of local
* removed comment
* removed const delay - not needed (lint error)
* Redirect infura requests to localhost while e2e
* Change requests from Infura to localhost (ganache)
* Included blacklisted hosts
* Fix behaviour for all urls
* Added a couple of explorers and reorg
* Remove repeated line
* Lint fix
* Removed other services aside from infura
* Includes changed for 'ends with'
* Fix security handling of host by including listed of arrays