Implement "Desktop Welcome Pages" feature

[zenparsing]

Resolves brave/brave-browser#40157

• Security/privacy review for feature spec
• Security/privacy review for iframe commands

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[bridiver]

these should ideally go in their own BUILD.gn unless there would be a circular dependency issue? I think there probably is one for brave_education_ui so it could go directly in webui/brave_education_ui and the rest of the code could go in webui/brave_education with a separate BUILD.gn

[zenparsing]

I took a look at the code in browser/ui/webui and none of those folders use their own BUILD.gn. Is this a new pattern that we want to establish?

[bridiver]

it's not a new pattern, there is just a lot of incorrect code

[bridiver]

why do we need this? Shouldn't we only be calling the superclass if we don't handle it in our subclass?

[zenparsing]

That switch statement doesn't have a default clause, so when we extend the enum with our own Command values, it results in a compile-time error here.

[bridiver]

oic, because there is an existing mojo enum we are extending

[bridiver]

but this patch does not follow standard patching conventions. It should be BRAVE_CAN_EXECUTE_COMMAND and this should also include NOTREACHED_NORETURN

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] base::Unretained is most of the time unrequited, and a weak reference is better suited for secure coding.
Consider swapping Unretained for a weak reference.
base::Unretained usage may be acceptable when a callback owner is guaranteed
to be destroyed with the object base::Unretained is pointing to, for example:

- PrefChangeRegistrar
- base::*Timer
- mojo::Receiver
- any other class member destroyed when the class is deallocated


Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/chromium-uaf.yaml


Cc @thypon @goodov @iefremov

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[github-actions]

[puLL-Merge] - brave/brave-core@23289

Here's my review of the pull request:

Description

This PR adds a new "Getting Started" feature to the Brave browser. It introduces a new WebUI page that displays educational content about Brave's features after the user completes the Welcome UX flow. The content is loaded from Brave's website into an iframe, and the page supports executing browser commands through a mojo interface.

Changes

Changes

1. New files in browser/ui/webui/brave_education/:

   • brave_education_ui.cc/h: Implements the WebUI for the new education page.
   • education_page_handler.cc/h: Handles requests from the WebUI page.
   • getting_started_helper.cc/h: Helps determine the appropriate "getting started" WebUI URL.

2. New files in components/brave_education/:

   • education_content_urls.cc/h: Defines URLs for education content.
   • features.cc/h: Defines feature flags for the new functionality.
   • Various new resource files for the WebUI implementation.

3. Modified browser/ui/webui/welcome_page/welcome_dom_handler.cc/h:

   • Added functionality to get the "welcome complete" URL.

4. New files in browser/ui/webui/browser_command/:

   • brave_browser_command_handler.cc/h: Implements Brave-specific browser commands.

5. Various build file updates to include the new components.

6. Updates to existing files:

   • browser/brave_content_browser_client.cc: Registered new WebUI controller.
   • browser/ui/BUILD.gn: Added new source files.
   • browser/about_flags.cc: Added new feature entries.
   • components/constants/webui_url_constants.h: Added new constants.

Possible Issues

1. The implementation relies on loading content from an external website (brave.com) into an iframe. This could potentially lead to issues if the website is unavailable or changes unexpectedly.

2. The new feature is controlled by a feature flag (kShowGettingStartedPage). Ensure proper testing is done with both enabled and disabled states.

Security Hotspots

1. brave_education_ui.cc: The implementation allows embedding of iframes from brave.com. While this is likely intentional, it's worth ensuring that proper security measures (like Content Security Policy) are in place to prevent potential XSS attacks.

2. message_data_reader.ts: This file parses messages from the iframe. Ensure that all input is properly validated to prevent potential security issues.

3. brave_browser_command_handler.cc: This file executes browser commands based on messages from the iframe. Make sure that proper access controls are in place to prevent unauthorized command execution.

Overall, the changes appear well-structured and follow Brave's coding conventions. The new functionality is modular and seems to integrate well with existing systems. However, careful testing should be done to ensure the new feature works as expected and doesn't introduce any security vulnerabilities.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[bridiver]

same as above, do not use os buildflags to guard features that are disabled on some platforms.

[bridiver]

do not add individual files here, these should go in their own target

[bridiver]

this seems a bit odd, it's just going to do nothing if the user clicks on the link for this?

[bridiver]

I don't quite understand what is going on here. Why are we making a remote request to determine what page to show?

[zenparsing]

At the end of the welcome flow, we determine which education content to show based on feature flag params. However, if the server URL is not available for some reason (e.g. the network is not available, or the website is messed up, etc.) then we don't want to send the user to a dead end. It would be better to bypass the education page and send them to the new tab page.

This class is responsible for returning the appropriate education content WebUI URL and ensuring to a reasonable degree that it will be successfully loaded.

A similar check is used by upstream for the What's New page in whats_new_fetcher.h.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push