[PSST] Show infobar when the feature availability is detected for the website

[vadimstruts]

Resolves brave/brave-browser#52731

Added display of the infobar when PSST feature availability is detected for the website.
When the user clicks the Review button on the infobar, we plan to show a WebUI modal dialog, which will be added in follow up.

2026-02-25.14-19-11.mp4

[github-actions]

📋 Code Owners Summary

21 file(s) changed, 2 with assigned owners

2 team(s) affected: @brave/chromium-src-reviewers, @brave/string-reviewers-team

---

Owners and Their Files

@brave/string-reviewers-team — 1 file(s)

• app/brave_generated_resources.grd

@brave/chromium-src-reviewers — 1 file(s)

• chromium_src/components/infobars/core/infobar_delegate.h

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[boocmp]

Move theses constants into the component that uses them. Changes in this file are deprecated and useless :)

[boocmp]

Lets use the new strings literals generation system formatter_data="webui=<webui name>" in grdp?
Doc ref: https://sourcegraph.com/github.com/brave/brave-core/-/blob/docs/webui_strings_explainer.md?L1-2

[boocmp]

Looks like unused. If you plan to use this in the future, then use RegisterOnDialogClosedCallback instead.

[boocmp]

You can remove this method and use set_can_close(true) in the c-tor instead.

[boocmp]

Clean up ?

[boocmp]

uff, it's always a pain to bind webui to the browser or tab. I don't like getting any active browser, because it should be hard link between the dialog and the tab.

[boocmp]

lets move it into the separated build.gn ?

[boocmp]

lets use ForWebUI approach ?

[github-actions]

Chromium major version is behind target branch (145.0.7632.120 vs 146.0.7680.32). Please rebase.

[fallaciousreasoning]

sorry for the drive by review!

[fallaciousreasoning]

nit: we shouldn't need this ThemeProvider as this shouldn't be using any brave-ui

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

There's a new pattern for binding mojo handlers from Brave frontend code. PTAL at https://github.com/brave/brave-core/blob/5e7242311c1bf3478dffaeacb1224f021309638c/components/common/api/readme.md

There's also
#32899
if you want an example of an existing WebUI migrating to this new state manager

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

nit: remove commented code

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

I think this file can be removed now this is using the WebUI strings. Optionally you can add a strings.ts file like

brave-core/components/ai_chat/resources/common/strings.ts

Line 4 in 5e72423

// You can obtain one at https://mozilla.org/MPL/2.0/.

so you can reference strings via S.MY_STRING instead of typing the full enum name

brave-core/docs/webui_strings_explainer.md

Line 4 in 5e72423

bindings for grit strings, and an associated Typescript enum.

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

nit: don't use class style components

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

nit: don't need to specify empty args - additionally, if you're styling a built in element you can write

const Thing = styled.div`
  /* styles */
`

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

probably there's a Nala token for this - possibly you want --leo-color-divider-subtle or -strong?

You can import

import { color} from '@brave/leo/tokens/css'

for intellisense colors

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

can we not use the checkbox component?

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

someProp='T'? was this for debugging?

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[fallaciousreasoning]

should this feature have its own buildflag?

[vadimstruts]

I will fix it in follow up, as I removed consent dialog from the current PR

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[fallaciousreasoning]

also, in the linked video there's no clear delineation between the infobar and the webcontents - has the @brave/sec-team okay'd that?

Additionally, this PR is nearly 3000 lines - is there some way we could split it up to be smaller? At the very least, its probably worth separating out the frontend/backend changes

[diracdeltas]

also, in the linked video there's no clear delineation between the infobar and the webcontents - has the @brave/sec-team okay'd that?

@ShivanKaul or @fmarier would be in charge of approving that

[ShivanKaul]

also, in the linked video there's no clear delineation between the infobar and the webcontents - has the @brave/sec-team okay'd that?

@fallaciousreasoning see https://github.com/brave/reviews/issues/1299#issuecomment-3974240534

[netzenbot]

GURL(*next_url) is constructed from data returned by an injected script and passed directly to LoadURL without checking is_valid(). Invalid or malicious URLs from script results could cause unexpected behavior. best practice

[vadimstruts]

fixed

[vadimstruts]

Additionally, this PR is nearly 3000 lines - is there some way we could split it up to be smaller? At the very least, its probably worth separating out the frontend/backend changes

I removed consent dialog from the PR

[github-actions]

[puLL-Merge] - brave/brave-core@34174

Description

This PR adds UI presentation capabilities to the PSST (Privacy Settings Suggestions Tool) feature in Brave browser. It introduces an infobar-based consent flow that notifies users when PSST can optimize a site's privacy settings, allowing them to review suggestions before changes are applied. The PR also refactors the navigation observation mechanism (switching from DidFinishNavigation to NavigationEntryCommitted), introduces a polling mechanism for asynchronous policy script results, and adds an observer pattern to the UI delegate for tracking task progress.

Possible Issues

1. Copyright year is 2026: Files psst_infobar_delegate.cc, psst_infobar_delegate.h, psst_ui_presenter.cc, and psst_ui_presenter.h all have Copyright (c) 2026 — this should be 2025.

2. Callback not invoked on Cancel: In PsstInfoBarDelegate, Cancel() calls on_accept_callback_ with false, but the delegate only defines BUTTON_OK via GetButtons(). This means Cancel() may never be called by the infobar framework, leaving the callback potentially dangling if the infobar is dismissed (not explicitly accepted or cancelled).

3. Empty OnUserAcceptedInfobar implementation: The method has TODO-style comments ("save info in preferences that infobar is accepted" / "User declined the infobar") but no actual implementation, meaning consent state is never persisted.

4. Raw pointer lifetime risk in UiDesktopPresenter: Holds a raw_ptr<content::WebContents> that could outlive the WebContents if the tab is closed while an infobar callback is pending. The weak pointer factory helps for the callback, but there's no guarantee web_contents_ is valid when ShowInfoBar or ShowIcon is called.

5. Polling mechanism with magic constants: kGetPolicyScriptExecutionDelay (3 seconds) and kRetryCounterDefault (5) are hardcoded. The retry logic in MaybeGetPolicyScriptResult reads localStorage via injected JavaScript, which is fragile and could silently fail or be manipulated by page scripts.

6. Browser test removed without replacement: The PsstTabWebContentsObserverBrowserTest was deleted entirely, reducing integration test coverage. The unit tests were updated but may not cover real-world browser behavior.

7. LoadURL with PAGE_TRANSITION_LINK: In OnPolicyScriptResult, navigating to next_url using PAGE_TRANSITION_LINK could be confusing — this is a programmatic navigation, not a user click. This could also trigger infinite loops if the policy script keeps returning new URLs.

8. Deprecated base::ListValue usage: The code introduces new uses of base::ListValue (which is deprecated/aliased) in the Show() interface and related methods.

Security Hotspots

1. JavaScript injection from localStorage polling (kGetPolicyScriptResultScript): The script reads from localStorage and parses JSON from page-controlled storage. A malicious page could write crafted data to psst_settings_status_* keys to influence PSST behavior, potentially triggering unintended navigations via the next_url field in OnPolicyScriptResult.

2. Unvalidated next_url navigation: In OnPolicyScriptResult, the next_url from the policy script result is loaded with only an is_valid() check. There's no origin validation — a compromised or malicious script could redirect the user to any URL, including phishing sites or javascript: URLs (though GURL may reject the latter).

3. ListValueToStringVector trusts input: No sanitization is performed on the strings extracted from the list, which are later used as URL identifiers for filtering.

Changes

Changes

• browser/psst/psst_infobar_delegate.{cc,h} (new): Implements a ConfirmInfoBarDelegate for showing PSST consent infobars with accept/cancel callbacks.
• browser/psst/psst_ui_presenter.{cc,h} (new): Introduces PsstUiPresenter interface and UiDesktopPresenter implementation that shows infobars and icons via content::WebContents.
• browser/psst/psst_ui_delegate_impl.{cc,h}: Extended with observer pattern, consent checking, infobar integration, and task progress reporting. Show() signature expanded with site_name and tasks.
• components/psst/browser/content/psst_tab_web_contents_observer.{cc,h}: Switched from DidFinishNavigation to NavigationEntryCommitted, added async polling for policy script results, consent flow integration, and OnUserAcceptedPsstSettings callback chain.
• components/psst/browser/content/psst_tab_web_contents_observer_unittest.cc: Major test updates including MockNavigationEntry, new matchers, updated test expectations for the consent flow.
• browser/psst/BUILD.gn: Removed browser_tests target, added new source files and dependencies.
• chromium_src/components/infobars/core/infobar_delegate.h: Added BRAVE_PSST_INFOBAR_DELEGATE = 512.
• app/brave_generated_resources.grd: Added localized strings for PSST infobar.
• test/data/psst/: Added test HTML pages.

sequenceDiagram
    participant User
    participant WebContents
    participant Observer as PsstTabWebContentsObserver
    participant Registry as PsstRuleRegistry
    participant UiDelegate as PsstUiDelegateImpl
    participant Presenter as UiDesktopPresenter
    participant InfoBar as PsstInfoBarDelegate

    WebContents->>Observer: NavigationEntryCommitted()
    Observer->>Observer: Set PsstNavigationData on entry
    WebContents->>Observer: DocumentOnLoadCompleted()
    Observer->>Registry: CheckIfMatch(url)
    Registry-->>Observer: MatchedRule (user_script + policy_script)
    Observer->>WebContents: Execute user_script
    WebContents-->>Observer: OnUserScriptResult(user_id, tasks, site_name)
    Observer->>UiDelegate: GetPsstWebsiteSettings(origin, user_id)
    UiDelegate-->>Observer: nullopt (first visit)
    Observer->>UiDelegate: Show(origin, settings, site_name, tasks, callback)
    UiDelegate->>Presenter: ShowIcon()
    UiDelegate->>Presenter: ShowInfoBar(callback)
    Presenter->>InfoBar: Create(infobar_manager, callback)
    InfoBar->>User: Display infobar
    User->>InfoBar: Click "Review suggestions"
    InfoBar->>Presenter: OnInfobarAccepted(true)
    Presenter->>UiDelegate: OnUserAcceptedInfobar(origin, true)
    UiDelegate->>Observer: ConsentCallback(disabled_checks=[])
    Observer->>Observer: PrepareParametersForPolicyExecution()
    Observer->>WebContents: Execute policy_script with params
    WebContents-->>Observer: OnPolicyScriptResult(result)
    alt Result has retry_counter
        Observer->>Observer: MaybeGetPolicyScriptResult (poll localStorage)
    else Result has psst data
        Observer->>UiDelegate: UpdateTasks(progress, tasks, status)
        UiDelegate->>UiDelegate: Notify Observers
        Observer->>WebContents: LoadURL(next_url)
    end

Loading