Fix incorrect handling of chrome://... and/or edge://... type of URLs (#6760)

aitorvs · joshliebe · web-flow · commit 372dbacb9abd · 2025-09-10T13:03:21.000+01:00
Task/Issue URL: https://app.asana.com/1/137249556945/project/488551667048375/task/1211244094852892?focus=true ### Description Fix the way that we handle non http URI requests. The first attempts fixed it but also introduced a bug because we should only look at user initiated requests, and not redirects. This fix should do that ### Steps to test this PR - [ ] repeat tests in #6687 - [ ] ensure the [side effect issue](https://app.asana.com/1/137249556945/project/1206777341262243/task/1211202801652410) doesn't repro anymore --------- Co-authored-by: joshliebe <joshliebe@gmail.com>
diff --git a/app/src/main/java/com/duckduckgo/app/browser/SpecialUrlDetector.kt b/app/src/main/java/com/duckduckgo/app/browser/SpecialUrlDetector.kt
@@ -81,7 +81,9 @@ class SpecialUrlDetectorImpl(
                 } else {
                     URI_ANDROID_APP_SCHEME
                 }
-                checkForIntent(scheme, uriString, intentFlags)
+                // if there's no redirects (initiatingUrl = null) then it's user initiated
+                val userInitiated = initiatingUrl == null
+                checkForIntent(scheme, uriString, intentFlags, userInitiated)
             }
         }
     }
@@ -183,31 +185,38 @@ class SpecialUrlDetectorImpl(
         scheme: String,
         uriString: String,
         intentFlags: Int,
+        userInitiated: Boolean,
     ): UrlType {
-        val validUriSchemeRegex = Regex("[a-z][a-zA-Z\\d+.-]+")
-        if (scheme.matches(validUriSchemeRegex)) {
-            return buildIntent(uriString, intentFlags)
-        }
-
-        return UrlType.SearchQuery(uriString)
-    }
+        fun buildIntent(uriString: String, intentFlags: Int, userInitiated: Boolean): UrlType {
+            return try {
+                val intent = Intent.parseUri(uriString, intentFlags)
+                // only proceed if something can handle it
+                if (userInitiated && (intent == null || packageManager.resolveActivity(intent, 0) == null) &&
+                    androidBrowserConfigFeature.validateIntentResolution().isEnabled()
+                ) {
+                    return UrlType.Unknown(uriString)
+                }
 
-    private fun buildIntent(uriString: String, intentFlags: Int): UrlType {
-        return try {
-            val intent = Intent.parseUri(uriString, intentFlags)
+                if (externalAppIntentFlagsFeature.self().isEnabled()) {
+                    intent.addCategory(Intent.CATEGORY_BROWSABLE)
+                    intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TOP)
+                }
 
-            if (externalAppIntentFlagsFeature.self().isEnabled()) {
-                intent.addCategory(Intent.CATEGORY_BROWSABLE)
-                intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TOP)
+                val fallbackUrl = intent.getStringExtra(EXTRA_FALLBACK_URL)
+                val fallbackIntent = buildFallbackIntent(fallbackUrl)
+                UrlType.NonHttpAppLink(uriString = uriString, intent = intent, fallbackUrl = fallbackUrl, fallbackIntent = fallbackIntent)
+            } catch (e: URISyntaxException) {
+                logcat(WARN) { "Failed to parse uri $uriString: ${e.asLog()}" }
+                return UrlType.Unknown(uriString)
             }
+        }
 
-            val fallbackUrl = intent.getStringExtra(EXTRA_FALLBACK_URL)
-            val fallbackIntent = buildFallbackIntent(fallbackUrl)
-            UrlType.NonHttpAppLink(uriString = uriString, intent = intent, fallbackUrl = fallbackUrl, fallbackIntent = fallbackIntent)
-        } catch (e: URISyntaxException) {
-            logcat(WARN) { "Failed to parse uri $uriString: ${e.asLog()}" }
-            return UrlType.Unknown(uriString)
+        val validUriSchemeRegex = Regex("[a-z][a-zA-Z\\d+.-]+")
+        if (scheme.matches(validUriSchemeRegex)) {
+            return buildIntent(uriString, intentFlags, userInitiated)
         }
+
+        return UrlType.SearchQuery(uriString)
     }
 
     private fun buildFallbackIntent(fallbackUrl: String?): Intent? {
diff --git a/app/src/main/java/com/duckduckgo/app/pixels/remoteconfig/AndroidBrowserConfigFeature.kt b/app/src/main/java/com/duckduckgo/app/pixels/remoteconfig/AndroidBrowserConfigFeature.kt
@@ -161,4 +161,13 @@ interface AndroidBrowserConfigFeature {
 
     @Toggle.DefaultValue(DefaultFeatureValue.TRUE)
     fun hideDuckAiInSerpKillSwitch(): Toggle
+
+    /**
+     * Kill switch for intent resolution validation in SpecialUrlDetector
+     * @return `true` when the remote config has the global "validateIntentResolution" androidBrowserConfig
+     * sub-feature flag enabled
+     * If the remote feature is not present defaults to `true`
+     */
+    @Toggle.DefaultValue(DefaultFeatureValue.TRUE)
+    fun validateIntentResolution(): Toggle
 }
diff --git a/app/src/test/java/com/duckduckgo/app/browser/SpecialUrlDetectorImplTest.kt b/app/src/test/java/com/duckduckgo/app/browser/SpecialUrlDetectorImplTest.kt
@@ -99,6 +99,7 @@ class SpecialUrlDetectorImplTest {
         whenever(mockAIChatQueryDetectionFeatureToggle.isEnabled()).thenReturn(false)
         whenever(mockAIChatQueryDetectionFeature.self()).thenReturn(mockAIChatQueryDetectionFeatureToggle)
         androidBrowserConfigFeature.handleIntentScheme().setRawStoredState(State(true))
+        androidBrowserConfigFeature.validateIntentResolution().setRawStoredState(State(true))
     }
 
     @Test
@@ -293,21 +294,64 @@ class SpecialUrlDetectorImplTest {
     @Test
     fun whenUrlIsCustomUriSchemeThenNonHttpAppLinkTypeDetectedWithAdditionalIntentFlags() {
         externalAppIntentFlagsFeature.self().setRawStoredState(State(true))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(ResolveInfo())
         val type = testee.determineType("myapp:foo bar") as NonHttpAppLink
         assertEquals("myapp:foo bar", type.uriString)
         assertEquals(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TOP, type.intent.flags)
         assertEquals(Intent.CATEGORY_BROWSABLE, type.intent.categories.first())
     }
 
+    @Test
+    fun whenUrlIsCustomUriSchemeAndRedirectThenNonHttpAppLinkTypeDetectedWithAdditionalIntentFlags() {
+        externalAppIntentFlagsFeature.self().setRawStoredState(State(true))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(ResolveInfo())
+        val actual = testee.determineType("https://www.example.com", "myapp:foo bar".toUri()) as NonHttpAppLink
+        assertEquals("myapp:foo bar", actual.uriString)
+        assertEquals(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TOP, actual.intent.flags)
+        assertEquals(Intent.CATEGORY_BROWSABLE, actual.intent.categories.first())
+    }
+
+    @Test
+    fun whenUrlIsCustomUriSchemeAndNoResolveInfoThenUnknownTypeDetected() {
+        externalAppIntentFlagsFeature.self().setRawStoredState(State(true))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(null)
+        val expected = Unknown::class
+        val actual = testee.determineType("myapp:foo bar")
+        assertEquals(expected, actual::class)
+    }
+
+    @Test
+    fun whenUrlIsCustomUriSchemeAndNoResolveInfoAndRedirectThenNonHttpAppLinkDetected() {
+        externalAppIntentFlagsFeature.self().setRawStoredState(State(true))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(null)
+        val expected = NonHttpAppLink::class
+        val actual = testee.determineType("https://www.example.com", "myapp:foo bar".toUri()) as NonHttpAppLink
+        assertEquals(expected, actual::class)
+        assertEquals("myapp:foo bar", actual.uriString)
+        assertEquals(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TOP, actual.intent.flags)
+        assertEquals(Intent.CATEGORY_BROWSABLE, actual.intent.categories.first())
+    }
+
     @Test
     fun whenUrlIsCustomUriSchemeThenNonHttpAppLinkTypeDetectedWithoutAdditionalIntentFlags() {
         externalAppIntentFlagsFeature.self().setRawStoredState(State(false))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(ResolveInfo())
         val type = testee.determineType("myapp:foo bar") as NonHttpAppLink
         assertEquals("myapp:foo bar", type.uriString)
         assertEquals(0, type.intent.flags)
         assertNull(type.intent.categories)
     }
 
+    @Test
+    fun whenUrlIsCustomUriSchemeAndRedirectThenNonHttpAppLinkTypeDetectedWithoutAdditionalIntentFlags() {
+        externalAppIntentFlagsFeature.self().setRawStoredState(State(false))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(ResolveInfo())
+        val actual = testee.determineType("https://www.example.com", "myapp:foo bar".toUri()) as NonHttpAppLink
+        assertEquals("myapp:foo bar", actual.uriString)
+        assertEquals(0, actual.intent.flags)
+        assertNull(actual.intent.categories)
+    }
+
     @Test
     fun whenUrlIsNotPrivacyProThenQueryTypeDetected() {
         whenever(subscriptions.shouldLaunchPrivacyProForUrl(any())).thenReturn(false)
@@ -520,7 +564,7 @@ class SpecialUrlDetectorImplTest {
 
         testee.determineType("intent://path#Intent;scheme=testscheme;package=com.example.app;end")
 
-        verify(testee).checkForIntent(eq("intent"), any(), eq(URI_INTENT_SCHEME))
+        verify(testee).checkForIntent(eq("intent"), any(), eq(URI_INTENT_SCHEME), eq(true))
     }
 
     @Test
@@ -529,7 +573,50 @@ class SpecialUrlDetectorImplTest {
 
         testee.determineType("intent://path#Intent;scheme=testscheme;package=com.example.app;end")
 
-        verify(testee).checkForIntent(eq("intent"), any(), eq(URI_ANDROID_APP_SCHEME))
+        verify(testee).checkForIntent(eq("intent"), any(), eq(URI_ANDROID_APP_SCHEME), eq(true))
+    }
+
+    @Test
+    fun whenValidateIntentResolutionEnabledAndNoResolveInfoThenReturnUnknownType() {
+        androidBrowserConfigFeature.validateIntentResolution().setRawStoredState(State(true))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(null)
+
+        val result = testee.determineType("myapp:foo bar")
+
+        assertTrue(result is Unknown)
+    }
+
+    @Test
+    fun whenValidateIntentResolutionDisabledAndNoResolveInfoThenReturnNonHttpAppLinkType() {
+        androidBrowserConfigFeature.validateIntentResolution().setRawStoredState(State(false))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(null)
+
+        val result = testee.determineType("myapp:foo bar")
+
+        assertTrue(result is NonHttpAppLink)
+        assertEquals("myapp:foo bar", (result as NonHttpAppLink).uriString)
+    }
+
+    @Test
+    fun whenValidateIntentResolutionEnabledAndResolveInfoExistsThenReturnNonHttpAppLinkType() {
+        androidBrowserConfigFeature.validateIntentResolution().setRawStoredState(State(true))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(ResolveInfo())
+
+        val result = testee.determineType("myapp:foo bar")
+
+        assertTrue(result is NonHttpAppLink)
+        assertEquals("myapp:foo bar", (result as NonHttpAppLink).uriString)
+    }
+
+    @Test
+    fun whenValidateIntentResolutionDisabledAndResolveInfoExistsThenReturnNonHttpAppLinkType() {
+        androidBrowserConfigFeature.validateIntentResolution().setRawStoredState(State(false))
+        whenever(mockPackageManager.resolveActivity(any(), anyInt())).thenReturn(ResolveInfo())
+
+        val result = testee.determineType("myapp:foo bar")
+
+        assertTrue(result is NonHttpAppLink)
+        assertEquals("myapp:foo bar", (result as NonHttpAppLink).uriString)
     }
 
     private fun randomString(length: Int): String {
