From 73b6be93ae69914163f7cbfd8eed30c577980923 Mon Sep 17 00:00:00 2001
From: Brandon-T <bthomas@brave.com>
Date: Wed, 11 Dec 2024 19:02:36 -0500
Subject: [PATCH] Do not allow configuring tabs with javascript no matter what
 (#26932)

---
 .../Sources/Brave/Frontend/Browser/TabManager.swift          | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ios/brave-ios/Sources/Brave/Frontend/Browser/TabManager.swift b/ios/brave-ios/Sources/Brave/Frontend/Browser/TabManager.swift
index 872aa253b3f6..f0b3339c189a 100644
--- a/ios/brave-ios/Sources/Brave/Frontend/Browser/TabManager.swift
+++ b/ios/brave-ios/Sources/Brave/Frontend/Browser/TabManager.swift
@@ -622,7 +622,10 @@ class TabManager: NSObject {
         && Preferences.Privacy.persistentPrivateBrowsing.value)
 
     // WebKit can sometimes return a URL that isn't valid at all!
-    if let requestURL = request?.url, NSURL(idnString: requestURL.absoluteString) == nil {
+    // Do not allow configuring a tab with a Bookmarklet or Javascript URL
+    if let requestURL = request?.url,
+      NSURL(idnString: requestURL.absoluteString) == nil || requestURL.isBookmarklet
+    {
       request?.url = TabManager.aboutBlankBlockedURL
     }