Brave News won't include items with non-http-or-https destination urls

[petemill]

Applies to both the combined feed (feed.json hosted on Brave's PCDN) and direct feeds (i.e. RSS feeds)

Resolves brave/brave-browser#27602

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

STR/Cases can be found via https://github.com/brave/internal/issues/987#issue-1526132512.

[github-actions]

⚠️ PR head is an unsigned commit
commit: 1bde50f47d5d2cf0e31db2fca25210650702f208
reason: unsigned
Please follow the handbook to configure commit signing
cc: @petemill

[petemill]

Moved this logic to a more testable function

[petemill]

This bypasses non-http(s) items from direct-downloaded RSS feeds

[petemill]

This bypasses non-http(s) items from the combined feed hosted by Brave

[fallaciousreasoning]

Is there a corresponding backend change? I think ideally we wouldn't be including any non-https items in the combined feed in the first place.

[petemill]

I would hope it wouldn't include it but doesn't hurt to double-check. And there's always the possibility someone points the browser to a third party combined feed source via the cli param...

[fallaciousreasoning]

LGTM

[fallaciousreasoning]

Is there a corresponding backend change? I think ideally we wouldn't be including any non-https items in the combined feed in the first place.

[fallaciousreasoning]

👍

[sangwoo108]

LGTM 👍

[kjozwiak]

Verification PASSED on Win 11 x64 using the following build(s):

Brave | 1.49.11 Chromium: 109.0.5414.80 (Official Build) nightly (64-bit)
-- | --
Revision | 0f69b168d36a06cace4365e9f029fa987afa5633-refs/branch-heads/5414@{#1178}
OS | Windows 11 Version 22H2 (Build 22621.963)

Verification notes can be found via https://github.com/brave/internal/issues/987#issuecomment-1376133449.