Merge branch 'main' into sam/wire-up-error-ui

* main:
  Enable field validation for Sync payloads (#2807)
  Fix up address bar spoofing tests to match new behaviours. (#2743)
  Release 7.118.0-4 (#2821)
  Settings: onAppear changed to onDisappear (#2817) (#2820)
  Manage Expired Subscription (#2764)
  Replace deprecated tab preview renderer (#2814)
  Release 7.118.0-3 (#2819)
  Update release notes.
  Settings: onAppear changed to onDisappear (#2817)
  Release 7.118.0-2 (#2815)
  Improve VPN underlying error detail (#2813)
  Break the Subscription module’s dependency on BSK (#2804)

.github/workflows/end-to-end.yml

@@ -65,6 +65,15 @@ jobs:
         workspace: .maestro
         include-tags: privacy
         ios-version: 17
+
+    - name: Security tests
+      uses: mobile-dev-inc/action-maestro-cloud@v1.8.0
+      with:
+        api-key: ${{ secrets.MAESTRO_CLOUD_API_KEY }}
+        app-file: DerivedData/Build/Products/Debug-iphonesimulator/DuckDuckGo.app
+        workspace: .maestro
+        include-tags: securityTest
+        ios-version: 17
 
     - name: Ad Click Detection Flow tests
       uses: mobile-dev-inc/action-maestro-cloud@v1.8.0

.maestro/security_tests/1_-_AddressBarSpoof,_basicauth.yaml

@@ -2,17 +2,38 @@ appId: com.duckduckgo.mobile.ios
 tags:
     - securityTest
 ---
-- doubleTapOn:
+# Set up 
+- clearState
+- launchApp
+- runFlow: 
+    when: 
+      visible: 
+        text: "Let’s Do It!"
+        index: 0
+    file: ../shared/onboarding.yaml
+
+# Load Site
+- assertVisible:
+    id: "searchEntry"
+- tapOn: 
     id: "searchEntry"
-- pressKey: Backspace
-# Test 1 - using \u2028 character
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-basicauth-2028.html"
 - pressKey: Enter
+
+# Manage onboarding
+- runFlow:
+    when:
+      visible:
+        text: "Got It"
+        index: 0
+    file: ../shared/onboarding_browsing.yaml
+
+# Test
 - tapOn: "run"
 - assertVisible: "Example Domain"
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText.indexOf("https://www.google.com") != 0}
+- assertTrue: ${maestro.copiedText.indexOf("google.com") != 0}
 - tapOn:
     id: "searchEntry"
 # Test 2 - using \u2029 character
@@ -22,7 +43,7 @@ tags:
 - assertVisible: "Example Domain"
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText.indexOf("https://www.google.com") != 0}
+- assertTrue: ${maestro.copiedText.indexOf("google.com") != 0}
 - tapOn:
     id: "searchEntry"
 # Test 3 - using repeated " " space character
@@ -32,4 +53,4 @@ tags:
 - assertVisible: "Example Domain"
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText.indexOf("https://www.google.com") != 0}
+- assertTrue: ${maestro.copiedText.indexOf("google.com") != 0}

.maestro/security_tests/2_-_AddressBarSpoof,_aboutblank.yaml

@@ -2,16 +2,38 @@ appId: com.duckduckgo.mobile.ios
 tags:
     - securityTest
 ---
-- doubleTapOn:
+# Set up 
+- clearState
+- launchApp
+- runFlow: 
+    when: 
+      visible: 
+        text: "Let’s Do It!"
+        index: 0
+    file: ../shared/onboarding.yaml
+
+# Load Site
+- assertVisible:
+    id: "searchEntry"
+- tapOn: 
     id: "searchEntry"
-- pressKey: Backspace
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-about-blank-rewrite.html"
 - pressKey: Enter
+
+# Manage onboarding
+- runFlow:
+    when:
+      visible:
+        text: "Got It"
+        index: 0
+    file: ../shared/onboarding_browsing.yaml
+
+# Test
 - tapOn: "Start"
 # This test is expected to load "about:blank" not spoof the address bar with duckduckgo.com with the spoofed content.
 - extendedWaitUntil:
     visible: "Not DDG."  # Spoofed content is visible
     timeout: 10000
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText == "about:blank"}
+- assertTrue: ${maestro.copiedText == "about:blank"}

.maestro/security_tests/3_-_AddressBarSpoof,_appschemes.yaml

@@ -2,19 +2,40 @@ appId: com.duckduckgo.mobile.ios
 tags:
     - securityTest
 ---
-# Test 1
-- tapOn:
+# Set up 
+- clearState
+- launchApp
+- runFlow: 
+    when: 
+      visible: 
+        text: "Let’s Do It!"
+        index: 0
+    file: ../shared/onboarding.yaml
+
+# Load Site
+- assertVisible:
+    id: "searchEntry"
+- tapOn: 
     id: "searchEntry"
-- pressKey: Backspace
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-application-scheme.html"
 - pressKey: Enter
+
+# Manage onboarding
+- runFlow:
+    when:
+      visible:
+        text: "Got It"
+        index: 0
+    file: ../shared/onboarding_browsing.yaml
+
+# Test
 - tapOn: "Start"
 # This will try to open another app
 - assertVisible: "Cancel"
 - tapOn: "Cancel"
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText == "https://duckduckgo.com/"} # Should navigate directly here.
+- assertTrue: ${maestro.copiedText == "spreadprivacy.com"} # Should navigate directly here.
 - assertNotVisible: "Not DDG." # HTML content shouldn't be spoofed.
 - tapOn:
     id: "searchEntry"
@@ -27,4 +48,4 @@ tags:
 - tapOn: "Cancel"
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText == "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-unsupported-scheme.html"}
+- assertTrue: ${maestro.copiedText == "privacy-test-pages.site"}

.maestro/security_tests/4_-_AddressBarSpoof,_b64_html.yaml

@@ -2,14 +2,35 @@ appId: com.duckduckgo.mobile.ios
 tags:
     - securityTest
 ---
-# Test 1
-- doubleTapOn:
+# Set up 
+- clearState
+- launchApp
+- runFlow: 
+    when: 
+      visible: 
+        text: "Let’s Do It!"
+        index: 0
+    file: ../shared/onboarding.yaml
+
+# Load Site
+- assertVisible:
+    id: "searchEntry"
+- tapOn: 
     id: "searchEntry"
-- pressKey: Backspace
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-open-b64-html.html"
 - pressKey: Enter
+
+# Manage onboarding
+- runFlow:
+    when:
+      visible:
+        text: "Got It"
+        index: 0
+    file: ../shared/onboarding_browsing.yaml
+
+# Test
 - tapOn: "Start"
 # This test is expected to do nothing: loading base64 encoded HTML content in a new tab is blocked.
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText == "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-open-b64-html.html"}
+- assertTrue: ${maestro.copiedText == "privacy-test-pages.site"}

.maestro/security_tests/5_-_AddressBarSpoof,_downloadpath.yaml

@@ -2,38 +2,61 @@ appId: com.duckduckgo.mobile.ios
 tags:
     - securityTest
 ---
-# Test 1
-- doubleTapOn:
+# Set up 
+- clearState
+- launchApp
+- runFlow: 
+    when: 
+      visible: 
+        text: "Let’s Do It!"
+        index: 0
+    file: ../shared/onboarding.yaml
+
+# Load Site
+- assertVisible:
+    id: "searchEntry"
+- tapOn: 
     id: "searchEntry"
-- pressKey: Backspace
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-download-url.html"
 - pressKey: Enter
+
+# Manage onboarding
+- runFlow:
+    when:
+      visible:
+        text: "Got It"
+        index: 0
+    file: ../shared/onboarding_browsing.yaml
+
+# Test
 - tapOn: "Start"
-# Download Acceptance Flow:
-- extendedWaitUntil:
-    visible: "Save to Downloads"
-    timeout: 10000
-- tapOn: "Save to Downloads"
+# Dismiss Download Prompt if shown
+- runFlow:
+    when:
+        visible: "Cancel"
+    commands:
+        - tapOn: "Cancel"
 - copyTextFrom:
     id: "searchEntry"
 - assertTrue: ${maestro.copiedText == "about:blank"} # Downloads should occur in empty origin.
-# Restart
 - tapOn:
     id: "searchEntry"
+- pressKey: Backspace
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-download-url.html"
 - pressKey: Enter
-# Download Cancel Flow:
 - tapOn: "Start"
-- extendedWaitUntil:
-    visible: "Cancel"  
-    timeout: 10000
-- tapOn: "Cancel"
-# Should be on about:blank
+# Dismiss Download Prompt if shown
+- runFlow:
+    when:
+        visible: "Save to Downloads"
+    commands:
+        - tapOn: "Save to Downloads"
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText == "about:blank"}
-# Return to last test page
+- assertTrue: ${maestro.copiedText == "about:blank"} # Downloads should occur in empty origin.
+# Return to previous page, about:blank messes with future tests
 - tapOn:
     id: "searchEntry"
+- pressKey: Backspace
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-js-download-url.html"
 - pressKey: Enter

.maestro/security_tests/6_-_AddressBarSpoof,_formaction.yaml

@@ -2,15 +2,36 @@ appId: com.duckduckgo.mobile.ios
 tags:
     - securityTest
 ---
-# Test 1
-- doubleTapOn:
+# Set up 
+- clearState
+- launchApp
+- runFlow: 
+    when: 
+      visible: 
+        text: "Let’s Do It!"
+        index: 0
+    file: ../shared/onboarding.yaml
+
+# Load Site
+- assertVisible:
+    id: "searchEntry"
+- tapOn: 
     id: "searchEntry"
-- pressKey: Backspace
 - inputText: "https://privacy-test-pages.site/security/address-bar-spoofing/spoof-form-action.html"
 - pressKey: Enter
+
+# Manage onboarding
+- runFlow:
+    when:
+      visible:
+        text: "Got It"
+        index: 0
+    file: ../shared/onboarding_browsing.yaml
+
+# Test
 - tapOn: "run"
 # Should navigate to duckduckgo.com without any spoofed HTML document content.
 - copyTextFrom:
     id: "searchEntry"
-- assertTrue: ${maestro.copiedText == "https://duckduckgo.com/"}
-- assertNotVisible: "Not DDG."
+- assertTrue: ${maestro.copiedText == "duckduckgo.com"}
+- assertNotVisible: "Not DDG."