[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-messenger-build/master] Add a pref to disable JavaScript in browser requests



commit cf474e84580cb4e2f9ed6e024ce9bb4e3f968f52
Author: Arlo Breault <arlolra@xxxxxxxxx>
Date:   Thu Dec 1 14:43:23 2016 -0800

    Add a pref to disable JavaScript in browser requests
    
     * Bugzilla 1321420
---
 ChangeLog                                          |  3 +-
 .../0001-Set-Tor-Messenger-preferences.patch       | 31 +++++++------
 ...0002-Trac-16489-Prevent-account-autologin.patch |  4 +-
 ...Support-Special-Characters-input-prompt-o.patch |  4 +-
 ...Better-error-reporting-for-failed-outgoin.patch |  4 +-
 .../0005-Trac-13312-OTR-over-Twitter-DMs.patch     |  4 +-
 ...-Fix-tab-strip-background-colour-on-OS-X..patch |  4 +-
 ...-XMPP-createConversation-should-handle-in.patch |  4 +-
 ...-Set-_userVCard-own-property-when-downloa.patch |  4 +-
 .../0009-XMPP-in-band-registration.patch           |  4 +-
 .../instantbird/0010-Remove-search-from-UI.patch   |  4 +-
 .../0011-Add-Tor-Messenger-branding.patch          |  4 +-
 projects/instantbird/0012-Account-picture.patch    |  4 +-
 .../0013-Modify-protocol-defaults.patch            |  4 +-
 .../instantbird/0014-Modify-IRC-defaults.patch     |  4 +-
 projects/instantbird/0015-Modify-themes.patch      |  4 +-
 .../instantbird/0016-Modify-XMPP-defaults.patch    |  4 +-
 projects/instantbird/0017-Remove-logging-UI.patch  |  4 +-
 projects/instantbird/0018-Cert-override.patch      |  4 +-
 .../0019-Display-all-traffic-over-Tor.patch        |  4 +-
 .../instantbird/0020-Trac-17480-Content-sink.patch |  4 +-
 .../0021-SASL-ECDSA-NIST256P-CHALLENGE.patch       |  4 +-
 ...-msg-is-not-defined-error-in-irc.js-chang.patch |  4 +-
 ...Contact-list-entries-should-adapt-their-h.patch |  4 +-
 ...1187281-Only-show-close-button-on-Windows.patch |  4 +-
 ...-Remove-old-Yahoo-Messenger-support.-r-al.patch |  4 +-
 ...-Use-built-in-functions-instead-of-an-svg.patch |  4 +-
 ...-Add-a-pref-to-disable-JavaScript-in-brow.patch | 52 ++++++++++++++++++++++
 projects/instantbird/config                        |  1 +
 29 files changed, 122 insertions(+), 65 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8acb5fd..78e111c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,7 +5,8 @@ Tor Messenger 0.3.0b2 --
    * Use the THUNDERBIRD_45_5_1_RELEASE tag on comm-esr45
    * Update tor-browser to 6.0.7
    * Don't allow javascript: links in themes
-   * Disable svg and mathml in content
+   * Bugzilla 1321420: Add a pref to disable JavaScript in browser requests
+   * Bugzilla 1321641: Disable svg and mathml in content
 
 Tor Messenger 0.3.0b1 -- November 22, 2016
  * All Platforms
diff --git a/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch b/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch
index bb9000e..f1fe704 100644
--- a/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch
+++ b/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch
@@ -1,17 +1,17 @@
-From 4c3c3738aef40779b8725db2cc8e32474b2e512c Mon Sep 17 00:00:00 2001
+From 0e21b50aaf1fe5931e1d82fbe9bb482f5449ccd1 Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:48:41 -0700
-Subject: [PATCH 01/26] Set Tor Messenger preferences
+Subject: [PATCH 01/27] Set Tor Messenger preferences
 
 ---
- im/app/profile/all-instantbird.js | 420 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 398 insertions(+), 22 deletions(-)
+ im/app/profile/all-instantbird.js | 423 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 401 insertions(+), 22 deletions(-)
 
 diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.js
-index b7a397017..ff49380b6 100644
+index b7a397017..b18e98e7f 100644
 --- a/im/app/profile/all-instantbird.js
 +++ b/im/app/profile/all-instantbird.js
-@@ -1,3 +1,47 @@
+@@ -1,3 +1,50 @@
 +/**
 + * This file is divded into three section,
 + *
@@ -50,6 +50,9 @@ index b7a397017..ff49380b6 100644
 +// Put conversations on hold so that OTR disconnect is not sent. See #20208.
 +pref("messenger.conversations.holdByDefault", true);
 +
++// Disable JavaScript in browser requests
++pref("chat.browserRequest.disableJavascript", true);
++
 +// No AUS check for system add-on updates for Tor Browser users.
 +// This pref is taken from the TB diff of browser/app/profile/firefox.js
 +pref("extensions.systemAddon.update.url", "");
@@ -59,7 +62,7 @@ index b7a397017..ff49380b6 100644
  /* This Source Code Form is subject to the terms of the Mozilla Public
   * License, v. 2.0. If a copy of the MPL was not distributed with this
   * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-@@ -28,7 +72,7 @@ pref("general.autoScroll", true);
+@@ -28,7 +75,7 @@ pref("general.autoScroll", true);
  // 0 = spellcheck nothing
  // 1 = check multi-line controls [default]
  // 2 = check multi/single line controls
@@ -68,7 +71,7 @@ index b7a397017..ff49380b6 100644
  
  pref("messenger.accounts.convertOldPasswords", true);
  pref("messenger.accounts.promptOnDelete", true);
-@@ -66,7 +110,7 @@ pref("extensions.mintrayr.singleClickRestore", false);
+@@ -66,7 +113,7 @@ pref("extensions.mintrayr.singleClickRestore", false);
  
  // Whether message related sounds should be played at all. If this is enabled
  // then the more specific prefs are checked as well.
@@ -77,7 +80,7 @@ index b7a397017..ff49380b6 100644
  // Specifies whether each message event should trigger a sound for incoming
  // and outgoing messages, or when your nickname is mentioned in a chat.
  pref("messenger.options.playSounds.outgoing", true);
-@@ -142,26 +186,23 @@ pref("app.update.staging.enabled", true);
+@@ -142,26 +189,23 @@ pref("app.update.staging.enabled", true);
  
  // Update service URL:
  // You do not need to use all the %VAR% parameters. Use what you need, %PRODUCT%,%VERSION%,%BUILD_ID%,%CHANNEL% for example
@@ -109,7 +112,7 @@ index b7a397017..ff49380b6 100644
  
  // Interval: Time before prompting the user to restart to install the latest
  //           download (in seconds) default=30 minutes
-@@ -202,7 +243,7 @@ pref("browser.search.order.1",                "chrome://instantbird/locale/regio
+@@ -202,7 +246,7 @@ pref("browser.search.order.1",                "chrome://instantbird/locale/regio
  pref("browser.search.order.2",                "chrome://instantbird/locale/region.properties");
  
  // send ping to the server to update
@@ -118,7 +121,7 @@ index b7a397017..ff49380b6 100644
  
  // disable logging for the search service update system by default
  pref("browser.search.update.log", false);
-@@ -222,10 +263,10 @@ pref("extensions.ignoreMTimeChanges", false);
+@@ -222,10 +266,10 @@ pref("extensions.ignoreMTimeChanges", false);
  pref("extensions.logging.enabled", false);
  pref("general.skins.selectedSkin", "classic/1.0");
  
@@ -131,7 +134,7 @@ index b7a397017..ff49380b6 100644
  
  // Preferences for the Get Add-ons pane
  pref("extensions.getAddons.cache.enabled", false);
-@@ -244,10 +285,24 @@ pref("extensions.getMoreMessageStylesURL", "https://add-ons.instantbird.org/%LOC
+@@ -244,10 +288,24 @@ pref("extensions.getMoreMessageStylesURL", "https://add-ons.instantbird.org/%LOC
  pref("extensions.getMoreEmoticonsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/emoticons/";);
  pref("extensions.getMoreProtocolsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/protocols/";);
  
@@ -159,7 +162,7 @@ index b7a397017..ff49380b6 100644
  
  // don't load links inside Instantbird
  pref("network.protocol-handler.expose-all", false);
-@@ -259,13 +314,13 @@ pref("network.protocol-handler.expose.https", true);
+@@ -259,13 +317,13 @@ pref("network.protocol-handler.expose.https", true);
  
  // expose javascript: so that message themes can use it.
  // javascript: links inside messages are filtered out.
@@ -176,7 +179,7 @@ index b7a397017..ff49380b6 100644
  
  // We have an Error Console menu item by default so let's display chrome errors
  pref("javascript.options.showInConsole", true);
-@@ -300,14 +355,335 @@ pref("browser.tabs.tabClipWidth", 140);
+@@ -300,14 +358,335 @@ pref("browser.tabs.tabClipWidth", 140);
  // 3  at the end of the tabstrip
  pref("browser.tabs.closeButtons", 1);
  
diff --git a/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch b/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch
index f69ce4c..27c53cd 100644
--- a/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch
+++ b/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch
@@ -1,7 +1,7 @@
-From a4ddbd00c0a32d809a2af24f9f2eb3ce9e6734f4 Mon Sep 17 00:00:00 2001
+From 727612a3c5919be6e57c34ff064e9d047d052386 Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Mon, 16 Nov 2015 20:37:53 -0800
-Subject: [PATCH 02/26] Trac 16489: Prevent account autologin
+Subject: [PATCH 02/27] Trac 16489: Prevent account autologin
 
 ---
  chat/components/src/imAccounts.js |  2 +-
diff --git a/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch b/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch
index 6eff88d..be5b62b 100644
--- a/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch
+++ b/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch
@@ -1,7 +1,7 @@
-From e5f7cc504ec4045209879a43e21e9408f82f759d Mon Sep 17 00:00:00 2001
+From 14c9615c0b5c95c824b3ecbe1323d33849ff1690 Mon Sep 17 00:00:00 2001
 From: aleth <aleth@xxxxxxxxxxxxxxx>
 Date: Sat, 30 Jan 2016 20:56:38 +0100
-Subject: [PATCH 03/26] Trac 17896: Support "Special Characters" input prompt
+Subject: [PATCH 03/27] Trac 17896: Support "Special Characters" input prompt
  on OS X
 
  * Bug 1151784 - Add Edit menu to the conversation window on OS X. r=nhnt11,florian
diff --git a/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch b/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch
index 0c9d3fb..fe4feb5 100644
--- a/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch
+++ b/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch
@@ -1,7 +1,7 @@
-From bd4f023395241318ad8bab0f721fbccccffb8885 Mon Sep 17 00:00:00 2001
+From 8810e6c3a0bfcc31b226c1404cfd2c880c1c1c34 Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Tue, 2 Feb 2016 16:04:51 -0800
-Subject: [PATCH 04/26] Trac 17494: Better error reporting for failed outgoing
+Subject: [PATCH 04/27] Trac 17494: Better error reporting for failed outgoing
  messages
 
  * Bug 1245325 - Better error reporting for failed outgoing messages. r=clokep
diff --git a/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch b/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch
index e586e10..1254069 100644
--- a/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch
+++ b/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch
@@ -1,7 +1,7 @@
-From 5996053c815c9872b3ec90eabbdaad69071064fa Mon Sep 17 00:00:00 2001
+From c02d910d93b7ba9ccc2611ebea5d14ca75e23c47 Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Tue, 15 Mar 2016 17:40:42 -0700
-Subject: [PATCH 05/26] Trac 13312: OTR over Twitter DMs
+Subject: [PATCH 05/27] Trac 13312: OTR over Twitter DMs
 
 ---
  chat/components/src/imConversations.js |   3 +-
diff --git a/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch b/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch
index c2872f0..d3ad306 100644
--- a/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch
+++ b/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch
@@ -1,7 +1,7 @@
-From b9052add0dc1e7fdca9c9be6a86cfee4765fb1cd Mon Sep 17 00:00:00 2001
+From af6669624ad0a3f581b4e60819d8a814dea1e96e Mon Sep 17 00:00:00 2001
 From: Nihanth Subramanya <nhnt11@xxxxxxxxx>
 Date: Sun, 9 Oct 2016 21:53:04 -0700
-Subject: [PATCH 06/26] Bug 1218193 - Fix tab strip background colour on OS X.
+Subject: [PATCH 06/27] Bug 1218193 - Fix tab strip background colour on OS X.
  r=aleth
 
 ---
diff --git a/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch b/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch
index 3be82c4..6dfcab0 100644
--- a/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch
+++ b/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch
@@ -1,7 +1,7 @@
-From 50e579c8128762aba5b089dd8efa2581c5647309 Mon Sep 17 00:00:00 2001
+From 906d903b83bd1304f2507809c78b6e8a01618db7 Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Sun, 9 Oct 2016 21:57:07 -0700
-Subject: [PATCH 07/26] Bug 1246431 - XMPP createConversation should handle
+Subject: [PATCH 07/27] Bug 1246431 - XMPP createConversation should handle
  incoming messages from the server properly. r=aleth
 
 ---
diff --git a/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch b/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch
index 860260e..2709721 100644
--- a/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch
+++ b/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch
@@ -1,7 +1,7 @@
-From ec8291566407e9791f5cbb7a518ba990f8063c97 Mon Sep 17 00:00:00 2001
+From 46e98074c3e4f0f82452547cf34ea5790182b9ab Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Sun, 28 Aug 2016 08:57:41 -0700
-Subject: [PATCH 08/26] Bug 1298574 - Set _userVCard own property when
+Subject: [PATCH 08/27] Bug 1298574 - Set _userVCard own property when
  downloading vCard fails. r=aleth
 
  * This prevents an infinite req / res cycle.
diff --git a/projects/instantbird/0009-XMPP-in-band-registration.patch b/projects/instantbird/0009-XMPP-in-band-registration.patch
index 9df73d4..acbb3f6 100644
--- a/projects/instantbird/0009-XMPP-in-band-registration.patch
+++ b/projects/instantbird/0009-XMPP-in-band-registration.patch
@@ -1,7 +1,7 @@
-From a65748c8260e0e9e1d5c5c49460a0f4f932572ec Mon Sep 17 00:00:00 2001
+From 32840337a82ae03003a249179ac14d963245156f Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 18:42:25 -0700
-Subject: [PATCH 09/26] XMPP in-band registration
+Subject: [PATCH 09/27] XMPP in-band registration
 
 ---
  chat/locales/en-US/xmpp.properties                 |   5 +
diff --git a/projects/instantbird/0010-Remove-search-from-UI.patch b/projects/instantbird/0010-Remove-search-from-UI.patch
index 6abe85b..8c734d5 100644
--- a/projects/instantbird/0010-Remove-search-from-UI.patch
+++ b/projects/instantbird/0010-Remove-search-from-UI.patch
@@ -1,7 +1,7 @@
-From 8a782e78164f9bab6992169c94eb63968413437e Mon Sep 17 00:00:00 2001
+From 93f125d61a384b1693aee15a60f6e11964f5abcb Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 18:47:48 -0700
-Subject: [PATCH 10/26] Remove search from UI
+Subject: [PATCH 10/27] Remove search from UI
 
 ---
  im/content/nsContextMenu.js         | 18 +-----------------
diff --git a/projects/instantbird/0011-Add-Tor-Messenger-branding.patch b/projects/instantbird/0011-Add-Tor-Messenger-branding.patch
index 33da960..973adad 100644
--- a/projects/instantbird/0011-Add-Tor-Messenger-branding.patch
+++ b/projects/instantbird/0011-Add-Tor-Messenger-branding.patch
@@ -1,7 +1,7 @@
-From 894cf42051d4df8ef2186072157ea4de664a7215 Mon Sep 17 00:00:00 2001
+From 388606395c2dcf2b2513b17e1abea45c661f44b5 Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 18:56:27 -0700
-Subject: [PATCH 11/26] Add Tor Messenger branding
+Subject: [PATCH 11/27] Add Tor Messenger branding
 
 ---
  im/app/macbuild/Contents/Info.plist.in             |   2 +-
diff --git a/projects/instantbird/0012-Account-picture.patch b/projects/instantbird/0012-Account-picture.patch
index d3d4c0b..d46a804 100644
--- a/projects/instantbird/0012-Account-picture.patch
+++ b/projects/instantbird/0012-Account-picture.patch
@@ -1,7 +1,7 @@
-From a6ed86bacc2304bb23ecfd339aa6a2c39750e704 Mon Sep 17 00:00:00 2001
+From 8770c4d143855951b8eedc90b8188c3a2f401f2e Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:24:09 -0700
-Subject: [PATCH 12/26] Account picture
+Subject: [PATCH 12/27] Account picture
 
 ---
  im/content/blist.xul | 3 +--
diff --git a/projects/instantbird/0013-Modify-protocol-defaults.patch b/projects/instantbird/0013-Modify-protocol-defaults.patch
index d5b138f..d226c82 100644
--- a/projects/instantbird/0013-Modify-protocol-defaults.patch
+++ b/projects/instantbird/0013-Modify-protocol-defaults.patch
@@ -1,7 +1,7 @@
-From 9dffeaa7b684ae17975a79cb05e1c3835999dbb5 Mon Sep 17 00:00:00 2001
+From 6b5c348d5d4de54db3cbfc8f68acbc7e351ac836 Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:25:34 -0700
-Subject: [PATCH 13/26] Modify protocol defaults
+Subject: [PATCH 13/27] Modify protocol defaults
 
  * Top protocols
 
diff --git a/projects/instantbird/0014-Modify-IRC-defaults.patch b/projects/instantbird/0014-Modify-IRC-defaults.patch
index 2e82d90..11bf85d 100644
--- a/projects/instantbird/0014-Modify-IRC-defaults.patch
+++ b/projects/instantbird/0014-Modify-IRC-defaults.patch
@@ -1,7 +1,7 @@
-From 17523fa3d2f7860abe3eb6629894a7df9bdc2350 Mon Sep 17 00:00:00 2001
+From 1546228595bfc1b7127d7c4d9327a30c90e8f080 Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:31:58 -0700
-Subject: [PATCH 14/26] Modify IRC defaults
+Subject: [PATCH 14/27] Modify IRC defaults
 
  * ctcp ping
 
diff --git a/projects/instantbird/0015-Modify-themes.patch b/projects/instantbird/0015-Modify-themes.patch
index d4a7212..bc91e46 100644
--- a/projects/instantbird/0015-Modify-themes.patch
+++ b/projects/instantbird/0015-Modify-themes.patch
@@ -1,7 +1,7 @@
-From 7873271e02abb179a0b1a303a21fffeff515cbc4 Mon Sep 17 00:00:00 2001
+From 6529649b4c2dcf440970552b62d999656aabdb72 Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:36:38 -0700
-Subject: [PATCH 15/26] Modify themes
+Subject: [PATCH 15/27] Modify themes
 
  * theme extension updateh
 
diff --git a/projects/instantbird/0016-Modify-XMPP-defaults.patch b/projects/instantbird/0016-Modify-XMPP-defaults.patch
index cfb73bc..e141d2f 100644
--- a/projects/instantbird/0016-Modify-XMPP-defaults.patch
+++ b/projects/instantbird/0016-Modify-XMPP-defaults.patch
@@ -1,7 +1,7 @@
-From 5f1268c7139217124d8ade00cd9fb1f90da0ab49 Mon Sep 17 00:00:00 2001
+From 8b1f0d8dfbc4483dc566269974ba85a50d6f4f21 Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:38:49 -0700
-Subject: [PATCH 16/26] Modify XMPP defaults
+Subject: [PATCH 16/27] Modify XMPP defaults
 
  * xmpp-default-domain
 
diff --git a/projects/instantbird/0017-Remove-logging-UI.patch b/projects/instantbird/0017-Remove-logging-UI.patch
index fbf2e6f..2305fc8 100644
--- a/projects/instantbird/0017-Remove-logging-UI.patch
+++ b/projects/instantbird/0017-Remove-logging-UI.patch
@@ -1,7 +1,7 @@
-From 7db01c64bbc4b4bf34316ba1cfcf4c2d13a99035 Mon Sep 17 00:00:00 2001
+From aad7c7e9e29750bfcb9ecb9b0b0072a2d47525bd Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:50:48 -0700
-Subject: [PATCH 17/26] Remove logging UI
+Subject: [PATCH 17/27] Remove logging UI
 
 ---
  im/content/preferences/privacy.xul | 20 --------------------
diff --git a/projects/instantbird/0018-Cert-override.patch b/projects/instantbird/0018-Cert-override.patch
index 7454098..71609dd 100644
--- a/projects/instantbird/0018-Cert-override.patch
+++ b/projects/instantbird/0018-Cert-override.patch
@@ -1,7 +1,7 @@
-From 7df4822425e825e6bdd8dc225f28e087eec7c5c8 Mon Sep 17 00:00:00 2001
+From 76f4eef0da58e7bfc521108b89657bbc03c7c8ac Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:56:46 -0700
-Subject: [PATCH 18/26] Cert override
+Subject: [PATCH 18/27] Cert override
 
 ---
  im/app/profile/cert_override.txt | 3 +++
diff --git a/projects/instantbird/0019-Display-all-traffic-over-Tor.patch b/projects/instantbird/0019-Display-all-traffic-over-Tor.patch
index 7bafdf9..f7dcf4b 100644
--- a/projects/instantbird/0019-Display-all-traffic-over-Tor.patch
+++ b/projects/instantbird/0019-Display-all-traffic-over-Tor.patch
@@ -1,7 +1,7 @@
-From 96f480c22c8c4a6002c4bfd563cd444494b56294 Mon Sep 17 00:00:00 2001
+From 9d12cc1475c703b56fef75b4b9760047fc4abf6d Mon Sep 17 00:00:00 2001
 From: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
 Date: Mon, 10 Oct 2016 19:58:31 -0700
-Subject: [PATCH 19/26] Display all traffic over Tor
+Subject: [PATCH 19/27] Display all traffic over Tor
 
 ---
  im/content/accountWizard.xul                          | 2 ++
diff --git a/projects/instantbird/0020-Trac-17480-Content-sink.patch b/projects/instantbird/0020-Trac-17480-Content-sink.patch
index 5c43728..9940f2d 100644
--- a/projects/instantbird/0020-Trac-17480-Content-sink.patch
+++ b/projects/instantbird/0020-Trac-17480-Content-sink.patch
@@ -1,7 +1,7 @@
-From c88a57576cc3b78c69395d35888662e8de4d2f8e Mon Sep 17 00:00:00 2001
+From 53c2abceb1182a49395b2cd9b3c3ccfdcebbc5a8 Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Wed, 5 Oct 2016 11:09:25 -0700
-Subject: [PATCH 20/26] Trac 17480: Content sink
+Subject: [PATCH 20/27] Trac 17480: Content sink
 
 ---
  chat/modules/imContentSink.jsm     | 33 ++++++---------------------------
diff --git a/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch b/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch
index bf0ce9f..fc11959 100644
--- a/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch
+++ b/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch
@@ -1,7 +1,7 @@
-From 08b1abe3af6bdc0143d82ca671218146147ac09e Mon Sep 17 00:00:00 2001
+From 162ae0788f7bca552b6ff319d6fd981fc0b96b2a Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Sun, 2 Oct 2016 08:46:55 -0700
-Subject: [PATCH 21/26] SASL ECDSA-NIST256P-CHALLENGE
+Subject: [PATCH 21/27] SASL ECDSA-NIST256P-CHALLENGE
 
 ---
  chat/components/src/imAccounts.js |    1 +
diff --git a/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch b/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch
index ec5eda8..81f2cd8 100644
--- a/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch
+++ b/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch
@@ -1,7 +1,7 @@
-From b2a074e0dd2ccf85039846f1722f22af2a86062a Mon Sep 17 00:00:00 2001
+From 5293fe4db12ee2fda30ed452335789e7709c809d Mon Sep 17 00:00:00 2001
 From: aleth <aleth@xxxxxxxxxxxxxxx>
 Date: Wed, 26 Oct 2016 20:16:58 +0200
-Subject: [PATCH 22/26] Bug 1313137 - "msg is not defined" error in
+Subject: [PATCH 22/27] Bug 1313137 - "msg is not defined" error in
  irc.js:changeBuddyNick. r=clokep
 
 --HG--
diff --git a/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch b/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch
index 5433910..9f0aebb 100644
--- a/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch
+++ b/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch
@@ -1,7 +1,7 @@
-From 146c625d13d61402b879381a5ce372677837dfc8 Mon Sep 17 00:00:00 2001
+From 40cd830e6d90bad7810dccadc2b944c246659e99 Mon Sep 17 00:00:00 2001
 From: aleth <aleth@xxxxxxxxxxxxxxx>
 Date: Thu, 12 May 2016 15:10:43 +0200
-Subject: [PATCH 23/26] Bug 954368 - Contact list entries should adapt their
+Subject: [PATCH 23/27] Bug 954368 - Contact list entries should adapt their
  height to the actual font size. r=florian
 
 --HG--
diff --git a/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch b/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch
index dbdfe6e..5ad39e2 100644
--- a/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch
+++ b/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch
@@ -1,7 +1,7 @@
-From f5d793612a6fc1aee9f85347ed92b8358e3730fd Mon Sep 17 00:00:00 2001
+From 8c8930d1d6fe933814adfe6ef828f4ef4fe76a6b Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Sat, 5 Nov 2016 14:55:20 -0700
-Subject: [PATCH 24/26] Bug 1187281 - Only show "close" button on Windows
+Subject: [PATCH 24/27] Bug 1187281 - Only show "close" button on Windows
 
 ---
  im/content/accounts.xul | 2 ++
diff --git a/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch b/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch
index c8fc880..9144d64 100644
--- a/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch
+++ b/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch
@@ -1,7 +1,7 @@
-From 98df785bcb7e90dc878dcfe70e7c84cec1c69cd3 Mon Sep 17 00:00:00 2001
+From fd1b3c76721f43025219f2a5f76e5f33ffa20a9e Mon Sep 17 00:00:00 2001
 From: Patrick Cloke <clokep@xxxxxxxxx>
 Date: Wed, 9 Nov 2016 09:03:49 -0800
-Subject: [PATCH 25/26] Bug 1316000 - Remove old Yahoo! Messenger support.
+Subject: [PATCH 25/27] Bug 1316000 - Remove old Yahoo! Messenger support.
  r=aleth
 
 ---
diff --git a/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch b/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch
index 415903a..34387ec 100644
--- a/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch
+++ b/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch
@@ -1,7 +1,7 @@
-From 09954cbcf1d6c769e0610718edd41c13183fcc75 Mon Sep 17 00:00:00 2001
+From d210341ceb40de88a99ac22c1714e4c01bb504af Mon Sep 17 00:00:00 2001
 From: Arlo Breault <arlolra@xxxxxxxxx>
 Date: Thu, 1 Dec 2016 13:25:42 -0800
-Subject: [PATCH 26/26] Bug 1321641 - Use built-in functions instead of an svg
+Subject: [PATCH 26/27] Bug 1321641 - Use built-in functions instead of an svg
  for bubbles filter
 
 ---
diff --git a/projects/instantbird/0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch b/projects/instantbird/0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch
new file mode 100644
index 0000000..27e6c65
--- /dev/null
+++ b/projects/instantbird/0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch
@@ -0,0 +1,52 @@
+From 00e2ca60ebfa8d78824cb5e21917d9580ddf6d25 Mon Sep 17 00:00:00 2001
+From: Arlo Breault <arlolra@xxxxxxxxx>
+Date: Thu, 1 Dec 2016 14:34:51 -0800
+Subject: [PATCH 27/27] Bug 1321420 - Add a pref to disable JavaScript in
+ browser requests
+
+---
+ chat/chat-prefs.js             | 2 ++
+ chat/content/browserRequest.js | 7 +++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/chat/chat-prefs.js b/chat/chat-prefs.js
+index 60b9c1e8c..90a212e5c 100644
+--- a/chat/chat-prefs.js
++++ b/chat/chat-prefs.js
+@@ -86,6 +86,8 @@ pref("chat.prpls.prpl-skype.disable", true);
+ pref("chat.prpls.prpl-facebook.disable", true);
+ // Disable Yahoo Messenger as legacy Yahoo was shut down.
+ pref("chat.prpls.prpl-yahoo.disable", true);
++// Disable JavaScript in browser requests.
++pref("chat.browserRequest.disableJavascript", false);
+ 
+ // loglevel is the minimum severity level that a libpurple message
+ // must have to be reported in the Error Console.
+diff --git a/chat/content/browserRequest.js b/chat/content/browserRequest.js
+index c52c8c637..0069219fa 100644
+--- a/chat/content/browserRequest.js
++++ b/chat/content/browserRequest.js
+@@ -2,6 +2,8 @@
+  * License, v. 2.0. If a copy of the MPL was not distributed with this
+  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
++Components.utils.import("resource:///modules/imServices.jsm");
++
+ var wpl = Components.interfaces.nsIWebProgressListener;
+ 
+ var reporterListener = {
+@@ -133,6 +135,11 @@ function loadRequestedUrl()
+     account.protocol.iconBaseURI + "icon48.png";
+ 
+   let browser = document.getElementById("requestFrame");
++  browser.docShell.allowPlugins = false;
++
++  if (Services.prefs.getBoolPref("chat.browserRequest.disableJavascript"))
++    browser.docShell.allowJavascript = false;
++
+   browser.addProgressListener(reporterListener,
+                               Components.interfaces.nsIWebProgress.NOTIFY_ALL);
+   let url = request.url;
+-- 
+2.11.0
+
diff --git a/projects/instantbird/config b/projects/instantbird/config
index cc1cdc7..336502c 100644
--- a/projects/instantbird/config
+++ b/projects/instantbird/config
@@ -88,6 +88,7 @@ input_files:
   - filename: 0024-Bug-1187281-Only-show-close-button-on-Windows.patch
   - filename: 0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch
   - filename: 0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch
+  - filename: 0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch
   - filename: mozconfig-common
   - filename: 'mozconfig-[% c("var/osname") %]'
     name: mozconfig

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits