[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.27.0esr-13.5-1] 3 commits: Bug 672618 - Don't execute javascript: URLs on CTRL+click, middle-click etc. r=dao

ma1 pushed to branch tor-browser-115.27.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

f89188bd

by Tom Schuster at 2025-08-18T17:22:37+02:00

Bug 672618 - Don't execute _javascript_: URLs on CTRL+click, middle-click etc. r=dao

Differential Revision: https://phabricator.services.mozilla.com/D256648

BB 44100: cherry-picked except tests

85feb19a

by Steve Fink at 2025-08-18T17:22:42+02:00

Bug 1977130 - Error-check pthread_getattr_np. r=glandium,spidermonkey-reviewers,jandem, a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D258648

3239846a

by Kershaw Chang at 2025-08-18T17:22:43+02:00

Bug 1979955 - ensure transaction is alive (for ESR140),  a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D260484

5 changed files:

browser/actors/ClickHandlerChild.sys.mjs
browser/app/profile/firefox.js
js/src/util/NativeStack.cpp
mozglue/misc/StackWalk.cpp
netwerk/protocol/http/nsHttpConnection.cpp

Changes:

browser/actors/ClickHandlerChild.sys.mjs

@@ -12,12 +12,26 @@ ChromeUtils.defineESModuleGetters(lazy, {
    E10SUtils: "resource://gre/modules/E10SUtils.sys.mjs",
  });
 +XPCOMUtils.defineLazyPreferenceGetter(
 +  lazy,
 +  "autoscrollEnabled",
 +  "general.autoScroll",
 +  true
 +);
++
 +XPCOMUtils.defineLazyPreferenceGetter(
 +  lazy,
 +  "blockJavascript",
 +  "browser.link.alternative_click.block_javascript",
 +  true
 +);
++
  export class MiddleMousePasteHandlerChild extends JSWindowActorChild {
    handleEvent(clickEvent) {
      if (
        clickEvent.defaultPrevented ||
        clickEvent.button != 1 ||
 -      MiddleMousePasteHandlerChild.autoscrollEnabled
 +      lazy.autoscrollEnabled
      ) {
        return;
+     }
@@ -34,13 +48,6 @@ export class MiddleMousePasteHandlerChild extends JSWindowActorChild {
+   }
+ }
 -XPCOMUtils.defineLazyPreferenceGetter(
 -  MiddleMousePasteHandlerChild,
 -  "autoscrollEnabled",
 -  "general.autoScroll",
 -  true
 -);
+-
  export class ClickHandlerChild extends JSWindowActorChild {
    handleEvent(wrapperEvent) {
      this.handleClickEvent(wrapperEvent.sourceEvent);
@@ -112,6 +119,14 @@ export class ClickHandlerChild extends JSWindowActorChild {
      };
      if (href && !isFromMiddleMousePasteHandler) {
 +      if (
 +        lazy.blockJavascript &&
 +        Services.io.extractScheme(href) == "_javascript_"
 +      ) {
 +        // We don't want to open new tabs or windows for _javascript_: links.
 +        return;
 +      }
++
        try {
          Services.scriptSecurityManager.checkLoadURIStrWithPrincipal(
            principal,

browser/app/profile/firefox.js

@@ -759,6 +759,9 @@ pref("browser.link.open_newwindow.restriction", 2);
    pref("browser.link.open_newwindow.disabled_in_fullscreen", false);
  #endif
 +// If true, opening javscript: URLs using middle-click, CTRL+click etc. are blocked.
 +pref("browser.link.alternative_click.block_javascript", true);
++
  // Tabbed browser
  pref("browser.tabs.closeTabByDblclick", false);
  pref("browser.tabs.closeWindowWithLastTab", true);

js/src/util/NativeStack.cpp

@@ -95,17 +95,16 @@ void* js::GetNativeStackBaseImpl() {
    pthread_t thread = pthread_self();
    pthread_attr_t sattr;
    pthread_attr_init(&sattr);
 -  pthread_getattr_np(thread, &sattr);
 +  int rc = pthread_getattr_np(thread, &sattr);
 +  MOZ_RELEASE_ASSERT(rc == 0, "pthread_getattr_np failed");
    // stackBase will be the *lowest* address on all architectures.
    void* stackBase = nullptr;
    size_t stackSize = 0;
 -  int rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize);
 -  if (rc) {
 -    MOZ_CRASH(
 -        "call to pthread_attr_getstack failed, unable to setup stack range for "
 -        "JS");
 -  }
 +  rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize);
 +  MOZ_RELEASE_ASSERT(rc == 0,
 +                     "call to pthread_attr_getstack failed, unable to setup "
 +                     "stack range for JS");
    MOZ_RELEASE_ASSERT(stackBase,
                       "invalid stack base, unable to setup stack range for JS");
    pthread_attr_destroy(&sattr);
@@ -148,7 +147,8 @@ void* js::GetNativeStackBaseImpl() {
     * FIXME: this function is non-portable;
     * other POSIX systems may have different np alternatives
     */
 -  pthread_getattr_np(thread, &sattr);
 +  MOZ_RELEASE_ASSERT(pthread_getattr_np(thread, &sattr) == 0,
 +                     "pthread_getattr_np failed");
  #    endif
    void* stackBase = 0;

mozglue/misc/StackWalk.cpp

@@ -695,7 +695,8 @@ MFBT_API void MozStackWalk(MozWalkStackCallback aCallback,
  #    elif defined(ANDROID)
    pthread_attr_t sattr;
    pthread_attr_init(&sattr);
 -  pthread_getattr_np(pthread_self(), &sattr);
 +  int rc = pthread_getattr_np(pthread_self(), &sattr);
 +  MOZ_RELEASE_ASSERT(rc == 0, "pthread_getattr_np failed");
    void* stackBase = stackEnd = nullptr;
    size_t stackSize = 0;
    if (gettid() != getpid()) {

netwerk/protocol/http/nsHttpConnection.cpp

@@ -1635,9 +1635,10 @@ nsresult nsHttpConnection::OnSocketWritable() {
+           }
            LOG(("  writing transaction request stream\n"));
 -          rv = mTransaction->ReadSegmentsAgain(this,
 -                                               nsIOService::gDefaultSegmentSize,
 -                                               &transactionBytes, &again);
 +          RefPtr<nsAHttpTransaction> transaction = mTransaction;
 +          rv = transaction->ReadSegmentsAgain(this,
 +                                              nsIOService::gDefaultSegmentSize,
 +                                              &transactionBytes, &again);
            if (mTlsHandshaker->EarlyDataUsed()) {
              mContentBytesWritten0RTT += transactionBytes;
              if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) {
@@ -1660,7 +1661,8 @@ nsresult nsHttpConnection::OnSocketWritable() {
           static_cast<uint32_t>(mSocketOutCondition), again));
      // XXX some streams return NS_BASE_STREAM_CLOSED to indicate EOF.
 -    if (rv == NS_BASE_STREAM_CLOSED && !mTransaction->IsDone()) {
 +    if (rv == NS_BASE_STREAM_CLOSED &&
 +        (mTransaction && !mTransaction->IsDone())) {
        rv = NS_OK;
        transactionBytes = 0;
+     }
@@ -1703,7 +1705,8 @@ nsresult nsHttpConnection::OnSocketWritable() {
        // When Spdy tunnel is used we need to explicitly set when a request is
        // done.
        if ((mState != HttpConnectionState::SETTING_UP_TUNNEL) && !mSpdySession) {
 -        nsHttpTransaction* trans = mTransaction->QueryHttpTransaction();
 +        nsHttpTransaction* trans =
 +            mTransaction ? mTransaction->QueryHttpTransaction() : nullptr;
          // needed for websocket over h2 (direct)
          if (!trans || !trans->IsWebsocketUpgrade()) {
            mRequestDone = true;
@@ -1806,7 +1809,8 @@ nsresult nsHttpConnection::OnSocketReadable() {
        rv = NS_ERROR_FAILURE;
        LOG(("  No Transaction In OnSocketWritable\n"));
      } else {
 -      rv = mTransaction->WriteSegmentsAgain(
 +      RefPtr<nsAHttpTransaction> transaction = mTransaction;
 +      rv = transaction->WriteSegmentsAgain(
            this, nsIOService::gDefaultSegmentSize, &n, &again);
+     }
      LOG(("nsHttpConnection::OnSocketReadable %p trans->ws rv=%" PRIx32