[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] 2 commits: Bug 1849186 - Add a preference not to expose the content title in the window...

Pier Angelo Vendrame pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

20e6bcfa

by Pier Angelo Vendrame at 2023-11-14T22:14:32+00:00

Bug 1849186 - Add a preference not to expose the content title in the window title. r=Gijs,tabbrowser-reviewers,dao

Differential Revision: https://phabricator.services.mozilla.com/D190496

7d7f8a1f

by Pier Angelo Vendrame at 2023-11-14T22:14:32+00:00

fixup! Firefox preference overrides.

Bug 41988: Do not expose page titles in winow title

4 changed files:

browser/app/profile/001-base-profile.js
browser/app/profile/firefox.js
browser/base/content/tabbrowser.js
browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js

Changes:

browser/app/profile/001-base-profile.js

@@ -86,6 +86,12 @@ pref("browser.sessionstore.resume_from_crash", false);
  // Disable capturing thumbnails (tor-browser#41595)
  // Also not needed in PBM at the moment.
  pref("browser.pagethumbnails.capturing_disabled", true);
 +// tor-browser#41988: Remove page titles from window titles to prevent possible
 +// disk leaks, e.g., in system logs.
 +// For example, it happened that GNOME shell logged the window name that caused
 +// JS errors/unexpected conditions for unrelated issues.
 +pref("privacy.exposeContentTitleInWindow", false);
 +pref("privacy.exposeContentTitleInWindow.pbm", false);
  // Empty clipboard content from private windows on exit (tor-browser#42154)
  pref("browser.privatebrowsing.preserveClipboard", false);

browser/app/profile/firefox.js

@@ -968,7 +968,7 @@ pref("privacy.panicButton.enabled",         true);
  // Time until temporary permissions expire, in ms
  pref("privacy.temporary_permission_expire_time_ms",  3600000);
 -// Enables protection mechanism against password spoofing for cross domain auh requests
 +// Enables protection mechanism against password spoofing for cross domain auth requests
  // See bug 791594
  pref("privacy.authPromptSpoofingProtection",         true);
@@ -2104,6 +2104,12 @@ pref("privacy.webrtc.sharedTabWarning", false);
  // before navigating to the actual meeting room page. Doesn't survive tab close.
  pref("privacy.webrtc.deviceGracePeriodTimeoutMs", 3600000);
 +// Enable including the content in the window title.
 +// PBM users might want to disable this to avoid a possible source of disk
 +// leaks.
 +pref("privacy.exposeContentTitleInWindow", true);
 +pref("privacy.exposeContentTitleInWindow.pbm", true);
++
  // Start the browser in e10s mode
  pref("browser.tabs.remote.autostart", true);
  pref("browser.tabs.remote.desktopbehavior", true);

browser/base/content/tabbrowser.js

@@ -102,6 +102,18 @@
            true
          );
        });
 +      XPCOMUtils.defineLazyPreferenceGetter(
 +        this,
 +        "_shouldExposeContentTitle",
 +        "privacy.exposeContentTitleInWindow",
 +        true
 +      );
 +      XPCOMUtils.defineLazyPreferenceGetter(
 +        this,
 +        "_shouldExposeContentTitlePbm",
 +        "privacy.exposeContentTitleInWindow.pbm",
 +        true
 +      );
        if (AppConstants.MOZ_CRASHREPORTER) {
          ChromeUtils.defineModuleGetter(
@@ -1072,6 +1084,19 @@
      getWindowTitleForBrowser(aBrowser) {
        let docElement = document.documentElement;
        let title = "";
 +      let dataSuffix =
 +        docElement.getAttribute("privatebrowsingmode") == "temporary"
 +          ? "Private"
 +          : "Default";
 +      let defaultTitle = docElement.dataset["title" + dataSuffix];
++
 +      if (
 +        !this._shouldExposeContentTitle ||
 +        (PrivateBrowsingUtils.isWindowPrivate(window) &&
 +          !this._shouldExposeContentTitlePbm)
 +      ) {
 +        return defaultTitle;
 +      }
        // If location bar is hidden and the URL type supports a host,
        // add the scheme and host to the title to prevent spoofing.
@@ -1109,10 +1134,6 @@
          title += tab.getAttribute("label").replace(/\0/g, "");
+       }
 -      let dataSuffix =
 -        docElement.getAttribute("privatebrowsingmode") == "temporary"
 -          ? "Private"
 -          : "Default";
        if (title) {
          // We're using a function rather than just using `title` as the
          // new substring to avoid `$$`, `$'` etc. having a special
@@ -1125,7 +1146,7 @@
          );
+       }
 -      return docElement.dataset["title" + dataSuffix];
 +      return defaultTitle;
      },
      updateTitlebar() {

browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js

@@ -107,4 +107,34 @@ add_task(async function test() {
      true,
      pb_about_pb_title
    );
++
 +  await SpecialPowers.pushPrefEnv({
 +    set: [["privacy.exposeContentTitleInWindow.pbm", false]],
 +  });
 +  await testTabTitle(await openWin(false), testPageURL, false, page_with_title);
 +  await testTabTitle(
 +    await openWin(true),
 +    testPageURL,
 +    true,
 +    pb_page_without_title
 +  );
 +  await SpecialPowers.pushPrefEnv({
 +    set: [
 +      ["privacy.exposeContentTitleInWindow", false],
 +      ["privacy.exposeContentTitleInWindow.pbm", true],
 +    ],
 +  });
 +  await testTabTitle(
 +    await openWin(false),
 +    testPageURL,
 +    false,
 +    page_without_title
 +  );
 +  // The generic preference set to false is intended to override the PBM one
 +  await testTabTitle(
 +    await openWin(true),
 +    testPageURL,
 +    true,
 +    pb_page_without_title
 +  );
  });