[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-149.0a1-16.0-2] BB 44865: Block requests to chrome://*/locale.

Title: GitLab

Pier Angelo Vendrame pushed to branch tor-browser-149.0a1-16.0-2 at The Tor Project / Applications / Tor Browser

Commits:

  • c9fe2594
    by Pier Angelo Vendrame at 2026-04-16T19:36:16+02:00 
    BB 44865: Block requests to chrome://*/locale.

1 changed file:

Changes:

  • caps/nsScriptSecurityManager.cpp
    ... ... @@ -1104,6 +1104,12 @@ nsresult nsScriptSecurityManager::CheckLoadURIFlags(
    1104 1104 
               return NS_OK;
    1105 1105 
             }
    1106 1106 
           } else if (targetScheme.EqualsLiteral("chrome")) {
    1107 
    +        nsAutoCString path;
    1108 
    +        if (NS_SUCCEEDED(aTargetURI->GetPathQueryRef(path)) &&
    1109 
    +            StringBeginsWith(path, "/locale/"_ns)) {
    1110 
    +          return NS_ERROR_DOM_BAD_URI;
    1111 
    +        }
    1112 
    +
    1107 1113 
             // Allow the load only if the chrome package is allowlisted.
    1108 1114 
             nsCOMPtr<nsIXULChromeRegistry> reg(
    1109 1115 
                 do_GetService(NS_CHROMEREGISTRY_CONTRACTID));


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help Notification message regarding https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c9fe25948566948e28291da1887196559e5a3131 at 1776361067 

    _______________________________________________
tor-commits mailing list -- tor-commits@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-commits-leave@xxxxxxxxxxxxxxxxxxxx