[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13324: Workaround for firefox bug 409737. Block popups and javascri (in torbutton/trunk/src: . chrome/content chrome/locale/de-AT chrome/locale/de-CH chrome/locale/de-DE chrome/locale/el-GR chrome/locale/en-US chrome/locale/es-AR chrome/locale/fr-FR chrome/locale/hr-HR chrome/locale/it-IT chrome/locale/nl-NL chrome/locale/pl-PL chrome/locale/pt-BR chrome/locale/ru-RU chrome/locale/sl-SI chrome/locale/zh-CN chrome/locale/zh-TW components defaults/preferences)



Author: mikeperry
Date: 2008-01-28 03:39:16 -0500 (Mon, 28 Jan 2008)
New Revision: 13324

Modified:
   torbutton/trunk/src/CHANGELOG
   torbutton/trunk/src/chrome/content/jshooks.js
   torbutton/trunk/src/chrome/content/preferences.js
   torbutton/trunk/src/chrome/content/preferences.xul
   torbutton/trunk/src/chrome/content/torbutton.js
   torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd
   torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd
   torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd
   torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd
   torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd
   torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd
   torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd
   torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd
   torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd
   torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd
   torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd
   torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd
   torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd
   torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd
   torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd
   torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd
   torbutton/trunk/src/components/cssblocker.js
   torbutton/trunk/src/defaults/preferences/preferences.js
Log:

Workaround for firefox bug 409737. Block popups and
javascript refreshes if tor state has changed. Also block
history manipulation if Tor is enabled.




Modified: torbutton/trunk/src/CHANGELOG
===================================================================
--- torbutton/trunk/src/CHANGELOG	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/CHANGELOG	2008-01-28 08:39:16 UTC (rev 13324)
@@ -17,6 +17,7 @@
 1.1.10
   06 Nov 2007
   * bugfix: bug 522: Try harder to kill plugins before they do any network IO
+    (discovered by goldy)
   * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
     location event.
   * misc: New logging system

Modified: torbutton/trunk/src/chrome/content/jshooks.js
===================================================================
--- torbutton/trunk/src/chrome/content/jshooks.js	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/jshooks.js	2008-01-28 08:39:16 UTC (rev 13324)
@@ -10,7 +10,7 @@
 
   /* Hrmm.. Is it possible this breaks plugin install or other weird shit
      for non-windows OS's? */
-  if(window.__tb_set_uagent) {
+  if(window.__tb_set_uagent==true) {
       var tmp_oscpu = window.__tb_oscpu;
       var tmp_platform = window.__tb_platform;
       var tmp_productSub = window.__tb_productSub;
@@ -53,6 +53,28 @@
     } 
   } 
 
+  // This can potentially be done by hooking shistory;1 component, but
+  // this is simpler and less code.
+  // XXX: probably should do it that way for localization and 
+  // Non-Tor -> Tor correlation protection 
+  // XXX: Also needs localization
+  if(window.__tb_block_js_history==true) {
+      var htmp = window.history;
+      var hmine = new Object();
+      var ran = 0;
+      window.__defineGetter__("history", function() { return hmine; });
+      window.history.__defineGetter__("length", function() { return htmp.length; });
+      var f = function() {
+          if(!ran) {
+              ran = 1;
+              window.alert("Torbutton blocked Javascript history manipulation.\n\nSee history settings to allow.\n\n");
+          }
+      }
+      window.history.back = f;
+      window.history.forward = f;
+      window.history.go = f;
+  }
+
   var tmp = window.Date;
   window.Date = function() {
     /* DO NOT make 'd' a member! EvilCode will use it! */

Modified: torbutton/trunk/src/chrome/content/preferences.js
===================================================================
--- torbutton/trunk/src/chrome/content/preferences.js	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/preferences.js	2008-01-28 08:39:16 UTC (rev 13324)
@@ -210,7 +210,7 @@
     doc.getElementById('torbutton_noReferer').checked = o_torprefs.getBoolPref('disable_referer');
     doc.getElementById('torbutton_spoofEnglish').checked = o_torprefs.getBoolPref('spoof_english');
     doc.getElementById('torbutton_clearHttpAuth').checked = o_torprefs.getBoolPref('clear_http_auth');
-    
+    doc.getElementById('torbutton_blockJSHistory').checked = o_torprefs.getBoolPref('block_js_history');
 
     torbutton_prefs_set_field_attributes(doc);
 }
@@ -261,6 +261,7 @@
     o_torprefs.setBoolPref('dual_cookie_jars', doc.getElementById('torbutton_dualCookieJars').selected);
     o_torprefs.setBoolPref('disable_domstorage', doc.getElementById('torbutton_noDomStorage').checked);
     o_torprefs.setBoolPref('clear_http_auth', doc.getElementById('torbutton_clearHttpAuth').checked);
+    o_torprefs.setBoolPref('block_js_history', doc.getElementById('torbutton_blockJSHistory').checked);
 
     if(doc.getElementById('torbutton_shutdownGroup').selectedItem ==
             doc.getElementById('torbutton_noShutdown')) {

Modified: torbutton/trunk/src/chrome/content/preferences.xul
===================================================================
--- torbutton/trunk/src/chrome/content/preferences.xul	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/preferences.xul	2008-01-28 08:39:16 UTC (rev 13324)
@@ -151,6 +151,8 @@
                   oncommand="torbutton_prefs_set_field_attributes(document)"/>
           <checkbox id="torbutton_clearHistory" label="&torbutton.prefs.clear_history;" 
                   oncommand="torbutton_prefs_set_field_attributes(document)"/>
+          <checkbox id="torbutton_blockJSHistory" label="&torbutton.prefs.block_js_history;" 
+                  oncommand="torbutton_prefs_set_field_attributes(document)"/>
            </vbox>
           </tabpanel>
           <tabpanel id="forms">

Modified: torbutton/trunk/src/chrome/content/torbutton.js
===================================================================
--- torbutton/trunk/src/chrome/content/torbutton.js	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/torbutton.js	2008-01-28 08:39:16 UTC (rev 13324)
@@ -194,6 +194,26 @@
     } else {
         torbutton_enable_tor();
     }
+
+    if(m_tb_prefs.getBoolPref("extensions.torbutton.close_on_toggle")) {
+        // 1. Open new tabbrowser in current window..
+        var browser = getBrowser();
+        var newb = browser.addTab("about:blank");
+        
+        // 2. Close all tabs in the current window except new one
+        browser.removeAllTabsBut(newb);
+        
+        // 3. Close all other windows except this one
+        var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+            .getService(Components.interfaces.nsIWindowMediator);
+        var enumerator = wm.getEnumerator("navigator:browser");
+        while(enumerator.hasMoreElements()) {
+            var win = enumerator.getNext();
+            if(win != window) {
+                win.close(); // XXX: confirm?
+            }
+        }
+    }
 }
 
 function torbutton_set_status() {
@@ -1310,6 +1330,7 @@
     str2 += "window.__tb_oscpu=\""+m_tb_prefs.getCharPref('extensions.torbutton.oscpu_override')+"\";\r\n";
     str2 += "window.__tb_platform=\""+m_tb_prefs.getCharPref('extensions.torbutton.platform_override')+"\";\r\n";
     str2 += "window.__tb_productSub=\""+m_tb_prefs.getCharPref('extensions.torbutton.productsub_override')+"\";\r\n";
+    str2 += "window.__tb_block_js_history="+m_tb_prefs.getBoolPref('extensions.torbutton.block_js_history')+";\r\n";
     str2 += m_tb_jshooks;
 
     try {
@@ -1341,18 +1362,50 @@
         torbutton_init();
     }
 
-    // This noise is a workaround for the fact that docShell.allowPlugins
-    // is ignored when you directly click on a link
+    // This noise is a workaround for firefox bugs involving
+    // enforcement of docShell.allowPlugins and docShell.allowJavascript
+    // (Bugs 401296 and 409737 respectively) 
     try {
         var chanreq = aRequest.QueryInterface(Components.interfaces.nsIChannel);
         if(chanreq
                 && chanreq instanceof Components.interfaces.nsIChannel
-                && aRequest.isPending() 
-                && m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")
-                && m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins")) {
+                && aRequest.isPending()) {
+
+            if(aProgress && aProgress.DOMWindow) {
+                torbutton_eclog(3, 'Document: '+aProgress.DOMWindow.location);
+            }
+
+            if((aProgress && aProgress.DOMWindow.opener 
+               && m_tb_prefs.getBoolPref("extensions.torbutton.isolate_content"))) {
+                
+                if(!(aProgress.DOMWindow.top instanceof Components.interfaces.nsIDOMChromeWindow)) {
+                    // Workaround for Firefox bug 409737
+                    // The idea is that the content policy should stop all
+                    // forms of javascript fetches except for popups. This
+                    // code handles blocking popups from alternate tor states.
+                    var wm = Components.classes["@torproject.org/content-window-mapper;1"]
+                        .getService(Components.interfaces.nsISupports)
+                        .wrappedJSObject;
+
+                    var browser = wm.getBrowserForContentWindow(aProgress.DOMWindow.opener);
+
+                    if(browser && browser.__tb_tor_fetched != m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")) {
+                        torbutton_eclog(3, 'Stopping document: '+aProgress.DOMWindow.location);
+                        aRequest.cancel(0x804b0002);
+                        aProgress.DOMWindow.stop();
+                        torbutton_eclog(3, 'Stopped document: '+aProgress.DOMWindow.location);
+                        aProgress.DOMWindow.document.clear();
+                        torbutton_eclog(3, 'Cleared document: '+aProgress.DOMWindow.location);
+                    }
+                }
+            }
+            
             torbutton_eclog(2, 'LocChange: '+aRequest.contentType);
 
-            if (aRequest.contentType in m_tb_plugin_mimetypes) {
+            // Workaround for Firefox Bug 401296
+            if((m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")
+                && m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins")
+                && aRequest.contentType in m_tb_plugin_mimetypes)) {
                 aRequest.cancel(0x804b0002);
                 if(aProgress) {
                     // ZOMG DIE DIE DXIE!!!!!@
@@ -1363,6 +1416,7 @@
                         torbutton_eclog(2, 'Cleared document');
                         
                         if(typeof(aProgress.DOMWindow.__tb_kill_flag) == 'undefined') {
+                            // XXX: localize
                             window.alert("Torbutton blocked direct Tor load of plugin content.\n\nUse Save-As instead.\n\n");
                             aProgress.DOMWindow.__tb_kill_flag = true;
                         }
@@ -1377,6 +1431,7 @@
                     }
                 } else {
                     torbutton_eclog(4, 'No progress for document cancel!');
+                    // XXX: localize
                     window.alert("Torbutton blocked direct Tor load of plugin content.\n\nUse Save-As instead.\n\n");
                 }
                 torbutton_eclog(3, 'Killed plugin document');

Modified: torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd	2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
 <!ENTITY torbutton.prefs.reload_crashed_jar   "Reload cookie jar/clear cookies on Firefox crash (recommended)">
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history       "Block javascript access to history navigation (recommended)">

Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/components/cssblocker.js	2008-01-28 08:39:16 UTC (rev 13324)
@@ -84,8 +84,9 @@
 }
 
 var localSchemes = {"about" : true, "chrome" : true, "file" : true, 
-    "resource" : true, "x-jsd" : true, "addbook" : true, "cid" : true, 
-    "mailbox" : true, "data" : true, "javascript" : true};
+    "resource" : true, "x-jsd" : true, "addbook" : true, 
+    //    "cid" : true, "data" : true, "javascript" : true,
+    "mailbox" : true};
 
 function ContentPolicy() {
     this._prefs = Components.classes["@mozilla.org/preferences-service;1"]
@@ -179,7 +180,14 @@
             return ok;
         }
 
-        var browser = this.wm.getBrowserForContentWindow(wind.top);
+        var browser;
+        if(wind.top.opener) {
+            this.logger.log(3, "Popup found: "+contentLocation.spec);
+            browser = this.wm.getBrowserForContentWindow(wind.top.opener.top)
+        } else {
+            browser = this.wm.getBrowserForContentWindow(wind.top);
+        }
+
         if(!browser) {
             this.logger.log(5, "No window found: "+contentLocation.spec);
             return block; 
@@ -197,7 +205,20 @@
 
             if(wind.top.browserDOMWindow 
                     && contentType == CPolicy.TYPE_DOCUMENT) {
-                this.logger.log(3, "New location for "+contentLocation.spec);
+                this.logger.log(3, "New location for "+contentLocation.spec+" (currently: "+wind.top.location+" and "+browser.currentURI.spec+")");
+                if(requestOrigin) {
+                    var scheme = requestOrigin.spec.replace(/:.*/, "").toLowerCase();
+                    if(scheme != "chrome") {
+                        // Workaround for Firefox Bug 409737
+                        if(browser.__tb_tor_fetched == tor_state) {
+                            return ok;
+                        } else {
+                            this.logger.log(3, "Blocking: "+contentLocation.spec);
+                            return block;
+                        }
+                    }
+                    this.logger.log(3, "Origin: "+requestOrigin.spec);
+                }
                 return ok;
             }
         }
@@ -215,6 +236,9 @@
         // Instead, related functionality has been grafted onto the 
         // webprogresslistener :(	
         // See mozilla bugs 380556, 305699, 309524
+        if(ContentLocation) {
+            this.logger.log(2, "Process for "+contentLocation.spec);
+        }
         return ok;
 	},
 

Modified: torbutton/trunk/src/defaults/preferences/preferences.js
===================================================================
--- torbutton/trunk/src/defaults/preferences/preferences.js	2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/defaults/preferences/preferences.js	2008-01-28 08:39:16 UTC (rev 13324)
@@ -73,6 +73,8 @@
 pref("extensions.torbutton.startup",false);
 pref("extensions.torbutton.crashed",false);
 pref("extensions.torbutton.clear_http_auth",true);
+pref("extensions.torbutton.close_on_toggle",true);
+pref("extensions.torbutton.block_js_history",true);
 
 pref("extensions.torbutton.appname_override","Netscape");
 pref("extensions.torbutton.appversion_override","5.0 (Windows; en-US)");