[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13324: Workaround for firefox bug 409737. Block popups and javascri (in torbutton/trunk/src: . chrome/content chrome/locale/de-AT chrome/locale/de-CH chrome/locale/de-DE chrome/locale/el-GR chrome/locale/en-US chrome/locale/es-AR chrome/locale/fr-FR chrome/locale/hr-HR chrome/locale/it-IT chrome/locale/nl-NL chrome/locale/pl-PL chrome/locale/pt-BR chrome/locale/ru-RU chrome/locale/sl-SI chrome/locale/zh-CN chrome/locale/zh-TW components defaults/preferences)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r13324: Workaround for firefox bug 409737. Block popups and javascri (in torbutton/trunk/src: . chrome/content chrome/locale/de-AT chrome/locale/de-CH chrome/locale/de-DE chrome/locale/el-GR chrome/locale/en-US chrome/locale/es-AR chrome/locale/fr-FR chrome/locale/hr-HR chrome/locale/it-IT chrome/locale/nl-NL chrome/locale/pl-PL chrome/locale/pt-BR chrome/locale/ru-RU chrome/locale/sl-SI chrome/locale/zh-CN chrome/locale/zh-TW components defaults/preferences)
- From: mikeperry@xxxxxxxx
- Date: Mon, 28 Jan 2008 03:39:16 -0500 (EST)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-cvs-outgoing@xxxxxxxx
- Delivered-to: or-cvs@xxxxxxxx
- Delivery-date: Mon, 28 Jan 2008 03:39:25 -0500
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: mikeperry
Date: 2008-01-28 03:39:16 -0500 (Mon, 28 Jan 2008)
New Revision: 13324
Modified:
torbutton/trunk/src/CHANGELOG
torbutton/trunk/src/chrome/content/jshooks.js
torbutton/trunk/src/chrome/content/preferences.js
torbutton/trunk/src/chrome/content/preferences.xul
torbutton/trunk/src/chrome/content/torbutton.js
torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd
torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd
torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd
torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd
torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd
torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd
torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd
torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd
torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd
torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd
torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd
torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd
torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd
torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd
torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd
torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd
torbutton/trunk/src/components/cssblocker.js
torbutton/trunk/src/defaults/preferences/preferences.js
Log:
Workaround for firefox bug 409737. Block popups and
javascript refreshes if tor state has changed. Also block
history manipulation if Tor is enabled.
Modified: torbutton/trunk/src/CHANGELOG
===================================================================
--- torbutton/trunk/src/CHANGELOG 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/CHANGELOG 2008-01-28 08:39:16 UTC (rev 13324)
@@ -17,6 +17,7 @@
1.1.10
06 Nov 2007
* bugfix: bug 522: Try harder to kill plugins before they do any network IO
+ (discovered by goldy)
* bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
location event.
* misc: New logging system
Modified: torbutton/trunk/src/chrome/content/jshooks.js
===================================================================
--- torbutton/trunk/src/chrome/content/jshooks.js 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/jshooks.js 2008-01-28 08:39:16 UTC (rev 13324)
@@ -10,7 +10,7 @@
/* Hrmm.. Is it possible this breaks plugin install or other weird shit
for non-windows OS's? */
- if(window.__tb_set_uagent) {
+ if(window.__tb_set_uagent==true) {
var tmp_oscpu = window.__tb_oscpu;
var tmp_platform = window.__tb_platform;
var tmp_productSub = window.__tb_productSub;
@@ -53,6 +53,28 @@
}
}
+ // This can potentially be done by hooking shistory;1 component, but
+ // this is simpler and less code.
+ // XXX: probably should do it that way for localization and
+ // Non-Tor -> Tor correlation protection
+ // XXX: Also needs localization
+ if(window.__tb_block_js_history==true) {
+ var htmp = window.history;
+ var hmine = new Object();
+ var ran = 0;
+ window.__defineGetter__("history", function() { return hmine; });
+ window.history.__defineGetter__("length", function() { return htmp.length; });
+ var f = function() {
+ if(!ran) {
+ ran = 1;
+ window.alert("Torbutton blocked Javascript history manipulation.\n\nSee history settings to allow.\n\n");
+ }
+ }
+ window.history.back = f;
+ window.history.forward = f;
+ window.history.go = f;
+ }
+
var tmp = window.Date;
window.Date = function() {
/* DO NOT make 'd' a member! EvilCode will use it! */
Modified: torbutton/trunk/src/chrome/content/preferences.js
===================================================================
--- torbutton/trunk/src/chrome/content/preferences.js 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/preferences.js 2008-01-28 08:39:16 UTC (rev 13324)
@@ -210,7 +210,7 @@
doc.getElementById('torbutton_noReferer').checked = o_torprefs.getBoolPref('disable_referer');
doc.getElementById('torbutton_spoofEnglish').checked = o_torprefs.getBoolPref('spoof_english');
doc.getElementById('torbutton_clearHttpAuth').checked = o_torprefs.getBoolPref('clear_http_auth');
-
+ doc.getElementById('torbutton_blockJSHistory').checked = o_torprefs.getBoolPref('block_js_history');
torbutton_prefs_set_field_attributes(doc);
}
@@ -261,6 +261,7 @@
o_torprefs.setBoolPref('dual_cookie_jars', doc.getElementById('torbutton_dualCookieJars').selected);
o_torprefs.setBoolPref('disable_domstorage', doc.getElementById('torbutton_noDomStorage').checked);
o_torprefs.setBoolPref('clear_http_auth', doc.getElementById('torbutton_clearHttpAuth').checked);
+ o_torprefs.setBoolPref('block_js_history', doc.getElementById('torbutton_blockJSHistory').checked);
if(doc.getElementById('torbutton_shutdownGroup').selectedItem ==
doc.getElementById('torbutton_noShutdown')) {
Modified: torbutton/trunk/src/chrome/content/preferences.xul
===================================================================
--- torbutton/trunk/src/chrome/content/preferences.xul 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/preferences.xul 2008-01-28 08:39:16 UTC (rev 13324)
@@ -151,6 +151,8 @@
oncommand="torbutton_prefs_set_field_attributes(document)"/>
<checkbox id="torbutton_clearHistory" label="&torbutton.prefs.clear_history;"
oncommand="torbutton_prefs_set_field_attributes(document)"/>
+ <checkbox id="torbutton_blockJSHistory" label="&torbutton.prefs.block_js_history;"
+ oncommand="torbutton_prefs_set_field_attributes(document)"/>
</vbox>
</tabpanel>
<tabpanel id="forms">
Modified: torbutton/trunk/src/chrome/content/torbutton.js
===================================================================
--- torbutton/trunk/src/chrome/content/torbutton.js 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/content/torbutton.js 2008-01-28 08:39:16 UTC (rev 13324)
@@ -194,6 +194,26 @@
} else {
torbutton_enable_tor();
}
+
+ if(m_tb_prefs.getBoolPref("extensions.torbutton.close_on_toggle")) {
+ // 1. Open new tabbrowser in current window..
+ var browser = getBrowser();
+ var newb = browser.addTab("about:blank");
+
+ // 2. Close all tabs in the current window except new one
+ browser.removeAllTabsBut(newb);
+
+ // 3. Close all other windows except this one
+ var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+ .getService(Components.interfaces.nsIWindowMediator);
+ var enumerator = wm.getEnumerator("navigator:browser");
+ while(enumerator.hasMoreElements()) {
+ var win = enumerator.getNext();
+ if(win != window) {
+ win.close(); // XXX: confirm?
+ }
+ }
+ }
}
function torbutton_set_status() {
@@ -1310,6 +1330,7 @@
str2 += "window.__tb_oscpu=\""+m_tb_prefs.getCharPref('extensions.torbutton.oscpu_override')+"\";\r\n";
str2 += "window.__tb_platform=\""+m_tb_prefs.getCharPref('extensions.torbutton.platform_override')+"\";\r\n";
str2 += "window.__tb_productSub=\""+m_tb_prefs.getCharPref('extensions.torbutton.productsub_override')+"\";\r\n";
+ str2 += "window.__tb_block_js_history="+m_tb_prefs.getBoolPref('extensions.torbutton.block_js_history')+";\r\n";
str2 += m_tb_jshooks;
try {
@@ -1341,18 +1362,50 @@
torbutton_init();
}
- // This noise is a workaround for the fact that docShell.allowPlugins
- // is ignored when you directly click on a link
+ // This noise is a workaround for firefox bugs involving
+ // enforcement of docShell.allowPlugins and docShell.allowJavascript
+ // (Bugs 401296 and 409737 respectively)
try {
var chanreq = aRequest.QueryInterface(Components.interfaces.nsIChannel);
if(chanreq
&& chanreq instanceof Components.interfaces.nsIChannel
- && aRequest.isPending()
- && m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")
- && m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins")) {
+ && aRequest.isPending()) {
+
+ if(aProgress && aProgress.DOMWindow) {
+ torbutton_eclog(3, 'Document: '+aProgress.DOMWindow.location);
+ }
+
+ if((aProgress && aProgress.DOMWindow.opener
+ && m_tb_prefs.getBoolPref("extensions.torbutton.isolate_content"))) {
+
+ if(!(aProgress.DOMWindow.top instanceof Components.interfaces.nsIDOMChromeWindow)) {
+ // Workaround for Firefox bug 409737
+ // The idea is that the content policy should stop all
+ // forms of javascript fetches except for popups. This
+ // code handles blocking popups from alternate tor states.
+ var wm = Components.classes["@torproject.org/content-window-mapper;1"]
+ .getService(Components.interfaces.nsISupports)
+ .wrappedJSObject;
+
+ var browser = wm.getBrowserForContentWindow(aProgress.DOMWindow.opener);
+
+ if(browser && browser.__tb_tor_fetched != m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")) {
+ torbutton_eclog(3, 'Stopping document: '+aProgress.DOMWindow.location);
+ aRequest.cancel(0x804b0002);
+ aProgress.DOMWindow.stop();
+ torbutton_eclog(3, 'Stopped document: '+aProgress.DOMWindow.location);
+ aProgress.DOMWindow.document.clear();
+ torbutton_eclog(3, 'Cleared document: '+aProgress.DOMWindow.location);
+ }
+ }
+ }
+
torbutton_eclog(2, 'LocChange: '+aRequest.contentType);
- if (aRequest.contentType in m_tb_plugin_mimetypes) {
+ // Workaround for Firefox Bug 401296
+ if((m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")
+ && m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins")
+ && aRequest.contentType in m_tb_plugin_mimetypes)) {
aRequest.cancel(0x804b0002);
if(aProgress) {
// ZOMG DIE DIE DXIE!!!!!@
@@ -1363,6 +1416,7 @@
torbutton_eclog(2, 'Cleared document');
if(typeof(aProgress.DOMWindow.__tb_kill_flag) == 'undefined') {
+ // XXX: localize
window.alert("Torbutton blocked direct Tor load of plugin content.\n\nUse Save-As instead.\n\n");
aProgress.DOMWindow.__tb_kill_flag = true;
}
@@ -1377,6 +1431,7 @@
}
} else {
torbutton_eclog(4, 'No progress for document cancel!');
+ // XXX: localize
window.alert("Torbutton blocked direct Tor load of plugin content.\n\nUse Save-As instead.\n\n");
}
torbutton_eclog(3, 'Killed plugin document');
Modified: torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/de-AT/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/de-CH/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/de-DE/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/el-GR/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/es-AR/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/fr-FR/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/hr-HR/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/it-IT/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/nl-NL/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/pl-PL/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/pt-BR/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/ru-RU/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/sl-SI/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/zh-CN/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/chrome/locale/zh-TW/torbutton.dtd 2008-01-28 08:39:16 UTC (rev 13324)
@@ -67,3 +67,4 @@
<!ENTITY torbutton.prefs.reload_crashed_jar "Reload cookie jar/clear cookies on Firefox crash (recommended)">
<!ENTITY torbutton.prefs.dual_cookie_jars "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
<!ENTITY torbutton.prefs.clear_http_auth "Clear HTTP auth sessions (recommended)">
+<!ENTITY torbutton.prefs.block_js_history "Block javascript access to history navigation (recommended)">
Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/components/cssblocker.js 2008-01-28 08:39:16 UTC (rev 13324)
@@ -84,8 +84,9 @@
}
var localSchemes = {"about" : true, "chrome" : true, "file" : true,
- "resource" : true, "x-jsd" : true, "addbook" : true, "cid" : true,
- "mailbox" : true, "data" : true, "javascript" : true};
+ "resource" : true, "x-jsd" : true, "addbook" : true,
+ // "cid" : true, "data" : true, "javascript" : true,
+ "mailbox" : true};
function ContentPolicy() {
this._prefs = Components.classes["@mozilla.org/preferences-service;1"]
@@ -179,7 +180,14 @@
return ok;
}
- var browser = this.wm.getBrowserForContentWindow(wind.top);
+ var browser;
+ if(wind.top.opener) {
+ this.logger.log(3, "Popup found: "+contentLocation.spec);
+ browser = this.wm.getBrowserForContentWindow(wind.top.opener.top)
+ } else {
+ browser = this.wm.getBrowserForContentWindow(wind.top);
+ }
+
if(!browser) {
this.logger.log(5, "No window found: "+contentLocation.spec);
return block;
@@ -197,7 +205,20 @@
if(wind.top.browserDOMWindow
&& contentType == CPolicy.TYPE_DOCUMENT) {
- this.logger.log(3, "New location for "+contentLocation.spec);
+ this.logger.log(3, "New location for "+contentLocation.spec+" (currently: "+wind.top.location+" and "+browser.currentURI.spec+")");
+ if(requestOrigin) {
+ var scheme = requestOrigin.spec.replace(/:.*/, "").toLowerCase();
+ if(scheme != "chrome") {
+ // Workaround for Firefox Bug 409737
+ if(browser.__tb_tor_fetched == tor_state) {
+ return ok;
+ } else {
+ this.logger.log(3, "Blocking: "+contentLocation.spec);
+ return block;
+ }
+ }
+ this.logger.log(3, "Origin: "+requestOrigin.spec);
+ }
return ok;
}
}
@@ -215,6 +236,9 @@
// Instead, related functionality has been grafted onto the
// webprogresslistener :(
// See mozilla bugs 380556, 305699, 309524
+ if(ContentLocation) {
+ this.logger.log(2, "Process for "+contentLocation.spec);
+ }
return ok;
},
Modified: torbutton/trunk/src/defaults/preferences/preferences.js
===================================================================
--- torbutton/trunk/src/defaults/preferences/preferences.js 2008-01-27 21:52:49 UTC (rev 13323)
+++ torbutton/trunk/src/defaults/preferences/preferences.js 2008-01-28 08:39:16 UTC (rev 13324)
@@ -73,6 +73,8 @@
pref("extensions.torbutton.startup",false);
pref("extensions.torbutton.crashed",false);
pref("extensions.torbutton.clear_http_auth",true);
+pref("extensions.torbutton.close_on_toggle",true);
+pref("extensions.torbutton.block_js_history",true);
pref("extensions.torbutton.appname_override","Netscape");
pref("extensions.torbutton.appversion_override","5.0 (Windows; en-US)");