[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbutton/master] Bug 13998: Adapt code to fixed globalHttpsWhitelist



commit 915ec73bb2b556aa937a827fbe746b21dacec1f3
Author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date:   Mon Jan 12 13:03:34 2015 +0000

    Bug 13998: Adapt code to fixed globalHttpsWhitelist
---
 src/chrome/content/torbutton.js |   29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index 4715fb6..8adef28 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -2166,6 +2166,7 @@ var torbutton_sec_ml_bool_prefs = {
 
 var torbutton_sec_mh_bool_prefs = {
   "javascript.options.baselinejit.content" : false,
+  "noscript.global" : false,
   "noscript.globalHttpsWhitelist" : true,
   // XXX: pref for disableing SVG is missing
 };
@@ -2198,7 +2199,10 @@ function torbutton_update_security_slider() {
       for (p in torbutton_sec_h_bool_prefs) {
         m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
       }
-      // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+      // Removing "https:" is needed due to a bug in older Noscript versions.
+      // We leave that in for a while as there may be users that were affected
+      // by this bug. Removing it immediately and having the auto-updater might
+      // leave users exposed to the problem.
       if (capValue.indexOf(" https:") >= 0) {
         m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
           capValue.replace(" https:", ""));
@@ -2224,7 +2228,10 @@ function torbutton_update_security_slider() {
       for (p in torbutton_sec_h_bool_prefs) {
         m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
       }
-      // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+      // Removing "https:" is needed due to a bug in older Noscript versions.
+      // We leave that in for a while as there may be users that were affected
+      // by this bug. Removing it immediately and having the auto-updater might
+      // leave users exposed to the problem.
       if (capValue.indexOf(" https:") >= 0) {
         m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
           capValue.replace(" https:", ""));
@@ -2244,17 +2251,14 @@ function torbutton_update_security_slider() {
       for (p in torbutton_sec_ml_bool_prefs) {
         m_tb_prefs.setBoolPref(p, torbutton_sec_ml_bool_prefs[p])
       }
-      for (p in torbutton_sec_mh_bool_prefs) {
-        m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p])
-      }
+      // Order matters here as both the high mode and the medium-high mode
+      // share some preferences/values. So, let's revert the high mode
+      // preferences first and set the medium-high mode ones afterwards.
       for (p in torbutton_sec_h_bool_prefs) {
         m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
       }
-      // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
-      // missing.
-      if (capValue.indexOf(" https:") < 0) {
-        m_tb_prefs.setCharPref("capability.policy.maonoscript.sites", capValue +
-          " https:");
+      for (p in torbutton_sec_mh_bool_prefs) {
+        m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p])
       }
       m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", false);
       break;
@@ -2276,7 +2280,10 @@ function torbutton_update_security_slider() {
       for (p in torbutton_sec_h_bool_prefs) {
         m_tb_prefs.setBoolPref(p, torbutton_sec_h_bool_prefs[p])
       }
-      // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+      // Removing "https:" is needed due to a bug in older Noscript versions.
+      // We leave that in for a while as there may be users that were affected
+      // by this bug. Removing it immediately and having the auto-updater might
+      // leave users exposed to the problem.
       if (capValue.indexOf(" https:") >= 0) {
         m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
           capValue.replace(" https:", ""));



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits