Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
-
6b4e61a1
by Pier Angelo Vendrame at 2024-09-02T11:54:45+02:00
-
79feae7c
by Fatih at 2024-09-02T11:54:49+02:00
-
442dcc5e
by Fatih at 2024-09-02T11:54:50+02:00
-
cda055ab
by Pier Angelo Vendrame at 2024-09-02T11:56:23+02:00
5 changed files:
- browser/components/preferences/privacy.js
- browser/components/resistfingerprinting/test/browser/browser.toml
- + browser/components/resistfingerprinting/test/browser/browser_exslt_time_precision.js
- + browser/components/resistfingerprinting/test/browser/browser_exslt_timezone_load.js
- dom/xslt/xslt/txEXSLTFunctions.cpp
Changes:
... | ... | @@ -505,7 +505,8 @@ var gPrivacyPane = { |
505 | 505 | let canConfigureThirdPartyCerts =
|
506 | 506 | (AppConstants.platform == "win" || AppConstants.platform == "macosx") &&
|
507 | 507 | typeof Services.policies.getActivePolicies()?.Certificates
|
508 | - ?.ImportEnterpriseRoots == "undefined";
|
|
508 | + ?.ImportEnterpriseRoots == "undefined" &&
|
|
509 | + !AppConstants.BASE_BROWSER_VERSION;
|
|
509 | 510 | |
510 | 511 | document.getElementById("certEnableThirdPartyToggleBox").hidden =
|
511 | 512 | !canConfigureThirdPartyCerts;
|
... | ... | @@ -196,3 +196,7 @@ lineno = "172" |
196 | 196 | |
197 | 197 | ["browser_timezone.js"]
|
198 | 198 | lineno = "176"
|
199 | + |
|
200 | +["browser_exslt_timezone_load.js"]
|
|
201 | + |
|
202 | +["browser_exslt_time_precision.js"] |
1 | +/**
|
|
2 | + * Bug 1912129 - A test case for verifying EXSLT date will report second-precise
|
|
3 | + * time fingerprinting resistance is enabled.
|
|
4 | + */
|
|
5 | + |
|
6 | +function getTime(tab) {
|
|
7 | + const extractTime = function () {
|
|
8 | + const xslText = `
|
|
9 | + <xsl:stylesheet version="1.0"
|
|
10 | + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
|
11 | + xmlns:date="http://exslt.org/dates-and-times"
|
|
12 | + extension-element-prefixes="date">
|
|
13 | + <xsl:output method="text" />
|
|
14 | + <xsl:template match="/">
|
|
15 | + <xsl:value-of select="date:date-time()" />
|
|
16 | + </xsl:template>
|
|
17 | + </xsl:stylesheet>`;
|
|
18 | + |
|
19 | + const parser = new DOMParser();
|
|
20 | + const xsltProcessor = new XSLTProcessor();
|
|
21 | + const xslStylesheet = parser.parseFromString(xslText, "application/xml");
|
|
22 | + xsltProcessor.importStylesheet(xslStylesheet);
|
|
23 | + const xmlDoc = parser.parseFromString("<test />", "application/xml");
|
|
24 | + const styledDoc = xsltProcessor.transformToDocument(xmlDoc);
|
|
25 | + const time = styledDoc.firstChild.textContent;
|
|
26 | + |
|
27 | + return time;
|
|
28 | + };
|
|
29 | + |
|
30 | + const extractTimeExpr = `(${extractTime.toString()})();`;
|
|
31 | + |
|
32 | + return SpecialPowers.spawn(
|
|
33 | + tab.linkedBrowser,
|
|
34 | + [extractTimeExpr],
|
|
35 | + async funccode => content.eval(funccode)
|
|
36 | + );
|
|
37 | +}
|
|
38 | + |
|
39 | +add_task(async function test_new_window() {
|
|
40 | + await SpecialPowers.pushPrefEnv({
|
|
41 | + set: [
|
|
42 | + ["privacy.fingerprintingProtection", true],
|
|
43 | + ["privacy.fingerprintingProtection.overrides", "+ReduceTimerPrecision"],
|
|
44 | + ],
|
|
45 | + });
|
|
46 | + |
|
47 | + // Open a tab for extracting the time from XSLT.
|
|
48 | + const tab = await BrowserTestUtils.openNewForegroundTab({
|
|
49 | + gBrowser,
|
|
50 | + opening: TEST_PATH + "file_dummy.html",
|
|
51 | + forceNewProcess: true,
|
|
52 | + });
|
|
53 | + |
|
54 | + for (let i = 0; i < 10; i++) {
|
|
55 | + // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
|
|
56 | + await new Promise(res => setTimeout(res, 25));
|
|
57 | + |
|
58 | + // The regex could be a lot shorter (e.g. /\.(\d{3})/) but I wrote the whole
|
|
59 | + // thing to make sure the time is in the expected format and to allow us
|
|
60 | + // to re-use this regex in the future if we need to.
|
|
61 | + // Note: Date format is not locale dependent.
|
|
62 | + const regex = /\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.(\d{3})[-+]\d{2}:\d{2}/;
|
|
63 | + const time = await getTime(tab);
|
|
64 | + const [, milliseconds] = time.match(regex);
|
|
65 | + |
|
66 | + is(milliseconds, "000", "Date's precision was reduced to seconds.");
|
|
67 | + }
|
|
68 | + |
|
69 | + BrowserTestUtils.removeTab(tab);
|
|
70 | + await SpecialPowers.popPrefEnv();
|
|
71 | +}); |
1 | +/**
|
|
2 | + * Bug 1891690 - A test case for verifying EXSLT date will use Atlantic/Reykjavik
|
|
3 | + * timezone (GMT and "real" equivalent to UTC) after fingerprinting
|
|
4 | + * resistance is enabled.
|
|
5 | + */
|
|
6 | + |
|
7 | +function getTimeZone(tab) {
|
|
8 | + const extractTime = function () {
|
|
9 | + const xslText = `
|
|
10 | + <xsl:stylesheet version="1.0"
|
|
11 | + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
|
12 | + xmlns:date="http://exslt.org/dates-and-times"
|
|
13 | + extension-element-prefixes="date">
|
|
14 | + <xsl:output method="text" />
|
|
15 | + <xsl:template match="/">
|
|
16 | + <xsl:value-of select="date:date-time()" />
|
|
17 | + </xsl:template>
|
|
18 | + </xsl:stylesheet>`;
|
|
19 | + |
|
20 | + const parser = new DOMParser();
|
|
21 | + const xsltProcessor = new XSLTProcessor();
|
|
22 | + const xslStylesheet = parser.parseFromString(xslText, "application/xml");
|
|
23 | + xsltProcessor.importStylesheet(xslStylesheet);
|
|
24 | + const xmlDoc = parser.parseFromString("<test />", "application/xml");
|
|
25 | + const styledDoc = xsltProcessor.transformToDocument(xmlDoc);
|
|
26 | + const time = styledDoc.firstChild.textContent;
|
|
27 | + |
|
28 | + return time;
|
|
29 | + };
|
|
30 | + |
|
31 | + const extractTimeExpr = `(${extractTime.toString()})();`;
|
|
32 | + |
|
33 | + return SpecialPowers.spawn(
|
|
34 | + tab.linkedBrowser,
|
|
35 | + [extractTimeExpr],
|
|
36 | + async funccode => content.eval(funccode)
|
|
37 | + );
|
|
38 | +}
|
|
39 | + |
|
40 | +add_task(async function test_new_window() {
|
|
41 | + await SpecialPowers.pushPrefEnv({
|
|
42 | + set: [
|
|
43 | + ["privacy.fingerprintingProtection", true],
|
|
44 | + ["privacy.fingerprintingProtection.overrides", "+JSDateTimeUTC"],
|
|
45 | + ],
|
|
46 | + });
|
|
47 | + |
|
48 | + // Open a tab for extracting the time zone from XSLT.
|
|
49 | + const tab = await BrowserTestUtils.openNewForegroundTab({
|
|
50 | + gBrowser,
|
|
51 | + opening: TEST_PATH + "file_dummy.html",
|
|
52 | + forceNewProcess: true,
|
|
53 | + });
|
|
54 | + |
|
55 | + SpecialPowers.Cu.getJSTestingFunctions().setTimeZone("America/Toronto");
|
|
56 | + const timeZone = await getTimeZone(tab);
|
|
57 | + |
|
58 | + ok(timeZone.endsWith("+00:00"), "Timezone was spoofed.");
|
|
59 | + |
|
60 | + BrowserTestUtils.removeTab(tab);
|
|
61 | + await SpecialPowers.popPrefEnv();
|
|
62 | +}); |
... | ... | @@ -590,14 +590,22 @@ nsresult txEXSLTFunctionCall::evaluate(txIEvalContext* aContext, |
590 | 590 | // http://exslt.org/date/functions/date-time/
|
591 | 591 | |
592 | 592 | PRExplodedTime prtime;
|
593 | - PR_ExplodeTime(PR_Now(),
|
|
594 | - nsContentUtils::ShouldResistFingerprinting(
|
|
595 | - "We are not allowed to access the document at this "
|
|
596 | - "stage (we are given a txEarlyEvalContext context).",
|
|
597 | - RFPTarget::JSDateTimeUTC)
|
|
598 | - ? PR_GMTParameters
|
|
599 | - : PR_LocalTimeParameters,
|
|
600 | - &prtime);
|
|
593 | + Document* sourceDoc = getSourceDocument(aContext);
|
|
594 | + NS_ENSURE_STATE(sourceDoc);
|
|
595 | + |
|
596 | + PRTimeParamFn timezone =
|
|
597 | + sourceDoc->ShouldResistFingerprinting(RFPTarget::JSDateTimeUTC)
|
|
598 | + ? PR_GMTParameters
|
|
599 | + : PR_LocalTimeParameters;
|
|
600 | + |
|
601 | + PRTime time =
|
|
602 | + sourceDoc->ShouldResistFingerprinting(RFPTarget::ReduceTimerPrecision)
|
|
603 | + ? (PRTime)nsRFPService::ReduceTimePrecisionAsSecs(
|
|
604 | + (double)PR_Now() / PR_USEC_PER_SEC, 0,
|
|
605 | + RTPCallerType::ResistFingerprinting) *
|
|
606 | + PR_USEC_PER_SEC
|
|
607 | + : PR_Now();
|
|
608 | + PR_ExplodeTime(time, timezone, &prtime);
|
|
601 | 609 | |
602 | 610 | int32_t offset =
|
603 | 611 | (prtime.tm_params.tp_gmt_offset + prtime.tm_params.tp_dst_offset) /
|
... | ... | @@ -641,7 +649,7 @@ Expr::ResultType txEXSLTFunctionCall::getReturnType() { |
641 | 649 | |
642 | 650 | bool txEXSLTFunctionCall::isSensitiveTo(ContextSensitivity aContext) {
|
643 | 651 | if (mType == txEXSLTType::NODE_SET || mType == txEXSLTType::SPLIT ||
|
644 | - mType == txEXSLTType::TOKENIZE) {
|
|
652 | + mType == txEXSLTType::TOKENIZE || mType == txEXSLTType::DATE_TIME) {
|
|
645 | 653 | return (aContext & PRIVATE_CONTEXT) || argsSensitiveTo(aContext);
|
646 | 654 | }
|
647 | 655 | return argsSensitiveTo(aContext);
|