[tor-commits] [Git][tpo/applications/mullvad-browser][mullvad-browser-140.3.0esr-15.0-1] fixup! BB 40925: Implemented the Security Level component

["Pier Angelo Vendrame (@pierov) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>]

Title: GitLab

Pier Angelo Vendrame pushed to branch mullvad-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser

Commits:

• c7cdcacd
  by Pier Angelo Vendrame at 2025-09-18T17:53:38+02:00

  fixup! BB 40925: Implemented the Security Level component
  
  BB 44178: Refactor DDG's change of behavior with sec level.
  
  With the highest security level, we use the HTML version of DuckDuckGo.
  We used to change the URL on the fly when doing the search, but this
  had some problems (different UI, and problems with DDG lite).
  
  With this change, we consider the security level when loading the
  search engine configuration, and change the search URLs at that point.
  

4 changed files:

• toolkit/components/search/SearchEngine.sys.mjs
• toolkit/components/search/SearchEngineSelector.sys.mjs
• toolkit/components/search/SearchService.sys.mjs
• toolkit/components/securitylevel/SecurityLevel.sys.mjs

Changes:

toolkit/components/search/SearchEngine.sys.mjs

---

...	...	@@ -14,7 +14,6 @@ const lazy = {};
14	14	ChromeUtils.defineESModuleGetters(lazy, {
15	15	SearchSettings: "moz-src:///toolkit/components/search/SearchSettings.sys.mjs",
16	16	SearchUtils: "moz-src:///toolkit/components/search/SearchUtils.sys.mjs",
17		- SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs",
18	17	OpenSearchEngine:
19	18	"moz-src:///toolkit/components/search/OpenSearchEngine.sys.mjs",
20	19	});
...	...	@@ -354,28 +353,6 @@ export class EngineURL {
354	353	escapedSearchTerms,
355	354	queryCharset
356	355	);
357		-
358		- if (
359		- lazy.SecurityLevelPrefs?.securityLevel === "safest" &&
360		- this.type === lazy.SearchUtils.URL_TYPE.SEARCH
361		- ) {
362		- let host = templateURI.host;
363		- try {
364		- host = Services.eTLD.getBaseDomainFromHost(host);
365		- } catch (ex) {
366		- lazy.logConsole.warn("Failed to get a FPD", ex, host);
367		- }
368		- if (host === "duckduckgo.com") {
369		- templateURI.host = "html.duckduckgo.com";
370		- templateURI.pathname = "/html";
371		- } else if (
372		- host ===
373		- "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion"
374		- ) {
375		- templateURI.pathname = "/html";
376		- }
377		- }
378		-
379	356	if (this.method == "GET" && paramString) {
380	357	// Query parameters may be specified in the template url AND in `this.params`.
381	358	// Thus, we need to supply both with the search terms and join them.

toolkit/components/search/SearchEngineSelector.sys.mjs

---

...	...	@@ -315,6 +315,9 @@ export class SearchEngineSelector {
315	315	* The name of the application.
316	316	* @param {string} [options.version]
317	317	* The version of the application.
	318	+ * @param {boolean} [options._javascript_Enabled]
	319	+ * Tell whether JS is enabled. If not, we will prefer plain HTML version of
	320	+ * search engines, when available.
318	321	* @returns {Promise<RefinedConfig>}
319	322	* An object which contains the refined configuration with a filtered list
320	323	* of search engines, and the identifiers for the application default engines.
...	...	@@ -327,6 +330,7 @@ export class SearchEngineSelector {
327	330	experiment,
328	331	appName = Services.appinfo.name ?? "",
329	332	version = Services.appinfo.version ?? "",
	333	+ _javascript_Enabled = true,
330	334	}) {
331	335	if (!this._configuration) {
332	336	await this.getEngineConfiguration();
...	...	@@ -461,6 +465,17 @@ export class SearchEngineSelector {
461	465	e => !e.optional
462	466	);
463	467
	468	+ if (!_javascript_Enabled) {
	469	+ refinedSearchConfig.engines = refinedSearchConfig.engines.map(e => {
	470	+ if (e.identifier === "ddg") {
	471	+ e.urls.search.base = "https://html.duckduckgo.com/html";
	472	+ } else if (e.identifier === "ddg-onion") {
	473	+ e.urls.search.base += "html";
	474	+ }
	475	+ return e;
	476	+ });
	477	+ }
	478	+
464	479	if (
465	480	!refinedSearchConfig.appDefaultEngineId ||
466	481	!refinedSearchConfig.engines.find(

toolkit/components/search/SearchService.sys.mjs

---

...	...	@@ -24,6 +24,7 @@ ChromeUtils.defineESModuleGetters(lazy, {
24	24	"moz-src:///toolkit/components/search/PolicySearchEngine.sys.mjs",
25	25	Region: "resource://gre/modules/Region.sys.mjs",
26	26	RemoteSettings: "resource://services-settings/remote-settings.sys.mjs",
	27	+ SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs",
27	28	SearchEngine: "moz-src:///toolkit/components/search/SearchEngine.sys.mjs",
28	29	SearchEngineSelector:
29	30	"moz-src:///toolkit/components/search/SearchEngineSelector.sys.mjs",
...	...	@@ -71,6 +72,7 @@ ChromeUtils.defineLazyGetter(lazy, "defaultOverrideAllowlist", () => {
71	72
72	73	const TOPIC_LOCALES_CHANGE = "intl:app-locales-changed";
73	74	const QUIT_APPLICATION_TOPIC = "quit-application";
	75	+const TOPIC_JSENABLED_CHANGED = "SecurityLevel:_javascript_EnabledChanged";
74	76
75	77	// The update timer for OpenSearch engines checks in once a day.
76	78	const OPENSEARCH_UPDATE_TIMER_TOPIC = "search-engine-update-timer";
...	...	@@ -2634,6 +2636,7 @@ export class SearchService {
2634	2636	channel: lazy.SearchUtils.MODIFIED_APP_CHANNEL,
2635	2637	experiment: this._experimentPrefValue,
2636	2638	distroID: lazy.SearchUtils.distroID ?? "",
	2639	+ _javascript_Enabled: lazy.SecurityLevelPrefs._javascript_Enabled,
2637	2640	};
2638	2641
2639	2642	for (let [key, value] of Object.entries(searchEngineSelectorProperties)) {
...	...	@@ -3527,6 +3530,7 @@ export class SearchService {
3527	3530	Services.obs.addObserver(this, lazy.SearchUtils.TOPIC_ENGINE_MODIFIED);
3528	3531	Services.obs.addObserver(this, QUIT_APPLICATION_TOPIC);
3529	3532	Services.obs.addObserver(this, TOPIC_LOCALES_CHANGE);
	3533	+ Services.obs.addObserver(this, TOPIC_JSENABLED_CHANGED);
3530	3534
3531	3535	this._settings.addObservers();
3532	3536
...	...	@@ -3589,6 +3593,7 @@ export class SearchService {
3589	3593	Services.obs.removeObserver(this, QUIT_APPLICATION_TOPIC);
3590	3594	Services.obs.removeObserver(this, TOPIC_LOCALES_CHANGE);
3591	3595	Services.obs.removeObserver(this, lazy.Region.REGION_TOPIC);
	3596	+ Services.obs.removeObserver(this, TOPIC_JSENABLED_CHANGED);
3592	3597	}
3593	3598
3594	3599	QueryInterface = ChromeUtils.generateQI([
...	...	@@ -3668,6 +3673,13 @@ export class SearchService {
3668	3673	Ci.nsISearchService.CHANGE_REASON_REGION
3669	3674	).catch(console.error);
3670	3675	break;
	3676	+
	3677	+ case TOPIC_JSENABLED_CHANGED:
	3678	+ lazy.logConsole.debug("_javascript_ toggled");
	3679	+ this._maybeReloadEngines(
	3680	+ Ci.nsISearchService.CHANGE_REASON_CONFIG
	3681	+ ).catch(console.error);
	3682	+ break;
3671	3683	}
3672	3684	}
3673	3685

toolkit/components/securitylevel/SecurityLevel.sys.mjs

---

...	...	@@ -402,6 +402,8 @@ var initializeSecurityPrefs = function () {
402	402	Services.prefs.setBoolPref(kCustomPref, false);
403	403	Services.prefs.setIntPref(kSliderPref, effectiveIndex);
404	404	}
	405	+ // Determine the _javascript_Enabled value *after* we have set kSliderPref.
	406	+ SecurityLevelPrefs.updateJavascriptEnabled();
405	407	// Warn the user if they have booted the browser in a custom state, and have
406	408	// not yet acknowledged it in a previous session.
407	409	SecurityLevelPrefs.maybeWarnCustom();
...	...	@@ -578,6 +580,42 @@ export const SecurityLevelPrefs = {
578	580	)?.[0];
579	581	},
580	582
	583	+ /**
	584	+ * Cached value for whether _javascript_ is enabled. `null` whilst undetermined.
	585	+ *
	586	+ * @type {?boolean}
	587	+ */
	588	+ _javascriptEnabled: null,
	589	+
	590	+ /**
	591	+ * Whether _javascript_ is enabled for web pages at the current security level.
	592	+ *
	593	+ * @type {boolean}
	594	+ */
	595	+ get _javascript_Enabled() {
	596	+ if (this._javascriptEnabled === null) {
	597	+ this.updateJavascriptEnabled();
	598	+ }
	599	+ return this._javascriptEnabled;
	600	+ },
	601	+
	602	+ /**
	603	+ * Update the _javascript_Enabled value.
	604	+ */
	605	+ updateJavascriptEnabled() {
	606	+ // NoScript will disable _javascript_ for web pages at the safest security
	607	+ // level.
	608	+ const enabled = this.securityLevel !== "safest";
	609	+ if (enabled === this._javascriptEnabled) {
	610	+ return;
	611	+ }
	612	+ this._javascriptEnabled = enabled;
	613	+ Services.obs.notifyObservers(
	614	+ null,
	615	+ "SecurityLevel:_javascript_EnabledChanged"
	616	+ );
	617	+ },
	618	+
581	619	/**
582	620	* Set the desired security level just before a restart.
583	621	*
...	...	@@ -587,6 +625,10 @@ export const SecurityLevelPrefs = {
587	625	*/
588	626	setSecurityLevelBeforeRestart(level) {
589	627	write_setting_to_prefs(this.SecurityLevels[level]);
	628	+ // NOTE: Do not call `updateJavascriptEnabled`. We are about to restart, so
	629	+ // consumers do not need to know about the change.
	630	+ // Moreover, the change has not reached NoScript, which controls the
	631	+ // _javascript_ changes.
590	632	},
591	633
592	634	/**
...	...	@@ -741,6 +783,8 @@ export const SecurityLevelPrefs = {
741	783	// still be marked as "custom" because:
742	784	// 1. Some preferences require a browser restart to be applied.
743	785	// 2. NoScript has not been updated with the new settings.
	786	+ // NOTE: Do not call `updateJavascriptEnabled` because the change has not
	787	+ // reached NoScript, which controls the _javascript_ changes.
744	788
745	789	this._tryShowNotifications({ restart: true, custom: true });
746	790	},

—
View it on GitLab.
You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help Notification message regarding https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/c7cdcacd91cea68445f61b137313a7a0b5c7d248 at 1758210833

_______________________________________________
tor-commits mailing list -- tor-commits@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-commits-leave@xxxxxxxxxxxxxxxxxxxx