[Pkg-mozext-commits] [SCM] torbutton Debian packaging branch, master, updated. debian/1.4.1-1
Jérémy Bobbio
lunar at debian.org
Wed Aug 31 07:27:00 UTC 2011
The following commit has been merged in the master branch:
commit f27e1d8a1e43a803417a47db0a72c9386cb4cc69
Merge: 74326eeaef47a629e25ce63d7f90c8989f4e995c 5c07a442485e323870ae40b7532d89a6696bc39e
Author: Jérémy Bobbio <lunar at debian.org>
Date: Tue Aug 30 15:09:27 2011 +0200
Merge commit 'upstream/1.4.1'
diff --combined src/chrome/content/torbutton.js
index eac8ad4,ee4b03e..3372cf5
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@@ -18,6 -18,11 +18,11 @@@ var m_tb_ff3 = false
var m_tb_ff35 = false;
var m_tb_ff36 = false;
var m_tb_ff4 = false;
+ var m_tb_tbb = false;
+
+ var m_tb_control_port = null;
+ var m_tb_control_host = null;
+ var m_tb_control_pass = null;
var torbutton_window_pref_observer =
{
@@@ -345,18 -350,10 +350,18 @@@ function torbutton_set_panel_view()
if (!o_statuspanel || !o_prefbranch) return;
// Firefox 4 has no toolbar panel
- var display_panel = o_prefbranch.getBoolPref('display_panel')
- && !m_tb_ff4;
+ var display_panel = o_prefbranch.getBoolPref('display_panel');
torbutton_log(2, 'setting panel visibility');
o_statuspanel.setAttribute('collapsed', !display_panel);
+
+ // Prevent the FF4 nav bar from making our menu invisible...
+ var o_toolbutton = torbutton_get_toolbutton();
+ if (o_toolbutton) {
+ var context = document.getElementById('torbutton-context-menu');
+ context.style.visibility = "visible";
+ context.hidden = false;
+ torbutton_log(3, "Set new context menu.");
+ }
}
function torbutton_set_panel_style() {
@@@ -390,10 -387,10 +395,10 @@@ function torbutton_toggle(force)
if (torbutton_check_status()) {
// Close on toggle before actually changing proxy settings
// as additional safety precaution
- torbutton_close_on_toggle(false);
+ torbutton_close_on_toggle(false, false);
torbutton_disable_tor();
} else {
- torbutton_close_on_toggle(true);
+ torbutton_close_on_toggle(true, false);
torbutton_enable_tor(false);
}
}
@@@ -441,6 -438,16 +446,6 @@@ function torbutton_init_toolbutton(
{
try {
torbutton_log(3, "Initializing the Torbutton button.");
- // Prevent the FF4 status bar from making our menu invisible...
- /* Not needed
- var o_toolbutton = torbutton_get_toolbutton();
- if (o_toolbutton) {
- var context = document.getElementById('torbutton-context-menu');
- context.style.visibility = "visible";
- context.hidden = false;
- torbutton_log(3, "Set new context menu.");
- }
- */
torbutton_update_toolbutton(torbutton_check_status());
} catch(e) {
torbutton_log(4, "Error Initializing Torbutton button: "+e);
@@@ -480,6 -487,27 +485,27 @@@ function torbutton_init()
m_tb_ff36 = false;
}
+ var environ = Components.classes["@mozilla.org/process/environment;1"]
+ .getService(Components.interfaces.nsIEnvironment);
+
+ if (environ.exists("TOR_CONTROL_PASSWD")) {
+ m_tb_control_pass = environ.get("TOR_CONTROL_PASSWD");
+
+ // FIXME: We might want a check to use to set this in the future,
+ // but this works fine for now.
+ m_tb_tbb = true;
+ }
+
+ if (environ.exists("TOR_CONTROL_PORT")) {
+ m_tb_control_port = environ.get("TOR_CONTROL_PORT");
+ }
+
+ if (environ.exists("TOR_CONTROL_HOST")) {
+ m_tb_control_host = environ.get("TOR_CONTROL_HOST");
+ } else {
+ m_tb_control_host = "127.0.0.1";
+ }
+
// initialize preferences before we start our prefs observer
torbutton_init_prefs();
@@@ -629,6 -657,9 +655,9 @@@ function torbutton_open_link_as_tor(tab
mainWindow.open(myURI.spec);
}
+
+
+
// this function duplicates a lot of code in preferences.js for deciding our
// recommended settings. figure out a way to eliminate the redundancy.
// TODO: Move it to torbutton_util.js?
@@@ -652,7 -683,7 +681,7 @@@ function torbutton_init_prefs()
torprefs.setBoolPref('use_privoxy', true);
if (torprefs.getBoolPref('use_privoxy')) {
- proxy_host = '127.0.0.1';
+ proxy_host = 'localhost';
proxy_port = 8118;
} else {
proxy_host = '';
@@@ -1188,6 -1219,225 +1217,225 @@@ function torbutton_set_uagent()
}
}
+ function torbutton_socket_readline(input) {
+ var str = "";
+ var bytes;
+ while((bytes = input.readBytes(1)) != "\n") {
+ str += bytes;
+ }
+ return str;
+ }
+
+ // Executes a command on the control port.
+ // Return 0 in error, 1 for success.
+ function torbutton_send_ctrl_cmd(command) {
+ try {
+ var socketTransportService = Components.classes["@mozilla.org/network/socket-transport-service;1"]
+ .getService(Components.interfaces.nsISocketTransportService);
+ var socket = socketTransportService.createTransport(null, 0, m_tb_control_host, m_tb_control_port, null);
+ var input = socket.openInputStream(3, 0, 0); // 3 == OPEN_BLOCKING|OPEN_UNBUFFERED
+ var output = socket.openOutputStream(3, 0, 0); // 3 == OPEN_BLOCKING|OPEN_UNBUFFERED
+
+ inputStream = Cc["@mozilla.org/binaryinputstream;1"].createInstance(Ci.nsIBinaryInputStream);
+ outputStream = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(Ci.nsIBinaryOutputStream);
+
+ inputStream.setInputStream(input);
+ outputStream.setOutputStream(output);
+
+ var auth_cmd = "AUTHENTICATE "+m_tb_control_pass+"\r\n";
+ outputStream.writeBytes(auth_cmd, auth_cmd.length);
+
+ var bytes = torbutton_socket_readline(inputStream);
+
+ if (bytes.indexOf("250") != 0) {
+ torbutton_safelog(4, "Unexpected auth response on control port "+m_tb_control_port+":", bytes);
+ return 0;
+ }
+
+ outputStream.writeBytes(command, command.length);
+ bytes = torbutton_socket_readline(inputStream);
+ if(bytes.indexOf("250") != 0) {
+ torbutton_safelog(4, "Unexpected command response on control port "+m_tb_control_port+":", bytes);
+ return 0;
+ }
+
+ socket.close(1);
+ return 1;
+ } catch(e) {
+ torbutton_log(4, "Exception on control port "+e);
+ return 0;
+ }
+ }
+
+ /* The "New Identity" implementation does the following:
+ * 1. Tag all tabs as non-tor
+ * 2. Disables Javascript and plugins on all tabs
+ * 3. Clears state:
+ * a. OCSP
+ * b. Cache
+ * c. Site-specific zoom
+ * d. Cookies+DOM Storage+safe browsing key
+ * e. google wifi geolocation token
+ * f. http auth
+ * g. SSL Session IDs
+ * h. last open location url
+ * i. clear content prefs
+ * 4. Sends tor the NEWNYM signal to get a new circuit
+ *
+ * XXX: intermediate SSL certificates are not cleared.
+ */
+ function torbutton_new_identity() {
+ var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+ .getService(Components.interfaces.nsIWindowMediator);
+ var enumerator = wm.getEnumerator("navigator:browser");
+ var closeWins = new Array();
+ while(enumerator.hasMoreElements()) {
+ var win = enumerator.getNext();
+ var browser = win.getBrowser();
+ if(!browser) {
+ torbutton_log(5, "No browser for possible closed window");
+ continue;
+ }
+ var tabs = browser.browsers.length;
+
+ torbutton_log(3, "Length: "+browser.browsers.length);
+
+ for(var i = 0; i < tabs; i++) {
+ torbutton_apply_tab_tag(browser, browser.browsers[i], false);
+ }
+ }
+
+ torbutton_toggle_jsplugins(true, true, true);
+
+ m_tb_prefs.setBoolPref("browser.zoom.siteSpecific",
+ !m_tb_prefs.getBoolPref("browser.zoom.siteSpecific"));
+ m_tb_prefs.setBoolPref("browser.zoom.siteSpecific",
+ !m_tb_prefs.getBoolPref("browser.zoom.siteSpecific"));
+
+ if(m_tb_ff35) {
+ try {
+ if(m_tb_prefs.prefHasUserValue("geo.wifi.access_token")) {
+ m_tb_prefs.clearUserPref("geo.wifi.access_token");
+ }
+ } catch(e) {
+ torbutton_log(3, "Exception on wifi token clear: "+e);
+ }
+ }
+
+ try {
+ if(m_tb_prefs.prefHasUserValue("general.open_location.last_url")) {
+ m_tb_prefs.clearUserPref("general.open_location.last_url");
+ }
+ } catch(e) {
+ torbutton_log(3, "Exception on wifi token clear: "+e);
+ }
+
+ torbutton_close_on_toggle(true, true);
+
+ if(m_tb_prefs.getBoolPref('extensions.torbutton.clear_http_auth')) {
+ var auth = Components.classes["@mozilla.org/network/http-auth-manager;1"].
+ getService(Components.interfaces.nsIHttpAuthManager);
+ auth.clearAll();
+ }
+
+ try {
+ var secMgr = Cc["@mozilla.org/security/crypto;1"].
+ getService(Ci.nsIDOMCrypto);
+ secMgr.logout();
+ torbutton_log(3, "nsIDOMCrypto logout succeeded");
+ } catch(e) {
+ torbutton_log(4, "Failed to use nsIDOMCrypto to clear SSL Session ids. Falling back to old method. Error: "+e);
+
+ // This clears the SSL Identifier Cache.
+ // See https://bugzilla.mozilla.org/show_bug.cgi?id=448747 and
+ // http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp#2134
+ m_tb_prefs.setBoolPref("security.enable_ssl2",
+ !m_tb_prefs.getBoolPref("security.enable_ssl2"));
+ m_tb_prefs.setBoolPref("security.enable_ssl2",
+ !m_tb_prefs.getBoolPref("security.enable_ssl2"));
+ }
+
+ // This clears the OCSP cache.
+ //
+ // nsNSSComponent::Observe() watches security.OCSP.enabled, which calls
+ // setOCSPOptions(), which if set to 0, calls CERT_DisableOCSPChecking(),
+ // which calls CERT_ClearOCSPCache().
+ // See: http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp
+ var ocsp = m_tb_prefs.getIntPref("security.OCSP.enabled");
+ m_tb_prefs.setIntPref("security.OCSP.enabled", 0);
+ m_tb_prefs.setIntPref("security.OCSP.enabled", ocsp);
+
+ // This clears the STS cache and site permissions on Tor Browser
+ // XXX: Tie to some kind of disk-ok pref?
+ try {
+ m_tb_prefs.setBoolPref('permissions.memory_only', false);
+ m_tb_prefs.setBoolPref('permissions.memory_only', true);
+ } catch(e) {
+ // Actually, this catch does not appear to be needed. Leaving it in for
+ // safety though.
+ torbutton_log(3, "Can't clear STS/Permissions: Not Tor Browser: "+e);
+ }
+
+ // This clears the undo tab history.
+ var tabs = m_tb_prefs.getIntPref("browser.sessionstore.max_tabs_undo");
+ m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", 0);
+ m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", tabs);
+
+ var cache = Components.classes["@mozilla.org/network/cache-service;1"].
+ getService(Components.interfaces.nsICacheService);
+ try {
+ cache.evictEntries(0);
+ } catch(e) {
+ torbutton_log(5, "Exception on cache clearing: "+e);
+ }
+
+ if (m_tb_prefs.getBoolPref('extensions.torbutton.cookie_protections')) {
+ var selector = Components.classes["@torproject.org/cookie-jar-selector;1"]
+ .getService(Components.interfaces.nsISupports)
+ .wrappedJSObject;
+ // This emits "cookie-changed", "cleared", which kills DOM storage
+ // and the safe browsing API key
+ selector.clearUnprotectedCookies("tor");
+ } else {
+ torbutton_clear_cookies();
+ }
+
+ var cps = Cc["@mozilla.org/content-pref/service;1"].
+ createInstance(Ci.nsIContentPrefService);
+ cps.removeGroupedPrefs();
+
+ // Force prefs to be synced to disk
+ var prefService = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefService);
+ prefService.savePrefFile(null);
+
+ // We only support TBB for newnym.
+ if (!m_tb_control_pass || !m_tb_control_port) {
+ var o_stringbundle = torbutton_get_stringbundle();
+ var warning = o_stringbundle.GetStringFromName("torbutton.popup.no_newnym");
+ torbutton_log(5, "Torbutton cannot safely newnym. It does not have access to the Tor Control Port.");
+ window.alert(warning);
+ } else {
+ if(torbutton_send_ctrl_cmd("SIGNAL NEWNYM\r\n") == 0) {
+ torbutton_log(5, "Torbutton was unable to request a new circuit from Tor");
+ }
+ }
+
+ torbutton_log(3, "New identity successful");
+
+ }
+
+ // toggles plugins: true for disabled, false for enabled
+ function torbutton_toggle_plugins(disable_plugins) {
+ if (m_tb_tbb) {
+ var PH=Cc["@mozilla.org/plugin/host;1"].getService(Ci.nsIPluginHost);
+ var P=PH.getPluginTags({});
+ for(var i=0; i<P.length; i++) {
+ P[i].disabled=disable_plugins;
+ }
+ }
+ }
+
// NOTE: If you touch any additional prefs in here, be sure to update
// the list in torbutton_util.js::torbutton_reset_browser_prefs()
@@@ -1234,6 -1484,8 +1482,8 @@@ function torbutton_update_status(mode,
// thread
torbutton_log(2, 'Toggling JS state');
+ torbutton_toggle_plugins(mode && torprefs.getBoolPref("no_tor_plugins"));
+
torbutton_toggle_jsplugins(mode,
changed && torprefs.getBoolPref("isolate_content"),
torprefs.getBoolPref("no_tor_plugins"));
@@@ -1563,7 -1815,7 +1813,7 @@@
torbutton_set_timezone(mode, false);
// This call also has to be here for 3rd party proxy changers.
- torbutton_close_on_toggle(mode);
+ torbutton_close_on_toggle(mode, false);
if(m_tb_prefs.getBoolPref('extensions.torbutton.clear_http_auth')) {
var auth = Components.classes["@mozilla.org/network/http-auth-manager;1"].
@@@ -1666,11 -1918,16 +1916,16 @@@
torbutton_log(3, "Settings applied for mode: "+mode);
}
- function torbutton_close_on_toggle(mode) {
+ function torbutton_close_on_toggle(mode, newnym) {
var close_tor = m_tb_prefs.getBoolPref("extensions.torbutton.close_tor");
var close_nontor = m_tb_prefs.getBoolPref("extensions.torbutton.close_nontor");
+ var close_newnym = m_tb_prefs.getBoolPref("extensions.torbutton.close_newnym");
- if((!close_tor && !mode) || (mode && !close_nontor)) {
+ if (newnym) {
+ if (!close_newnym) {
+ torbutton_log(3, "Not closing tabs");
+ }
+ } else if((mode && !close_nontor) || (!mode && !close_tor)) {
torbutton_log(3, "Not closing tabs");
return;
}
@@@ -1728,6 -1985,9 +1983,9 @@@ function torbutton_check_protections(
var locked_pref = m_tb_prefs.getBoolPref("extensions.torbutton.locked_mode")
document.getElementById("torbutton-cookie-protector").disabled = !cookie_pref;
document.getElementById("torbutton-toggle").collapsed = locked_pref;
+
+ if (!m_tb_control_pass || !m_tb_control_port)
+ document.getElementById("torbutton-new-identity").disabled = true;
}
function torbutton_open_cookie_dialog() {
@@@ -2228,7 -2488,7 +2486,7 @@@ function torbutton_jar_certs(mode)
// -------------- JS/PLUGIN HANDLING CODE ---------------------
- function torbutton_check_js_tag(browser, tor_enabled, js_enabled) {
+ function torbutton_check_js_tag(tabbrowser, browser, tor_enabled, js_enabled) {
var eventSuppressor = null;
if (typeof(browser.__tb_tor_fetched) == 'undefined') {
try {
@@@ -2239,7 -2499,7 +2497,7 @@@
// Defensive programming to tag this window here to
// an alternate tor state. It wil lmake this window totally
// useless, but that is better than some undefined state
- torbutton_apply_tab_tag(browser, !tor_enabled);
+ torbutton_apply_tab_tag(tabbrowser, browser, !tor_enabled);
}
/* Solution from: https://bugzilla.mozilla.org/show_bug.cgi?id=409737 */
@@@ -2304,10 -2564,12 +2562,12 @@@ function torbutton_toggle_win_jsplugins
if (b && b.docShell) {
// Only allow plugins if the tab load was from an
// non-tor state and the current tor state is off.
- if(kill_plugins)
- b.docShell.allowPlugins = !b.__tb_tor_fetched && !tor_enabled;
- else
- b.docShell.allowPlugins = true;
+ if (!m_tb_tbb) {
+ if(kill_plugins)
+ b.docShell.allowPlugins = !b.__tb_tor_fetched && !tor_enabled;
+ else
+ b.docShell.allowPlugins = true;
+ }
// Likewise for DNS prefetch
if(m_tb_ff35) {
@@@ -2318,7 -2580,7 +2578,7 @@@
}
if(isolate_dyn) {
- torbutton_check_js_tag(b, tor_enabled, js_enabled);
+ torbutton_check_js_tag(browser, b, tor_enabled, js_enabled);
// kill meta-refresh and existing page loading
b.webNavigation.stop(b.webNavigation.STOP_ALL);
}
@@@ -2380,26 -2642,32 +2640,32 @@@ tbHistoryListener.prototype =
OnHistoryReload: function(uri,flags) { return this.f1(); }
};
- function torbutton_apply_tab_tag(browser, tag) {
+ function torbutton_apply_tab_tag(tabbrowser, browser, tag) {
if (typeof(browser["__tb_tor_fetched"]) == "undefined" ||
browser.__tb_tor_fetched != tag) {
// Only update the browser's session store tag if the tag has changed.
// This is an expensive operation.
var ss = Components.classes["@mozilla.org/browser/sessionstore;1"]
.getService(Components.interfaces.nsISessionStore);
-
- // http://stackoverflow.com/questions/3374056/firefox-gbrowser-getbrowserfortab-but-no-gbrowser-gettabforbrowser
- var mTabs = gBrowser.mTabContainer.childNodes;
+
var tab = null;
- for (var i=0; i<mTabs.length; i++) {
- if (mTabs[i].linkedBrowser == browser) {
- tab = mTabs[i];
- }
+
+ // XXX: if tabbrowser is null, we may either write or omit session store data..
+ // This should only happen in toggle mode, though.
+ if (tabbrowser) {
+ // http://stackoverflow.com/questions/3374056/firefox-gbrowser-getbrowserfortab-but-no-gbrowser-gettabforbrowser
+ var mTabs = tabbrowser.mTabContainer.childNodes;
+ for (var i=0; i<mTabs.length; i++) {
+ if (mTabs[i].linkedBrowser == browser) {
+ tab = mTabs[i];
+ }
+ }
}
if (tab)
ss.setTabValue(tab, "__tb_tor_fetched", tag.toString());
else
torbutton_log(5, "No tab found for session store tag.");
+
}
var oldtag = browser.__tb_tor_fetched;
browser.__tb_tor_fetched = tag;
@@@ -2407,7 -2675,7 +2673,7 @@@
}
function torbutton_tag_new_browser(browser, tor_tag, no_plugins) {
- if (!tor_tag && no_plugins) {
+ if (!tor_tag && no_plugins && !m_tb_tbb) {
browser.docShell.allowPlugins = tor_tag;
}
@@@ -2420,7 -2688,7 +2686,7 @@@
// Only tag new windows
if (typeof(browser.__tb_tor_fetched) == 'undefined') {
torbutton_log(3, "Tagging new window: "+tor_tag);
- torbutton_apply_tab_tag(browser, !tor_tag);
+ torbutton_apply_tab_tag(gBrowser, browser, !tor_tag);
// XXX: Do we need to remove this listener on tab close?
// No, but we probably do need to remove it on window close!
@@@ -2449,21 -2717,6 +2715,21 @@@
}
}
+function torbutton_reload_homepage() {
+ var homepage = m_tb_prefs.getCharPref("browser.startup.homepage");
+ if (homepage.match(/chrome:\/\/.*\.properties$/)) {
+ try {
+ var bundle = Components.classes["@mozilla.org/intl/stringbundle;1"]
+ .getService(Components.interfaces.nsIStringBundleService);
+ var stringbundle = bundle.createBundle(homepage);
+ homepage = stringbundle.GetStringFromName("browser.startup.homepage");
+ } catch(err) {
+ torbutton_log(4, "Error while getting browser.startup.homepage:" + err);
+ }
+ }
+ gBrowser.loadURI(homepage, null, null);
+}
+
function torbutton_set_launch_state(state, session_restore) {
if (!m_tb_wasinited) torbutton_init();
var no_plugins = m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins");
@@@ -2491,7 -2744,7 +2757,7 @@@
if (state) {
if(b && b.docShell){
- if(no_plugins) b.docShell.allowPlugins = false;
+ if(no_plugins && !m_tb_tbb) b.docShell.allowPlugins = false;
if(m_tb_ff35) {
if (!m_tb_ff36) /* Unified with nsIDocShell in 3.6 */
b.docShell.QueryInterface(Ci.nsIDocShell_MOZILLA_1_9_1_dns);
@@@ -2508,7 -2761,7 +2774,7 @@@
}
}
}
- torbutton_apply_tab_tag(b, state);
+ torbutton_apply_tab_tag(browser, b, state);
}
}
@@@ -2523,7 -2776,8 +2789,7 @@@
// Load our homepage again. We just killed it via the toggle.
if (!session_restore) {
- var homepage = m_tb_prefs.getCharPref("browser.startup.homepage");
- gBrowser.loadURI(homepage, null, null);
+ torbutton_reload_homepage();
}
} else {
torbutton_log(3, "Leaving tor disabled");
@@@ -2536,7 -2790,8 +2802,7 @@@
// Load our homepage again. We just killed it via the toggle.
if (!session_restore) {
- var homepage = m_tb_prefs.getCharPref("browser.startup.homepage");
- gBrowser.loadURI(homepage, null, null);
+ torbutton_reload_homepage();
}
}
}
@@@ -3482,6 -3737,10 +3748,10 @@@ function torbutton_do_startup(
torbutton_log(3, "Remoting window closed.");
}
}
+
+ torbutton_toggle_plugins(tor_enabled
+ && m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins"));
+
if (tor_enabled) {
// Need to maybe generate google cookie if tor is enabled
@@@ -3866,7 -4125,7 +4136,7 @@@ function torbutton_update_tags(win, new
// Defensive programming to tag this window here to
// an alternate tor state. It wil lmake this window totally
// useless, but that is better than some undefined state
- torbutton_apply_tab_tag(browser, tor_tag);
+ torbutton_apply_tab_tag(null, browser, tor_tag);
}
if(browser.__tb_tor_fetched != !tor_tag) {
tag_change = true;
@@@ -3898,8 -4157,11 +4168,11 @@@
}
}
- torbutton_apply_tab_tag(browser, !tor_tag);
- browser.docShell.allowPlugins = tor_tag || !kill_plugins;
+ torbutton_apply_tab_tag(null, browser, !tor_tag);
+
+ if (!m_tb_tbb) {
+ browser.docShell.allowPlugins = tor_tag || !kill_plugins;
+ }
/* We want to disable allowDNSPrefetch on Tor-loaded tabs
* before the load, because we don't want prefetch to be enabled
@@@ -3953,7 -4215,7 +4226,7 @@@
// - http://swik.net/User:Staple/JavaScript+Popup+Windows+Generation+and+Testing+Tutorials
// - pure javascript pages/non-text/html pages
// - Messing with variables/existing hooks
- function torbutton_hookdoc(win, doc, state_change) {
+ function torbutton_hookdoc(win, doc, state_change, referrer) {
if(typeof(win.wrappedJSObject) == 'undefined') {
torbutton_eclog(3, "No JSObject: "+win.location);
return;
@@@ -3963,6 -4225,21 +4236,21 @@@
if(doc && doc.doctype) {
torbutton_log(2, "Type: "+doc.doctype.name);
}
+
+ try {
+ // Ticket #3414: Apply referer policy to window.name.
+ //
+ // This keeps window.name clean between fresh urls.
+ // It should also apply to iframes because hookdoc gets called for all
+ // frames and subdocuments.
+ if (!referrer || referrer.spec == "") {
+ win.name = null;
+ win.window.name = null;
+ }
+ } catch(e) {
+ torbutton_log(4, "Failed to reset window.name: "+e)
+ }
+
var js_enabled = m_tb_prefs.getBoolPref("javascript.enabled");
@@@ -4211,7 -4488,12 +4499,12 @@@ function torbutton_check_progress(aProg
if(doc) {
var tag_change = torbutton_update_tags(DOMWindow.window, new_loc);
if(doc.domain) {
- torbutton_hookdoc(DOMWindow.window, doc, tag_change);
+ var referrer = null;
+ try {
+ var hreq = aRequest.QueryInterface(Ci.nsIHttpChannel);
+ referrer = hreq.referrer;
+ } catch(e) {}
+ torbutton_hookdoc(DOMWindow.window, doc, tag_change, referrer);
}
}
} catch(e) {
--
torbutton Debian packaging
More information about the Pkg-mozext-commits
mailing list