[tor-commits] [Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.5-1] 2 commits: Bug 1849186 - Add a preference not to expose the content title in the window...
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Thu Nov 16 12:37:50 UTC 2023
Pier Angelo Vendrame pushed to branch base-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
2d2fd4cb by Pier Angelo Vendrame at 2023-11-16T13:36:51+01:00
Bug 1849186 - Add a preference not to expose the content title in the window title. r=Gijs,tabbrowser-reviewers,dao
Differential Revision: https://phabricator.services.mozilla.com/D190496
- - - - -
c6af08e3 by Pier Angelo Vendrame at 2023-11-16T13:36:52+01:00
fixup! Firefox preference overrides.
Bug 41988: Do not expose page titles in winow title
- - - - -
4 changed files:
- browser/app/profile/001-base-profile.js
- browser/app/profile/firefox.js
- browser/base/content/tabbrowser.js
- browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js
Changes:
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -86,6 +86,12 @@ pref("browser.sessionstore.resume_from_crash", false);
// Disable capturing thumbnails (tor-browser#41595)
// Also not needed in PBM at the moment.
pref("browser.pagethumbnails.capturing_disabled", true);
+// tor-browser#41988: Remove page titles from window titles to prevent possible
+// disk leaks, e.g., in system logs.
+// For example, it happened that GNOME shell logged the window name that caused
+// JS errors/unexpected conditions for unrelated issues.
+pref("privacy.exposeContentTitleInWindow", false);
+pref("privacy.exposeContentTitleInWindow.pbm", false);
// Empty clipboard content from private windows on exit (tor-browser#42154)
pref("browser.privatebrowsing.preserveClipboard", false);
=====================================
browser/app/profile/firefox.js
=====================================
@@ -968,7 +968,7 @@ pref("privacy.panicButton.enabled", true);
// Time until temporary permissions expire, in ms
pref("privacy.temporary_permission_expire_time_ms", 3600000);
-// Enables protection mechanism against password spoofing for cross domain auh requests
+// Enables protection mechanism against password spoofing for cross domain auth requests
// See bug 791594
pref("privacy.authPromptSpoofingProtection", true);
@@ -2104,6 +2104,12 @@ pref("privacy.webrtc.sharedTabWarning", false);
// before navigating to the actual meeting room page. Doesn't survive tab close.
pref("privacy.webrtc.deviceGracePeriodTimeoutMs", 3600000);
+// Enable including the content in the window title.
+// PBM users might want to disable this to avoid a possible source of disk
+// leaks.
+pref("privacy.exposeContentTitleInWindow", true);
+pref("privacy.exposeContentTitleInWindow.pbm", true);
+
// Start the browser in e10s mode
pref("browser.tabs.remote.autostart", true);
pref("browser.tabs.remote.desktopbehavior", true);
=====================================
browser/base/content/tabbrowser.js
=====================================
@@ -102,6 +102,18 @@
true
);
});
+ XPCOMUtils.defineLazyPreferenceGetter(
+ this,
+ "_shouldExposeContentTitle",
+ "privacy.exposeContentTitleInWindow",
+ true
+ );
+ XPCOMUtils.defineLazyPreferenceGetter(
+ this,
+ "_shouldExposeContentTitlePbm",
+ "privacy.exposeContentTitleInWindow.pbm",
+ true
+ );
if (AppConstants.MOZ_CRASHREPORTER) {
ChromeUtils.defineModuleGetter(
@@ -1072,6 +1084,19 @@
getWindowTitleForBrowser(aBrowser) {
let docElement = document.documentElement;
let title = "";
+ let dataSuffix =
+ docElement.getAttribute("privatebrowsingmode") == "temporary"
+ ? "Private"
+ : "Default";
+ let defaultTitle = docElement.dataset["title" + dataSuffix];
+
+ if (
+ !this._shouldExposeContentTitle ||
+ (PrivateBrowsingUtils.isWindowPrivate(window) &&
+ !this._shouldExposeContentTitlePbm)
+ ) {
+ return defaultTitle;
+ }
// If location bar is hidden and the URL type supports a host,
// add the scheme and host to the title to prevent spoofing.
@@ -1109,10 +1134,6 @@
title += tab.getAttribute("label").replace(/\0/g, "");
}
- let dataSuffix =
- docElement.getAttribute("privatebrowsingmode") == "temporary"
- ? "Private"
- : "Default";
if (title) {
// We're using a function rather than just using `title` as the
// new substring to avoid `$$`, `$'` etc. having a special
@@ -1125,7 +1146,7 @@
);
}
- return docElement.dataset["title" + dataSuffix];
+ return defaultTitle;
},
updateTitlebar() {
=====================================
browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js
=====================================
@@ -107,4 +107,34 @@ add_task(async function test() {
true,
pb_about_pb_title
);
+
+ await SpecialPowers.pushPrefEnv({
+ set: [["privacy.exposeContentTitleInWindow.pbm", false]],
+ });
+ await testTabTitle(await openWin(false), testPageURL, false, page_with_title);
+ await testTabTitle(
+ await openWin(true),
+ testPageURL,
+ true,
+ pb_page_without_title
+ );
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["privacy.exposeContentTitleInWindow", false],
+ ["privacy.exposeContentTitleInWindow.pbm", true],
+ ],
+ });
+ await testTabTitle(
+ await openWin(false),
+ testPageURL,
+ false,
+ page_without_title
+ );
+ // The generic preference set to false is intended to override the PBM one
+ await testTabTitle(
+ await openWin(true),
+ testPageURL,
+ true,
+ pb_page_without_title
+ );
});
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d25471547dc13074683a6c295326ed19ab4a239a...c6af08e3e56f054e74a9ebab77e83fa7bfe4b0fb
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d25471547dc13074683a6c295326ed19ab4a239a...c6af08e3e56f054e74a9ebab77e83fa7bfe4b0fb
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20231116/2b80764b/attachment-0001.htm>
More information about the tor-commits
mailing list