tbb-commits
Threads by month
- ----- 2025 -----
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
December 2021
- 4 participants
- 268 discussions
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 23247: Communicating security expectations for .onion
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit e4b1a35514931573417c7d3d7c76239609f5afdf
Author: Richard Pospesel <richard(a)torproject.org>
Date: Fri Jun 8 13:38:40 2018 -0700
Bug 23247: Communicating security expectations for .onion
Encrypting pages hosted on Onion Services with SSL/TLS is redundant
(in terms of hiding content) as all traffic within the Tor network is
already fully encrypted. Therefore, serving HTTP pages from an Onion
Service is more or less fine.
Prior to this patch, Tor Browser would mostly treat pages delivered
via Onion Services as well as pages delivered in the ordinary fashion
over the internet in the same way. This created some inconsistencies
in behaviour and misinformation presented to the user relating to the
security of pages delivered via Onion Services:
- HTTP Onion Service pages did not have any 'lock' icon indicating
the site was secure
- HTTP Onion Service pages would be marked as unencrypted in the Page
Info screen
- Mixed-mode content restrictions did not apply to HTTP Onion Service
pages embedding Non-Onion HTTP content
This patch fixes the above issues, and also adds several new 'Onion'
icons to the mix to indicate all of the various permutations of Onion
Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
Strings for Onion Service Page Info page are pulled from Torbutton's
localization strings.
---
browser/base/content/browser-siteIdentity.js | 39 ++++++++-----
browser/base/content/pageinfo/security.js | 64 ++++++++++++++++++----
.../shared/identity-block/identity-block.inc.css | 19 +++++++
.../themes/shared/identity-block/onion-slash.svg | 13 +++++
.../themes/shared/identity-block/onion-warning.svg | 9 +++
browser/themes/shared/identity-block/onion.svg | 8 +++
browser/themes/shared/jar.inc.mn | 3 +
dom/base/nsContentUtils.cpp | 19 +++++++
dom/base/nsContentUtils.h | 5 ++
dom/base/nsGlobalWindowOuter.cpp | 3 +-
dom/ipc/WindowGlobalActor.cpp | 4 +-
dom/ipc/WindowGlobalChild.cpp | 6 +-
dom/security/nsMixedContentBlocker.cpp | 16 +++++-
.../modules/geckoview/GeckoViewProgress.jsm | 4 ++
security/manager/ssl/nsSecureBrowserUI.cpp | 12 ++++
15 files changed, 193 insertions(+), 31 deletions(-)
diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js
index 91940db44ca4..b616e3d3a635 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -140,6 +140,10 @@ var gIdentityHandler = {
);
},
+ get _uriIsOnionHost() {
+ return this._uriHasHost ? this._uri.host.toLowerCase().endsWith(".onion") : false;
+ },
+
get _isAboutNetErrorPage() {
return (
gBrowser.selectedBrowser.documentURI &&
@@ -743,9 +747,9 @@ var gIdentityHandler = {
get pointerlockFsWarningClassName() {
// Note that the fullscreen warning does not handle _isSecureInternalUI.
if (this._uriHasHost && this._isSecureConnection) {
- return "verifiedDomain";
+ return this._uriIsOnionHost ? "onionVerifiedDomain" : "verifiedDomain";
}
- return "unknownIdentity";
+ return this._uriIsOnionHost ? "onionUnknownIdentity" : "unknownIdentity";
},
/**
@@ -753,6 +757,10 @@ var gIdentityHandler = {
* built-in (returns false) or imported (returns true).
*/
_hasCustomRoot() {
+ if (!this._secInfo) {
+ return false;
+ }
+
let issuerCert = null;
issuerCert = this._secInfo.succeededCertChain[
this._secInfo.succeededCertChain.length - 1
@@ -795,11 +803,13 @@ var gIdentityHandler = {
"identity.extension.label",
[extensionName]
);
- } else if (this._uriHasHost && this._isSecureConnection) {
+ } else if (this._uriHasHost && this._isSecureConnection && this._secInfo) {
// This is a secure connection.
- this._identityBox.className = "verifiedDomain";
+ // _isSecureConnection implicitly includes onion services, which may not have an SSL certificate
+ const uriIsOnionHost = this._uriIsOnionHost;
+ this._identityBox.className = uriIsOnionHost ? "onionVerifiedDomain" : "verifiedDomain";
if (this._isMixedActiveContentBlocked) {
- this._identityBox.classList.add("mixedActiveBlocked");
+ this._identityBox.classList.add(uriIsOnionHost ? "onionMixedActiveBlocked" : "mixedActiveBlocked");
}
if (!this._isCertUserOverridden) {
// It's a normal cert, verifier is the CA Org.
@@ -810,17 +820,17 @@ var gIdentityHandler = {
}
} else if (this._isBrokenConnection) {
// This is a secure connection, but something is wrong.
- this._identityBox.className = "unknownIdentity";
+ const uriIsOnionHost = this._uriIsOnionHost;
+ this._identityBox.className = uriIsOnionHost ? "onionUnknownIdentity" : "unknownIdentity";
if (this._isMixedActiveContentLoaded) {
- this._identityBox.classList.add("mixedActiveContent");
+ this._identityBox.classList.add(uriIsOnionHost ? "onionMixedActiveContent" : "mixedActiveContent");
} else if (this._isMixedActiveContentBlocked) {
- this._identityBox.classList.add(
- "mixedDisplayContentLoadedActiveBlocked"
- );
+ this._identityBox.classList.add(uriIsOnionHost ? "onionMixedDisplayContentLoadedActiveBlocked" : "mixedDisplayContentLoadedActiveBlocked");
} else if (this._isMixedPassiveContentLoaded) {
- this._identityBox.classList.add("mixedDisplayContent");
+ this._identityBox.classList.add(uriIsOnionHost ? "onionMixedDisplayContent" : "mixedDisplayContent");
} else {
+ // TODO: ignore weak https cipher for onionsites?
this._identityBox.classList.add("weakCipher");
}
} else if (this._isAboutCertErrorPage) {
@@ -833,8 +843,8 @@ var gIdentityHandler = {
// Network errors and blocked pages get a more neutral icon
this._identityBox.className = "unknownIdentity";
} else if (this._isPotentiallyTrustworthy) {
- // This is a local resource (and shouldn't be marked insecure).
- this._identityBox.className = "localResource";
+ // This is a local resource or an onion site (and shouldn't be marked insecure).
+ this._identityBox.className = this._uriIsOnionHost ? "onionUnknownIdentity" : "localResource";
} else {
// This is an insecure connection.
let warnOnInsecure =
@@ -858,7 +868,8 @@ var gIdentityHandler = {
}
if (this._isCertUserOverridden) {
- this._identityBox.classList.add("certUserOverridden");
+ const uriIsOnionHost = this._uriIsOnionHost;
+ this._identityBox.classList.add(uriIsOnionHost ? "onionCertUserOverridden" : "certUserOverridden");
// Cert is trusted because of a security exception, verifier is a special string.
tooltip = gNavigatorBundle.getString(
"identity.identified.verified_by_you"
diff --git a/browser/base/content/pageinfo/security.js b/browser/base/content/pageinfo/security.js
index 1222c8b0ec35..8d10c8df814c 100644
--- a/browser/base/content/pageinfo/security.js
+++ b/browser/base/content/pageinfo/security.js
@@ -22,6 +22,13 @@ ChromeUtils.defineModuleGetter(
"PluralForm",
"resource://gre/modules/PluralForm.jsm"
);
+XPCOMUtils.defineLazyGetter(
+ this,
+ "gTorButtonBundle",
+ function() {
+ return Services.strings.createBundle("chrome://torbutton/locale/torbutton.properties");
+ }
+);
var security = {
async init(uri, windowInfo) {
@@ -60,6 +67,11 @@ var security = {
(Ci.nsIWebProgressListener.STATE_LOADED_MIXED_ACTIVE_CONTENT |
Ci.nsIWebProgressListener.STATE_LOADED_MIXED_DISPLAY_CONTENT);
var isEV = ui.state & Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL;
+ var isOnion = false;
+ const hostName = this.windowInfo.hostName;
+ if (hostName && hostName.endsWith(".onion")) {
+ isOnion = true;
+ }
let retval = {
cAName: "",
@@ -69,6 +81,7 @@ var security = {
isBroken,
isMixed,
isEV,
+ isOnion,
cert: null,
certificateTransparency: null,
};
@@ -107,6 +120,7 @@ var security = {
isBroken,
isMixed,
isEV,
+ isOnion,
cert,
certChain: certChainArray,
certificateTransparency: undefined,
@@ -348,22 +362,50 @@ async function securityOnLoad(uri, windowInfo) {
}
msg2 = pkiBundle.getString("pageInfo_Privacy_None2");
} else if (info.encryptionStrength > 0) {
- hdr = pkiBundle.getFormattedString(
- "pageInfo_EncryptionWithBitsAndProtocol",
- [info.encryptionAlgorithm, info.encryptionStrength + "", info.version]
- );
+ if (!info.isOnion) {
+ hdr = pkiBundle.getFormattedString(
+ "pageInfo_EncryptionWithBitsAndProtocol",
+ [info.encryptionAlgorithm, info.encryptionStrength + "", info.version]
+ );
+ } else {
+ try {
+ hdr = gTorButtonBundle.formatStringFromName(
+ "pageInfo_OnionEncryptionWithBitsAndProtocol",
+ [info.encryptionAlgorithm, info.encryptionStrength + "", info.version]
+ );
+ } catch(err) {
+ hdr = "Connection Encrypted (Onion Service, "
+ + info.encryptionAlgorithm
+ + ", "
+ + info.encryptionStrength
+ + " bit keys, "
+ + info.version
+ + ")";
+ }
+ }
msg1 = pkiBundle.getString("pageInfo_Privacy_Encrypted1");
msg2 = pkiBundle.getString("pageInfo_Privacy_Encrypted2");
} else {
- hdr = pkiBundle.getString("pageInfo_NoEncryption");
- if (windowInfo.hostName != null) {
- msg1 = pkiBundle.getFormattedString("pageInfo_Privacy_None1", [
- windowInfo.hostName,
- ]);
+ if (!info.isOnion) {
+ hdr = pkiBundle.getString("pageInfo_NoEncryption");
+ if (windowInfo.hostName != null) {
+ msg1 = pkiBundle.getFormattedString("pageInfo_Privacy_None1", [
+ windowInfo.hostName,
+ ]);
+ } else {
+ msg1 = pkiBundle.getString("pageInfo_Privacy_None4");
+ }
+ msg2 = pkiBundle.getString("pageInfo_Privacy_None2");
} else {
- msg1 = pkiBundle.getString("pageInfo_Privacy_None4");
+ try {
+ hdr = gTorButtonBundle.GetStringFromName("pageInfo_OnionEncryption");
+ } catch (err) {
+ hdr = "Connection Encrypted (Onion Service)";
+ }
+
+ msg1 = pkiBundle.getString("pageInfo_Privacy_Encrypted1");
+ msg2 = pkiBundle.getString("pageInfo_Privacy_Encrypted2");
}
- msg2 = pkiBundle.getString("pageInfo_Privacy_None2");
}
setText("security-technical-shortform", hdr);
setText("security-technical-longform1", msg1);
diff --git a/browser/themes/shared/identity-block/identity-block.inc.css b/browser/themes/shared/identity-block/identity-block.inc.css
index cd117f6d0cf3..a863d1d7d20e 100644
--- a/browser/themes/shared/identity-block/identity-block.inc.css
+++ b/browser/themes/shared/identity-block/identity-block.inc.css
@@ -206,6 +206,25 @@ toolbar[brighttext] #identity-box[pageproxystate="valid"].chromeUI #identity-ico
list-style-image: url(chrome://global/skin/icons/security-broken.svg);
}
+#identity-box[pageproxystate="valid"].onionUnknownIdentity #identity-icon,
+#identity-box[pageproxystate="valid"].onionVerifiedDomain #identity-icon,
+#identity-box[pageproxystate="valid"].onionMixedActiveBlocked #identity-icon {
+ list-style-image: url(chrome://browser/skin/onion.svg);
+ visibility: visible;
+}
+
+#identity-box[pageproxystate="valid"].onionMixedDisplayContent #identity-icon,
+#identity-box[pageproxystate="valid"].onionMixedDisplayContentLoadedActiveBlocked #identity-icon,
+#identity-box[pageproxystate="valid"].onionCertUserOverridden #identity-icon {
+ list-style-image: url(chrome://browser/skin/onion-warning.svg);
+ visibility: visible;
+}
+
+#identity-box[pageproxystate="valid"].onionMixedActiveContent #identity-icon {
+ list-style-image: url(chrome://browser/skin/onion-slash.svg);
+ visibility: visible;
+}
+
#permissions-granted-icon {
list-style-image: url(chrome://browser/skin/permissions.svg);
}
diff --git a/browser/themes/shared/identity-block/onion-slash.svg b/browser/themes/shared/identity-block/onion-slash.svg
new file mode 100644
index 000000000000..d049bcd39cae
--- /dev/null
+++ b/browser/themes/shared/identity-block/onion-slash.svg
@@ -0,0 +1,13 @@
+<svg viewBox="0 0 16 16" width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+ <g fill-opacity="context-fill-opacity" fill="context-fill">
+ <path d="m13.3034 13.3032c-1.3572 1.3573-3.2323 2.1968-5.3034 2.1968-4.14214 0-7.5-3.3579-7.5-7.5 0-2.07093.83935-3.94582 2.19643-5.30303l.82867.82861c-1.14502 1.14515-1.85322 2.72708-1.85322 4.47442 0 3.4949 2.83319 6.3281 6.32812 6.3281 1.74752 0 3.3296-.7083 4.4748-1.8536z"/>
+ <path d="m14.1137 12.3453c.8729-1.226 1.3863-2.72567 1.3863-4.3453 0-4.14214-3.3579-7.5-7.5-7.5-1.61963 0-3.11935.51339-4.34531 1.38631l.84258.84258c1.00297-.66783 2.2074-1.05701 3.50273-1.05701 3.4949 0 6.3281 2.83319 6.3281 6.32812 0 1.29533-.3892 2.4998-1.057 3.5027z"/>
+ <path d="m12.4902 10.7218c.4822-.79365.7598-1.7253.7598-2.72181 0-2.89949-2.3505-5.25-5.25001-5.25-.9965 0-1.92816.27764-2.72184.75978l.86063.86062c.558-.28671 1.19071-.44852 1.86121-.44852 2.25231 0 4.07811 1.82584 4.07811 4.07812 0 .67051-.1618 1.30322-.4485 1.86122z"/>
+ <path d="m11.7124 11.7122-.8287-.8286c-.738.738-1.75754 1.1945-2.88371 1.1945-2.25228 0-4.07812-1.8258-4.07812-4.07811 0-1.12605.45639-2.14551 1.19428-2.88349l-.82868-.82861c-.94994.95005-1.53748 2.26246-1.53748 3.7121 0 2.89951 2.35051 5.25001 5.25 5.25001 1.44979 0 2.76231-.5877 3.71241-1.5378z"/>
+ <path d="m5.87853 5.87883c-.5428.54288-.87853 1.29282-.87853 2.12117 0 1.65686 1.34315 3 3 3 .82844 0 1.57845-.3358 2.1213-.8787l-.82863-.8286c-.33083.33081-.78785.53543-1.29267.53543-1.00964 0-1.82812-.81848-1.82812-1.82813 0-.50476.20457-.96175.53533-1.29256z"/>
+ <path d="m9.8272 8.05881c.00062-.01952.00093-.03913.00093-.05881 0-1.00964-.81848-1.82812-1.82813-1.82812-.01968 0-.03928.00031-.05881.00093l-.98589-.9859c.32532-.12086.6773-.18691 1.0447-.18691 1.65686 0 3 1.34315 3 3 0 .3674-.066.71938-.1869 1.04471z"/>
+ <path d="m8 15.5c-4.14214 0-7.5-3.3579-7.5-7.5 0-2.07093.83935-3.94582 2.19643-5.30303l5.30357 5.30316z"/>
+ <path d="m8 6.23161v-5.73161c-1.61963 0-3.11935.51339-4.34531 1.38631z"/>
+ </g>
+ <path d="m14.1161 15.6245c-.0821.0001-.1634-.016-.2393-.0474-.0758-.0314-.1447-.0775-.2027-.1356l-12.749984-12.749c-.109266-.11882-.168406-.27526-.165071-.43666.003335-.16139.068886-.31525.182967-.42946.114078-.11421.267868-.17994.429258-.18345.16139-.00352.3179.05544.43685.16457l12.74998 12.75c.1168.1176.1824.2767.1824.4425s-.0656.3249-.1824.4425c-.058.058-.1269.1039-.2028.1352-.0759.0312-.1571.0471-.2392.0468z" fill="#ff0039"/>
+</svg>
diff --git a/browser/themes/shared/identity-block/onion-warning.svg b/browser/themes/shared/identity-block/onion-warning.svg
new file mode 100644
index 000000000000..e078f5ea6e33
--- /dev/null
+++ b/browser/themes/shared/identity-block/onion-warning.svg
@@ -0,0 +1,9 @@
+<svg viewBox="0 0 16 16" width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+ <g fill-opacity="context-fill-opacity" fill="context-fill">
+ <path d="m6.23025 15.393c-3.53742-.6033-6.23025-3.6837-6.23025-7.393 0-4.14214 3.35786-7.5 7.5-7.5 4.1421 0 7.5 3.35786 7.5 7.5 0 .66904-.0876 1.31762-.252 1.9349l-.9277-1.61757c.0052-.10512.0078-.21092.0078-.31733 0-3.49493-2.8332-6.32812-6.3281-6.32812-3.49493 0-6.32812 2.83319-6.32812 6.32812 0 2.9851 2.06684 5.4874 4.84752 6.154-.05998.4351.02161.8644.21085 1.239z"/>
+ <path d="m6.42277 13.1394c-2.38278-.4969-4.17278-2.6091-4.17278-5.13941 0-2.89949 2.35051-5.25 5.25-5.25 2.48426 0 4.56551 1.72549 5.11071 4.04336-.4001-.23081-.8624-.32542-1.3135-.28382-.5952-1.51508-2.07094-2.58766-3.79721-2.58766-2.25228 0-4.07812 1.82584-4.07812 4.07812 0 2.09871 1.58539 3.82721 3.6239 4.05311z"/>
+ <path d="m10.2788 6.8674c-.44688-1.09541-1.52269-1.8674-2.7788-1.8674-1.65685 0-3 1.34315-3 3 0 1.65686 1.34315 3 3 3 .05095 0 .10161-.0013.15193-.0038l.83612-1.45782c-.28491.18337-.62405.28975-.98805.28975-1.00964 0-1.82812-.81848-1.82812-1.82813 0-1.00964.81848-1.82812 1.82812-1.82812 1.00965 0 1.82813.81848 1.82813 1.82812 0 .02558-.00053.05104-.00157.07637l.27582-.48091c.17642-.30737.40992-.55005.67642-.72806z"/>
+ <path d="m6.23025 15.393c-3.53742-.6033-6.23025-3.6837-6.23025-7.393 0-4.14214 3.35786-7.5 7.5-7.5v10.7611l-1.20826 2.1067c-.39168.6811-.36535 1.4237-.06149 2.0252z"/>
+ <path d="m15.8456 13.8662-3.311-5.77295c-.454-.791-1.615-.791-2.069 0l-3.31095 5.77295c-.446.775.126 1.7341 1.034 1.7341h6.62295c.907 0 1.479-.9591 1.034-1.7341zm-3.721-1.892c0 .1658-.0658.3248-.183.442s-.2762.183-.442.183c-.1657 0-.3247-.0658-.4419-.183s-.1831-.2762-.1831-.442v-1.747c0-.1657.0659-.32468.1831-.44189s.2762-.18306.4419-.18306c.1658 0 .3248.06585.442.18306s.183.27619.183.44189zm-.625 2.626c-.1657 0-.3247-.0658-.4419-.183s-.1831-.2762-.1831-.442c0-.1657.0659-.3247.1831-.4419s.2762-.1831.4419-.1831c.1658 0 .3248.0659.442.1831s.183.2762.183.4419c0 .1658-.0658.3248-.183.442s-.2762.183-.442.183z"/>
+ </g>
+</svg>
\ No newline at end of file
diff --git a/browser/themes/shared/identity-block/onion.svg b/browser/themes/shared/identity-block/onion.svg
new file mode 100644
index 000000000000..382a061774aa
--- /dev/null
+++ b/browser/themes/shared/identity-block/onion.svg
@@ -0,0 +1,8 @@
+<svg fill="context-fill" fill-opacity="context-fill-opacity" viewBox="0 0 16 16" width="16" height="16" xmlns="http://www.w3.org/2000/svg">
+ <g clip-rule="evenodd" fill-rule="evenodd">
+ <path d="m11 8c0 1.65686-1.34314 3-3 3-1.65685 0-3-1.34314-3-3 0-1.65685 1.34315-3 3-3 1.65686 0 3 1.34315 3 3zm-1.17187 0c0 1.00965-.81848 1.82813-1.82813 1.82813-1.00964 0-1.82812-.81848-1.82812-1.82813 0-1.00964.81848-1.82812 1.82812-1.82812 1.00965 0 1.82813.81848 1.82813 1.82812z"/>
+ <path d="m7.99999 13.25c2.89951 0 5.25001-2.3505 5.25001-5.25001 0-2.89949-2.3505-5.25-5.25001-5.25-2.89949 0-5.25 2.35051-5.25 5.25 0 2.89951 2.35051 5.25001 5.25 5.25001zm0-1.1719c2.25231 0 4.07811-1.8258 4.07811-4.07811 0-2.25228-1.8258-4.07812-4.07811-4.07812-2.25228 0-4.07812 1.82584-4.07812 4.07812 0 2.25231 1.82584 4.07811 4.07812 4.07811z"/>
+ <path d="m8 15.5c4.1421 0 7.5-3.3579 7.5-7.5 0-4.14214-3.3579-7.5-7.5-7.5-4.14214 0-7.5 3.35786-7.5 7.5 0 4.1421 3.35786 7.5 7.5 7.5zm0-1.1719c3.4949 0 6.3281-2.8332 6.3281-6.3281 0-3.49493-2.8332-6.32812-6.3281-6.32812-3.49493 0-6.32812 2.83319-6.32812 6.32812 0 3.4949 2.83319 6.3281 6.32812 6.3281z"/>
+ </g>
+ <path d="m.5 8c0 4.1421 3.35786 7.5 7.5 7.5v-15c-4.14214 0-7.5 3.35786-7.5 7.5z"/>
+</svg>
\ No newline at end of file
diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn
index 4f74932df96f..c1039e790245 100644
--- a/browser/themes/shared/jar.inc.mn
+++ b/browser/themes/shared/jar.inc.mn
@@ -49,6 +49,9 @@
skin/classic/browser/downloads/notification-start-animation.svg (../shared/downloads/notification-start-animation.svg)
skin/classic/browser/drm-icon.svg (../shared/drm-icon.svg)
skin/classic/browser/permissions.svg (../shared/identity-block/permissions.svg)
+ skin/classic/browser/onion.svg (../shared/identity-block/onion.svg)
+ skin/classic/browser/onion-slash.svg (../shared/identity-block/onion-slash.svg)
+ skin/classic/browser/onion-warning.svg (../shared/identity-block/onion-warning.svg)
skin/classic/browser/illustrations/error-malformed-url.svg (../shared/illustrations/error-malformed-url.svg)
skin/classic/browser/notification-icons/autoplay-media.svg (../shared/notification-icons/autoplay-media.svg)
skin/classic/browser/notification-icons/autoplay-media-blocked.svg (../shared/notification-icons/autoplay-media-blocked.svg)
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 4cc0cd114ce5..b816f8b05067 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -9325,6 +9325,25 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
return principal->GetIsOriginPotentiallyTrustworthy();
}
+/* static */ bool nsContentUtils::DocumentHasOnionURI(Document* aDocument) {
+ if (!aDocument) {
+ return false;
+ }
+
+ nsIURI* uri = aDocument->GetDocumentURI();
+ if (!uri) {
+ return false;
+ }
+
+ nsAutoCString host;
+ if (NS_SUCCEEDED(uri->GetHost(host))) {
+ bool hasOnionURI = StringEndsWith(host, ".onion"_ns);
+ return hasOnionURI;
+ }
+
+ return false;
+}
+
/* static */
void nsContentUtils::TryToUpgradeElement(Element* aElement) {
NodeInfo* nodeInfo = aElement->NodeInfo();
diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h
index 94805199a8fd..4b6256fb9c2c 100644
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -2999,6 +2999,11 @@ class nsContentUtils {
*/
static bool HttpsStateIsModern(Document* aDocument);
+ /**
+ * Returns true of the document's URI is a .onion
+ */
+ static bool DocumentHasOnionURI(Document* aDocument);
+
/**
* Returns true if the channel is for top-level window and is over secure
* context.
diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp
index 41c93c51cf3b..4da5365f214d 100644
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@@ -1880,7 +1880,8 @@ bool nsGlobalWindowOuter::ComputeIsSecureContext(Document* aDocument,
return false;
}
- if (nsContentUtils::HttpsStateIsModern(aDocument)) {
+ if (nsContentUtils::HttpsStateIsModern(aDocument) ||
+ nsContentUtils::DocumentHasOnionURI(aDocument)) {
return true;
}
diff --git a/dom/ipc/WindowGlobalActor.cpp b/dom/ipc/WindowGlobalActor.cpp
index 8a3b49edd4d7..9975136e8e18 100644
--- a/dom/ipc/WindowGlobalActor.cpp
+++ b/dom/ipc/WindowGlobalActor.cpp
@@ -21,6 +21,7 @@
#include "mozilla/net/CookieJarSettings.h"
#include "mozilla/dom/WindowGlobalChild.h"
#include "mozilla/dom/WindowGlobalParent.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
#include "nsGlobalWindowInner.h"
#include "nsNetUtil.h"
@@ -131,7 +132,8 @@ WindowGlobalInit WindowGlobalActor::WindowInitializer(
// Init Mixed Content Fields
nsCOMPtr<nsIURI> innerDocURI = NS_GetInnermostURI(doc->GetDocumentURI());
- fields.mIsSecure = innerDocURI && innerDocURI->SchemeIs("https");
+ fields.mIsSecure = innerDocURI && (innerDocURI->SchemeIs("https") ||
+ nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(innerDocURI));
nsCOMPtr<nsITransportSecurityInfo> securityInfo;
if (nsCOMPtr<nsIChannel> channel = doc->GetChannel()) {
diff --git a/dom/ipc/WindowGlobalChild.cpp b/dom/ipc/WindowGlobalChild.cpp
index 84c060c41534..73ac6a0cf96d 100644
--- a/dom/ipc/WindowGlobalChild.cpp
+++ b/dom/ipc/WindowGlobalChild.cpp
@@ -48,6 +48,8 @@
# include "GeckoProfiler.h"
#endif
+#include "mozilla/dom/nsMixedContentBlocker.h"
+
using namespace mozilla::ipc;
using namespace mozilla::dom::ipc;
@@ -234,7 +236,9 @@ void WindowGlobalChild::OnNewDocument(Document* aDocument) {
nsCOMPtr<nsIURI> innerDocURI =
NS_GetInnermostURI(aDocument->GetDocumentURI());
if (innerDocURI) {
- txn.SetIsSecure(innerDocURI->SchemeIs("https"));
+ txn.SetIsSecure(
+ innerDocURI->SchemeIs("https") ||
+ nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(innerDocURI));
}
MOZ_DIAGNOSTIC_ASSERT(mDocumentPrincipal->GetIsLocalIpAddress() ==
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index 01c7877e020d..dab3f19bad40 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -634,8 +634,8 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
return NS_OK;
}
- // Check the parent scheme. If it is not an HTTPS page then mixed content
- // restrictions do not apply.
+ // Check the parent scheme. If it is not an HTTPS or .onion page then mixed
+ // content restrictions do not apply.
nsCOMPtr<nsIURI> innerRequestingLocation =
NS_GetInnermostURI(requestingLocation);
if (!innerRequestingLocation) {
@@ -650,6 +650,17 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
bool parentIsHttps = innerRequestingLocation->SchemeIs("https");
if (!parentIsHttps) {
+ bool parentIsOnion = IsPotentiallyTrustworthyOnion(innerRequestingLocation);
+ if (!parentIsOnion) {
+ *aDecision = ACCEPT;
+ return NS_OK;
+ }
+ }
+
+ bool isHttpScheme = innerContentLocation->SchemeIs("http");
+ // .onion URLs are encrypted and authenticated. Don't treat them as mixed
+ // content if potentially trustworthy (i.e. whitelisted).
+ if (isHttpScheme && IsPotentiallyTrustworthyOnion(innerContentLocation)) {
*aDecision = ACCEPT;
MOZ_LOG(sMCBLog, LogLevel::Verbose,
(" -> decision: Request will be allowed because the requesting "
@@ -676,7 +687,6 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
return NS_OK;
}
- bool isHttpScheme = innerContentLocation->SchemeIs("http");
if (isHttpScheme && IsPotentiallyTrustworthyOrigin(innerContentLocation)) {
*aDecision = ACCEPT;
return NS_OK;
diff --git a/mobile/android/modules/geckoview/GeckoViewProgress.jsm b/mobile/android/modules/geckoview/GeckoViewProgress.jsm
index 17069dbe657f..c1346b1858cf 100644
--- a/mobile/android/modules/geckoview/GeckoViewProgress.jsm
+++ b/mobile/android/modules/geckoview/GeckoViewProgress.jsm
@@ -145,6 +145,10 @@ var IdentityHandler = {
result.host = uri.host;
}
+ if (!aBrowser.securityUI.secInfo) {
+ return result;
+ }
+
const cert = aBrowser.securityUI.secInfo.serverCert;
result.certificate = aBrowser.securityUI.secInfo.serverCert.getBase64DERString();
diff --git a/security/manager/ssl/nsSecureBrowserUI.cpp b/security/manager/ssl/nsSecureBrowserUI.cpp
index b4de1a331ffc..f1ce39582854 100644
--- a/security/manager/ssl/nsSecureBrowserUI.cpp
+++ b/security/manager/ssl/nsSecureBrowserUI.cpp
@@ -9,6 +9,7 @@
#include "mozilla/Logging.h"
#include "mozilla/Unused.h"
#include "mozilla/dom/Document.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
#include "nsContentUtils.h"
#include "nsIChannel.h"
#include "nsDocShell.h"
@@ -85,6 +86,17 @@ void nsSecureBrowserUI::RecomputeSecurityFlags() {
}
}
}
+
+ // any protocol routed over tor is secure
+ if (!(mState & nsIWebProgressListener::STATE_IS_SECURE)) {
+ nsCOMPtr<nsIURI> innerDocURI = NS_GetInnermostURI(win->GetDocumentURI());
+ if (innerDocURI &&
+ nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(innerDocURI)) {
+ MOZ_LOG(gSecureBrowserUILog, LogLevel::Debug, (" is onion"));
+ mState = (mState & ~nsIWebProgressListener::STATE_IS_INSECURE) |
+ nsIWebProgressListener::STATE_IS_SECURE;
+ }
+ }
}
// Add upgraded-state flags when request has been
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 16940: After update, load local change notes.
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit 09dad6ba521342aa9191b2acbfa30a663c5f9381
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Wed Nov 25 11:36:20 2015 -0500
Bug 16940: After update, load local change notes.
Add an about:tbupdate page that displays the first section from
TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
post-update page (typically our blog entry for the release).
Always load about:tbupdate in a content process, but implement the
code that reads the file system (changelog) in the chrome process
for compatibility with future sandboxing efforts.
Also fix bug 29440. Now about:tbupdate is styled as a fairly simple
changelog page that is designed to be displayed via a link that is on
about:tor.
---
browser/actors/AboutTBUpdateChild.jsm | 12 +++
browser/actors/AboutTBUpdateParent.jsm | 120 +++++++++++++++++++++
browser/actors/moz.build | 6 ++
.../base/content/abouttbupdate/aboutTBUpdate.css | 74 +++++++++++++
.../base/content/abouttbupdate/aboutTBUpdate.js | 27 +++++
.../base/content/abouttbupdate/aboutTBUpdate.xhtml | 39 +++++++
browser/base/content/browser-siteIdentity.js | 2 +-
browser/base/content/browser.js | 4 +
browser/base/jar.mn | 5 +
browser/components/BrowserContentHandler.jsm | 55 +++++++---
browser/components/BrowserGlue.jsm | 15 +++
browser/components/about/AboutRedirector.cpp | 6 ++
browser/components/about/components.conf | 3 +
browser/components/moz.build | 5 +-
.../locales/en-US/chrome/browser/aboutTBUpdate.dtd | 8 ++
browser/locales/jar.mn | 3 +
toolkit/modules/RemotePageAccessManager.jsm | 5 +
17 files changed, 373 insertions(+), 16 deletions(-)
diff --git a/browser/actors/AboutTBUpdateChild.jsm b/browser/actors/AboutTBUpdateChild.jsm
new file mode 100644
index 000000000000..4670da19b3db
--- /dev/null
+++ b/browser/actors/AboutTBUpdateChild.jsm
@@ -0,0 +1,12 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+var EXPORTED_SYMBOLS = ["AboutTBUpdateChild"];
+
+const { RemotePageChild } = ChromeUtils.import(
+ "resource://gre/actors/RemotePageChild.jsm"
+);
+
+class AboutTBUpdateChild extends RemotePageChild {}
diff --git a/browser/actors/AboutTBUpdateParent.jsm b/browser/actors/AboutTBUpdateParent.jsm
new file mode 100644
index 000000000000..56a10394565a
--- /dev/null
+++ b/browser/actors/AboutTBUpdateParent.jsm
@@ -0,0 +1,120 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+"use strict";
+
+this.EXPORTED_SYMBOLS = ["AboutTBUpdateParent"];
+
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+const { AppConstants } = ChromeUtils.import(
+ "resource://gre/modules/AppConstants.jsm"
+);
+
+const kRequestUpdateMessageName = "FetchUpdateData";
+
+/**
+ * This code provides services to the about:tbupdate page. Whenever
+ * about:tbupdate needs to do something chrome-privileged, it sends a
+ * message that's handled here. It is modeled after Mozilla's about:home
+ * implementation.
+ */
+class AboutTBUpdateParent extends JSWindowActorParent {
+ receiveMessage(aMessage) {
+ if (aMessage.name == kRequestUpdateMessageName) {
+ return this.releaseNoteInfo;
+ }
+ return undefined;
+ }
+
+ get moreInfoURL() {
+ try {
+ return Services.prefs.getCharPref("torbrowser.post_update.url");
+ } catch (e) {}
+
+ // Use the default URL as a fallback.
+ return Services.urlFormatter.formatURLPref("startup.homepage_override_url");
+ }
+
+ // Read the text from the beginning of the changelog file that is located
+ // at TorBrowser/Docs/ChangeLog.txt and return an object that contains
+ // the following properties:
+ // version e.g., Tor Browser 8.5
+ // releaseDate e.g., March 31 2019
+ // releaseNotes details of changes (lines 2 - end of ChangeLog.txt)
+ // We attempt to parse the first line of ChangeLog.txt to extract the
+ // version and releaseDate. If parsing fails, we return the entire first
+ // line in version and omit releaseDate.
+ //
+ // On Mac OS, when building with --enable-tor-browser-data-outside-app-dir
+ // to support Gatekeeper signing, the ChangeLog.txt file is located in
+ // TorBrowser.app/Contents/Resources/TorBrowser/Docs/.
+ get releaseNoteInfo() {
+ let info = { moreInfoURL: this.moreInfoURL };
+
+ try {
+ let f;
+ if (AppConstants.TOR_BROWSER_DATA_OUTSIDE_APP_DIR) {
+ // "XREExeF".parent is the directory that contains firefox, i.e.,
+ // Browser/ or, on Mac OS, TorBrowser.app/Contents/MacOS/.
+ f = Services.dirsvc.get("XREExeF", Ci.nsIFile).parent;
+ if (AppConstants.platform === "macosx") {
+ f = f.parent;
+ f.append("Resources");
+ }
+ f.append("TorBrowser");
+ } else {
+ // "DefProfRt" is .../TorBrowser/Data/Browser
+ f = Services.dirsvc.get("DefProfRt", Ci.nsIFile);
+ f = f.parent.parent; // Remove "Data/Browser"
+ }
+
+ f.append("Docs");
+ f.append("ChangeLog.txt");
+
+ let fs = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+ Ci.nsIFileInputStream
+ );
+ fs.init(f, -1, 0, 0);
+ let s = NetUtil.readInputStreamToString(fs, fs.available());
+ fs.close();
+
+ // Truncate at the first empty line.
+ s = s.replace(/[\r\n][\r\n][\s\S]*$/m, "");
+
+ // Split into first line (version plus releaseDate) and
+ // remainder (releaseNotes).
+ // This first match() uses multiline mode with two capture groups:
+ // first line: (.*$)
+ // remaining lines: ([\s\S]+)
+ // [\s\S] matches all characters including end of line. This trick
+ // is needed because when using JavaScript regex in multiline mode,
+ // . does not match an end of line character.
+ let matchArray = s.match(/(.*$)\s*([\s\S]+)/m);
+ if (matchArray && matchArray.length == 3) {
+ info.releaseNotes = matchArray[2];
+ let line1 = matchArray[1];
+ // Extract the version and releaseDate. The first line looks like:
+ // Tor Browser 8.5 -- May 1 2019
+ // The regex uses two capture groups:
+ // text that does not include a hyphen: (^[^-]*)
+ // remaining text: (.*$)
+ // In between we match optional whitespace, one or more hyphens, and
+ // optional whitespace by using: \s*-+\s*
+ matchArray = line1.match(/(^[^-]*)\s*-+\s*(.*$)/);
+ if (matchArray && matchArray.length == 3) {
+ info.version = matchArray[1];
+ info.releaseDate = matchArray[2];
+ } else {
+ info.version = line1; // Match failed: return entire line in version.
+ }
+ } else {
+ info.releaseNotes = s; // Only one line: use as releaseNotes.
+ }
+ } catch (e) {}
+
+ return info;
+ }
+}
diff --git a/browser/actors/moz.build b/browser/actors/moz.build
index 28c981625a7f..3eac455c5356 100644
--- a/browser/actors/moz.build
+++ b/browser/actors/moz.build
@@ -87,3 +87,9 @@ FINAL_TARGET_FILES.actors += [
"WebRTCChild.jsm",
"WebRTCParent.jsm",
]
+
+if CONFIG["TOR_BROWSER_UPDATE"]:
+ FINAL_TARGET_FILES.actors += [
+ "AboutTBUpdateChild.jsm",
+ "AboutTBUpdateParent.jsm",
+ ]
diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.css b/browser/base/content/abouttbupdate/aboutTBUpdate.css
new file mode 100644
index 000000000000..7c1a34b77f17
--- /dev/null
+++ b/browser/base/content/abouttbupdate/aboutTBUpdate.css
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2019, The Tor Project, Inc.
+ * See LICENSE for licensing information.
+ *
+ * vim: set sw=2 sts=2 ts=8 et syntax=css:
+ */
+
+:root {
+ --abouttor-text-color: white;
+ --abouttor-bg-toron-color: #420C5D;
+}
+
+body {
+ font-family: Helvetica, Arial, sans-serif;
+ color: var(--abouttor-text-color);
+ background-color: var(--abouttor-bg-toron-color);
+ background-attachment: fixed;
+ background-size: 100% 100%;
+}
+
+a {
+ color: var(--abouttor-text-color);
+}
+
+.two-column-grid {
+ display: inline-grid;
+ grid-template-columns: auto auto;
+ grid-column-gap: 50px;
+ margin: 10px 0px 0px 50px;
+}
+
+.two-column-grid div {
+ margin-top: 40px;
+ align-self: baseline; /* Align baseline of text across the row. */
+}
+
+.label-column {
+ font-size: 14px;
+ font-weight: 400;
+}
+
+/*
+ * Use a reduced top margin to bring the row that contains the
+ * "visit our website" link closer to the row that precedes it. This
+ * looks better because the "visit our website" row does not have a
+ * label in the left column.
+ */
+div.more-info-row {
+ margin-top: 5px;
+ font-size: 14px;
+}
+
+#version-content {
+ font-size: 50px;
+ font-weight: 300;
+}
+
+body:not([havereleasedate]) .release-date-cell {
+ display: none;
+}
+
+#releasedate-content {
+ font-size: 17px;
+}
+
+#releasenotes-label {
+ align-self: start; /* Anchor "Release Notes" label at the top. */
+}
+
+#releasenotes-content {
+ font-family: monospace;
+ font-size: 15px;
+ white-space: pre;
+}
diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.js b/browser/base/content/abouttbupdate/aboutTBUpdate.js
new file mode 100644
index 000000000000..ec070e2cb131
--- /dev/null
+++ b/browser/base/content/abouttbupdate/aboutTBUpdate.js
@@ -0,0 +1,27 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+/* eslint-env mozilla/frame-script */
+
+// aData may contain the following string properties:
+// version
+// releaseDate
+// moreInfoURL
+// releaseNotes
+function onUpdate(aData) {
+ document.getElementById("version-content").textContent = aData.version;
+ if (aData.releaseDate) {
+ document.body.setAttribute("havereleasedate", "true");
+ document.getElementById("releasedate-content").textContent =
+ aData.releaseDate;
+ }
+ if (aData.moreInfoURL) {
+ document.getElementById("infolink").setAttribute("href", aData.moreInfoURL);
+ }
+ document.getElementById("releasenotes-content").textContent =
+ aData.releaseNotes;
+}
+
+RPMSendQuery("FetchUpdateData").then(onUpdate);
diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml
new file mode 100644
index 000000000000..8489cfef5083
--- /dev/null
+++ b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE html [
+ <!ENTITY % htmlDTD
+ PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "DTD/xhtml1-strict.dtd">
+ %htmlDTD;
+ <!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd">
+ %globalDTD;
+ <!ENTITY % tbUpdateDTD SYSTEM "chrome://browser/locale/aboutTBUpdate.dtd">
+ %tbUpdateDTD;
+]>
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="Content-Security-Policy" content="default-src chrome:; object-src 'none'" />
+ <title>&aboutTBUpdate.changelogTitle;</title>
+ <link rel="stylesheet" type="text/css"
+ href="chrome://browser/content/abouttbupdate/aboutTBUpdate.css"/>
+ <script src="chrome://browser/content/abouttbupdate/aboutTBUpdate.js"
+ type="text/javascript"/>
+</head>
+<body dir="&locale.dir;">
+<div class="two-column-grid">
+ <div class="label-column">&aboutTBUpdate.version;</div>
+ <div id="version-content"/>
+
+ <div class="label-column release-date-cell">&aboutTBUpdate.releaseDate;</div>
+ <div id="releasedate-content" class="release-date-cell"/>
+
+ <div class="more-info-row"/>
+ <div class="more-info-row">&aboutTBUpdate.linkPrefix;<a id="infolink">&aboutTBUpdate.linkLabel;</a>&aboutTBUpdate.linkSuffix;</div>
+
+ <div id="releasenotes-label"
+ class="label-column">&aboutTBUpdate.releaseNotes;</div>
+ <div id="releasenotes-content"></div>
+</div>
+</body>
+</html>
diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js
index 859ebf5eaa3f..91940db44ca4 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -57,7 +57,7 @@ var gIdentityHandler = {
* RegExp used to decide if an about url should be shown as being part of
* the browser UI.
*/
- _secureInternalPages: /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|ion)(?:[?#]|$)/i,
+ _secureInternalPages: (AppConstants.TOR_BROWSER_UPDATE ? /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|ion|tor|tbupdate)(?:[?#]|$)/i : /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|ion|tor)(?:[?#]|$)/i),
/**
* Whether the established HTTPS connection is considered "broken".
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 6d10fc4a2ab2..7a41603d4d3f 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -643,6 +643,10 @@ var gInitialPages = [
"about:welcome",
];
+if (AppConstants.TOR_BROWSER_UPDATE) {
+ gInitialPages.push("about:tbupdate");
+}
+
function isInitialPage(url) {
if (!(url instanceof Ci.nsIURI)) {
try {
diff --git a/browser/base/jar.mn b/browser/base/jar.mn
index 7be13da2dd5d..6554f6a5707e 100644
--- a/browser/base/jar.mn
+++ b/browser/base/jar.mn
@@ -33,6 +33,11 @@ browser.jar:
content/browser/aboutTabCrashed.css (content/aboutTabCrashed.css)
content/browser/aboutTabCrashed.js (content/aboutTabCrashed.js)
content/browser/aboutTabCrashed.xhtml (content/aboutTabCrashed.xhtml)
+#ifdef TOR_BROWSER_UPDATE
+ content/browser/abouttbupdate/aboutTBUpdate.xhtml (content/abouttbupdate/aboutTBUpdate.xhtml)
+ content/browser/abouttbupdate/aboutTBUpdate.js (content/abouttbupdate/aboutTBUpdate.js)
+ content/browser/abouttbupdate/aboutTBUpdate.css (content/abouttbupdate/aboutTBUpdate.css)
+#endif
* content/browser/browser.css (content/browser.css)
content/browser/browser.js (content/browser.js)
* content/browser/browser.xhtml (content/browser.xhtml)
diff --git a/browser/components/BrowserContentHandler.jsm b/browser/components/BrowserContentHandler.jsm
index d8e24e641447..9f6c8a33a730 100644
--- a/browser/components/BrowserContentHandler.jsm
+++ b/browser/components/BrowserContentHandler.jsm
@@ -629,6 +629,23 @@ nsBrowserContentHandler.prototype = {
}
}
+ // Retrieve the home page early so we can compare it against about:tor
+ // to decide whether or not we need an override page (second tab) after
+ // an update was applied.
+ var startPage = "";
+ try {
+ var choice = prefb.getIntPref("browser.startup.page");
+ if (choice == 1 || choice == 3) {
+ startPage = HomePage.get();
+ }
+ } catch (e) {
+ Cu.reportError(e);
+ }
+
+ if (startPage == "about:blank") {
+ startPage = "";
+ }
+
var override;
var overridePage = "";
var additionalPage = "";
@@ -674,6 +691,16 @@ nsBrowserContentHandler.prototype = {
// into account because that requires waiting for the session file
// to be read. If a crash occurs after updating, before restarting,
// we may open the startPage in addition to restoring the session.
+ //
+ // Tor Browser: Instead of opening the post-update "override page"
+ // directly, we ensure that about:tor will be opened in a special
+ // mode that notifies the user that their browser was updated.
+ // The about:tor page will provide a link to the override page
+ // where the user can learn more about the update, as well as a
+ // link to the Tor Browser changelog page (about:tbupdate). The
+ // override page URL comes from the openURL attribute within the
+ // updates.xml file or, if no showURL action is present, from the
+ // startup.homepage_override_url pref.
willRestoreSession = SessionStartup.isAutomaticRestoreEnabled();
overridePage = Services.urlFormatter.formatURLPref(
@@ -693,6 +720,20 @@ nsBrowserContentHandler.prototype = {
overridePage = overridePage.replace("%OLD_VERSION%", old_mstone);
overridePage = overridePage.replace("%OLD_TOR_BROWSER_VERSION%",
old_tbversion);
+#ifdef TOR_BROWSER_UPDATE
+ if (overridePage)
+ {
+ prefb.setCharPref("torbrowser.post_update.url", overridePage);
+ prefb.setBoolPref("torbrowser.post_update.shouldNotify", true);
+ // If the user's homepage is about:tor, we will inform them
+ // about the update on that page; otherwise, we arrange to
+ // open about:tor in a secondary tab.
+ if (startPage === "about:tor")
+ overridePage = "";
+ else
+ overridePage = "about:tor";
+ }
+#endif
break;
case OVERRIDE_NEW_BUILD_ID:
if (UpdateManager.readyUpdate) {
@@ -765,20 +806,6 @@ nsBrowserContentHandler.prototype = {
}
}
- var startPage = "";
- try {
- var choice = prefb.getIntPref("browser.startup.page");
- if (choice == 1 || choice == 3) {
- startPage = HomePage.get();
- }
- } catch (e) {
- Cu.reportError(e);
- }
-
- if (startPage == "about:blank") {
- startPage = "";
- }
-
let skipStartPage =
override == OVERRIDE_NEW_PROFILE &&
prefb.getBoolPref("browser.startup.firstrunSkipsHomepage");
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 1f293a5c57f3..3beb2da3ce52 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -749,6 +749,21 @@ let JSWINDOWACTORS = {
},
};
+if (AppConstants.TOR_BROWSER_UPDATE) {
+ JSWINDOWACTORS["AboutTBUpdate"] = {
+ parent: {
+ moduleURI: "resource:///actors/AboutTBUpdateParent.jsm",
+ },
+ child: {
+ moduleURI: "resource:///actors/AboutTBUpdateChild.jsm",
+ events: {
+ DOMWindowCreated: { capture: true },
+ },
+ },
+ matches: ["about:tbupdate"],
+ };
+}
+
(function earlyBlankFirstPaint() {
let startTime = Cu.now();
if (
diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp
index 5412a65c315f..956e25c818e1 100644
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -128,6 +128,12 @@ static const RedirEntry kRedirMap[] = {
nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS},
{"ion", "chrome://browser/content/ion.html",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
+#ifdef TOR_BROWSER_UPDATE
+ {"tbupdate", "chrome://browser/content/abouttbupdate/aboutTBUpdate.xhtml",
+ nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
+ nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
+ nsIAboutModule::HIDE_FROM_ABOUTABOUT},
+#endif
};
static nsAutoCString GetAboutModuleName(nsIURI* aURI) {
diff --git a/browser/components/about/components.conf b/browser/components/about/components.conf
index 0c9597ff9fb4..a880a161a0f2 100644
--- a/browser/components/about/components.conf
+++ b/browser/components/about/components.conf
@@ -32,6 +32,9 @@ pages = [
'welcomeback',
]
+if defined('TOR_BROWSER_UPDATE'):
+ pages.append('tbupdate')
+
Classes = [
{
'cid': '{7e4bb6ad-2fc4-4dc6-89ef-23e8e5ccf980}',
diff --git a/browser/components/moz.build b/browser/components/moz.build
index 5f8780e01c65..c56811d36a14 100644
--- a/browser/components/moz.build
+++ b/browser/components/moz.build
@@ -86,11 +86,14 @@ EXTRA_COMPONENTS += [
]
EXTRA_JS_MODULES += [
- "BrowserContentHandler.jsm",
"BrowserGlue.jsm",
"distribution.js",
]
+EXTRA_PP_JS_MODULES += [
+ "BrowserContentHandler.jsm",
+]
+
BROWSER_CHROME_MANIFESTS += [
"safebrowsing/content/test/browser.ini",
"tests/browser/browser.ini",
diff --git a/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd
new file mode 100644
index 000000000000..2d1e59b40eaf
--- /dev/null
+++ b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd
@@ -0,0 +1,8 @@
+<!ENTITY aboutTBUpdate.changelogTitle "Tor Browser Changelog">
+<!ENTITY aboutTBUpdate.updated "Tor Browser has been updated.">
+<!ENTITY aboutTBUpdate.linkPrefix "For the most up-to-date information about this release, ">
+<!ENTITY aboutTBUpdate.linkLabel "visit our website">
+<!ENTITY aboutTBUpdate.linkSuffix ".">
+<!ENTITY aboutTBUpdate.version "Version">
+<!ENTITY aboutTBUpdate.releaseDate "Release Date">
+<!ENTITY aboutTBUpdate.releaseNotes "Release Notes">
diff --git a/browser/locales/jar.mn b/browser/locales/jar.mn
index 3b7963c854e1..c6fdccea7d70 100644
--- a/browser/locales/jar.mn
+++ b/browser/locales/jar.mn
@@ -20,6 +20,9 @@
locale/browser/accounts.properties (%chrome/browser/accounts.properties)
locale/browser/app-extension-fields.properties (%chrome/browser/app-extension-fields.properties)
+#ifdef TOR_BROWSER_UPDATE
+ locale/browser/aboutTBUpdate.dtd (%chrome/browser/aboutTBUpdate.dtd)
+#endif
locale/browser/browser.dtd (%chrome/browser/browser.dtd)
locale/browser/browser.properties (%chrome/browser/browser.properties)
locale/browser/customizableui/customizableWidgets.properties (%chrome/browser/customizableui/customizableWidgets.properties)
diff --git a/toolkit/modules/RemotePageAccessManager.jsm b/toolkit/modules/RemotePageAccessManager.jsm
index 50fb4ea8d417..e5111ff83782 100644
--- a/toolkit/modules/RemotePageAccessManager.jsm
+++ b/toolkit/modules/RemotePageAccessManager.jsm
@@ -213,6 +213,11 @@ let RemotePageAccessManager = {
RPMAddMessageListener: ["*"],
RPMRemoveMessageListener: ["*"],
},
+ "about:tbupdate": {
+ RPMSendQuery: [
+ "FetchUpdateData",
+ ],
+ },
},
/**
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 25658: Replace security slider with security level UI
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit 25823956ee27b25c2560deca9cb2b45fe9357ebf
Author: Richard Pospesel <richard(a)torproject.org>
Date: Mon Mar 4 16:09:51 2019 -0800
Bug 25658: Replace security slider with security level UI
This patch adds a new 'securitylevel' component to Tor Browser intended
to replace the torbutton 'Security Slider'.
This component adds a new Security Level toolbar button which visually
indicates the current global security level via icon (as defined by the
extensions.torbutton.security_slider pref), a drop-down hanger with a
short description of the current security level, and a new section in
the about:preferences#privacy page where users can change their current
security level. In addition, the hanger and the preferences page will
show a visual warning when the user has modified prefs associated with
the security level and provide a one-click 'Restore Defaults' button to
get the user back on recommended settings.
Strings used by this patch are pulled from the torbutton extension, but
en-US defaults are provided if there is an error loading from the
extension. With this patch applied, the usual work-flow of "./mach build
&& ./mach run" work as expected, even if the torbutton extension is
disabled.
---
browser/base/content/browser.js | 10 +
browser/base/content/browser.xhtml | 2 +
browser/base/content/main-popupset.inc.xhtml | 1 +
browser/base/content/navigator-toolbox.inc.xhtml | 2 +
browser/components/moz.build | 1 +
browser/components/preferences/preferences.xhtml | 1 +
browser/components/preferences/privacy.inc.xhtml | 2 +
browser/components/preferences/privacy.js | 19 +
.../securitylevel/content/securityLevel.js | 527 +++++++++++++++++++++
.../securitylevel/content/securityLevelButton.css | 18 +
.../content/securityLevelButton.inc.xhtml | 7 +
.../securitylevel/content/securityLevelIcon.svg | 40 ++
.../securitylevel/content/securityLevelPanel.css | 74 +++
.../content/securityLevelPanel.inc.xhtml | 47 ++
.../content/securityLevelPreferences.css | 52 ++
.../content/securityLevelPreferences.inc.xhtml | 67 +++
browser/components/securitylevel/jar.mn | 6 +
browser/components/securitylevel/moz.build | 1 +
browser/modules/TorStrings.jsm | 4 +
.../themes/shared/customizableui/panelUI.inc.css | 3 +-
20 files changed, 883 insertions(+), 1 deletion(-)
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 7a41603d4d3f..b121ee301ee7 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -224,6 +224,11 @@ XPCOMUtils.defineLazyScriptGetter(
["DownloadsButton", "DownloadsIndicatorView"],
"chrome://browser/content/downloads/indicator.js"
);
+XPCOMUtils.defineLazyScriptGetter(
+ this,
+ ["SecurityLevelButton"],
+ "chrome://browser/content/securitylevel/securityLevel.js"
+);
XPCOMUtils.defineLazyScriptGetter(
this,
"gEditItemOverlay",
@@ -1769,6 +1774,9 @@ var gBrowserInit = {
// doesn't flicker as the window is being shown.
DownloadsButton.init();
+ // Init the SecuritySettingsButton
+ SecurityLevelButton.init();
+
// Certain kinds of automigration rely on this notification to complete
// their tasks BEFORE the browser window is shown. SessionStore uses it to
// restore tabs into windows AFTER important parts like gMultiProcessBrowser
@@ -2484,6 +2492,8 @@ var gBrowserInit = {
DownloadsButton.uninit();
+ SecurityLevelButton.uninit();
+
gAccessibilityServiceIndicator.uninit();
if (gToolbarKeyNavEnabled) {
diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml
index 8efb544918b8..8fbfa05196b0 100644
--- a/browser/base/content/browser.xhtml
+++ b/browser/base/content/browser.xhtml
@@ -20,6 +20,8 @@
<?xml-stylesheet href="chrome://browser/content/browser.css" type="text/css"?>
<?xml-stylesheet href="chrome://browser/content/tabbrowser.css" type="text/css"?>
<?xml-stylesheet href="chrome://browser/content/downloads/downloads.css" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPanel.css"?>
+<?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelButton.css"?>
<?xml-stylesheet href="chrome://browser/content/places/places.css" type="text/css"?>
<?xml-stylesheet href="chrome://browser/content/usercontext/usercontext.css" type="text/css"?>
<?xml-stylesheet href="chrome://browser/skin/" type="text/css"?>
diff --git a/browser/base/content/main-popupset.inc.xhtml b/browser/base/content/main-popupset.inc.xhtml
index 835948482381..adf0a4f59e4b 100644
--- a/browser/base/content/main-popupset.inc.xhtml
+++ b/browser/base/content/main-popupset.inc.xhtml
@@ -519,6 +519,7 @@
#include ../../components/controlcenter/content/protectionsPanel.inc.xhtml
#include ../../components/downloads/content/downloadsPanel.inc.xhtml
#include ../../../devtools/startup/enableDevToolsPopup.inc.xhtml
+#include ../../components/securitylevel/content/securityLevelPanel.inc.xhtml
#include browser-allTabsMenu.inc.xhtml
<tooltip id="dynamic-shortcut-tooltip"
diff --git a/browser/base/content/navigator-toolbox.inc.xhtml b/browser/base/content/navigator-toolbox.inc.xhtml
index 02636a6b46b5..efe981a74826 100644
--- a/browser/base/content/navigator-toolbox.inc.xhtml
+++ b/browser/base/content/navigator-toolbox.inc.xhtml
@@ -412,6 +412,8 @@
</box>
</toolbarbutton>
+#include ../../components/securitylevel/content/securityLevelButton.inc.xhtml
+
<toolbarbutton id="fxa-toolbar-menu-button" class="toolbarbutton-1 chromeclass-toolbar-additional subviewbutton-nav"
badged="true"
onmousedown="gSync.toggleAccountPanel(this, event)"
diff --git a/browser/components/moz.build b/browser/components/moz.build
index c56811d36a14..becff6b356b3 100644
--- a/browser/components/moz.build
+++ b/browser/components/moz.build
@@ -49,6 +49,7 @@ DIRS += [
"protocolhandler",
"resistfingerprinting",
"search",
+ "securitylevel",
"sessionstore",
"shell",
"syncedtabs",
diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml
index aab4a9e558bc..10faf11bfecd 100644
--- a/browser/components/preferences/preferences.xhtml
+++ b/browser/components/preferences/preferences.xhtml
@@ -12,6 +12,7 @@
<?xml-stylesheet href="chrome://browser/skin/preferences/search.css"?>
<?xml-stylesheet href="chrome://browser/skin/preferences/containers.css"?>
<?xml-stylesheet href="chrome://browser/skin/preferences/privacy.css"?>
+<?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPreferences.css"?>
<!DOCTYPE html>
diff --git a/browser/components/preferences/privacy.inc.xhtml b/browser/components/preferences/privacy.inc.xhtml
index bb1c53db9757..3e0c0c8dc74c 100644
--- a/browser/components/preferences/privacy.inc.xhtml
+++ b/browser/components/preferences/privacy.inc.xhtml
@@ -919,6 +919,8 @@
<html:h1 data-l10n-id="security-header"/>
</hbox>
+#include ../securitylevel/content/securityLevelPreferences.inc.xhtml
+
<!-- addons, forgery (phishing) UI Security -->
<groupbox id="browsingProtectionGroup" data-category="panePrivacy" hidden="true">
<label><html:h2 data-l10n-id="security-browsing-protection"/></label>
diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js
index 35b37b099e93..42b899e0552f 100644
--- a/browser/components/preferences/privacy.js
+++ b/browser/components/preferences/privacy.js
@@ -80,6 +80,12 @@ XPCOMUtils.defineLazyGetter(this, "AlertsServiceDND", function() {
}
});
+XPCOMUtils.defineLazyScriptGetter(
+ this,
+ ["SecurityLevelPreferences"],
+ "chrome://browser/content/securitylevel/securityLevel.js"
+);
+
XPCOMUtils.defineLazyServiceGetter(
this,
"listManager",
@@ -308,6 +314,18 @@ function setUpContentBlockingWarnings() {
var gPrivacyPane = {
_pane: null,
+ /**
+ * Show the Security Level UI
+ */
+ _initSecurityLevel() {
+ SecurityLevelPreferences.init();
+ let unload = () => {
+ window.removeEventListener("unload", unload);
+ SecurityLevelPreferences.uninit();
+ };
+ window.addEventListener("unload", unload);
+ },
+
/**
* Whether the prompt to restart Firefox should appear when changing the autostart pref.
*/
@@ -503,6 +521,7 @@ var gPrivacyPane = {
this.trackingProtectionReadPrefs();
this.networkCookieBehaviorReadPrefs();
this._initTrackingProtectionExtensionControl();
+ this._initSecurityLevel();
Services.telemetry.setEventRecordingEnabled("pwmgr", true);
diff --git a/browser/components/securitylevel/content/securityLevel.js b/browser/components/securitylevel/content/securityLevel.js
new file mode 100644
index 000000000000..8b8babe5b58e
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevel.js
@@ -0,0 +1,527 @@
+"use strict";
+
+ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
+ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+ CustomizableUI: "resource:///modules/CustomizableUI.jsm",
+ PanelMultiView: "resource:///modules/PanelMultiView.jsm",
+});
+
+ChromeUtils.defineModuleGetter(
+ this,
+ "TorStrings",
+ "resource:///modules/TorStrings.jsm"
+);
+
+/*
+ Security Level Prefs
+
+ Getters and Setters for relevant torbutton prefs
+*/
+const SecurityLevelPrefs = {
+ security_slider_pref : "extensions.torbutton.security_slider",
+ security_custom_pref : "extensions.torbutton.security_custom",
+
+ get securitySlider() {
+ try {
+ return Services.prefs.getIntPref(this.security_slider_pref);
+ } catch(e) {
+ // init pref to 4 (standard)
+ const val = 4;
+ Services.prefs.setIntPref(this.security_slider_pref, val);
+ return val;
+ }
+ },
+
+ set securitySlider(val) {
+ Services.prefs.setIntPref(this.security_slider_pref, val);
+ },
+
+ get securityCustom() {
+ try {
+ return Services.prefs.getBoolPref(this.security_custom_pref);
+ } catch(e) {
+ // init custom to false
+ const val = false;
+ Services.prefs.setBoolPref(this.security_custom_pref, val);
+ return val;
+ }
+ },
+
+ set securityCustom(val) {
+ Services.prefs.setBoolPref(this.security_custom_pref, val);
+ },
+}; /* Security Level Prefs */
+
+/*
+ Security Level Button Code
+
+ Controls init and update of the security level toolbar button
+*/
+
+const SecurityLevelButton = {
+ _securityPrefsBranch : null,
+
+ _populateXUL : function(securityLevelButton) {
+ if (securityLevelButton != null) {
+ securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.securityLevel);
+ securityLevelButton.setAttribute("label", TorStrings.securityLevel.securityLevel);
+ }
+ },
+
+ _configUIFromPrefs : function(securityLevelButton) {
+ if (securityLevelButton != null) {
+ let securitySlider = SecurityLevelPrefs.securitySlider;
+ securityLevelButton.removeAttribute("level");
+ const securityCustom = SecurityLevelPrefs.securityCustom;
+ switch(securitySlider) {
+ case 4:
+ securityLevelButton.setAttribute("level", `standard${securityCustom ? "_custom" : ""}`);
+ securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.standard.tooltip);
+ break;
+ case 2:
+ securityLevelButton.setAttribute("level", `safer${securityCustom ? "_custom" : ""}`);
+ securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.safer.tooltip);
+ break;
+ case 1:
+ securityLevelButton.setAttribute("level", `safest${securityCustom ? "_custom" : ""}`);
+ securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.safest.tooltip);
+ break;
+ }
+ }
+ },
+
+ get button() {
+ let button = document.getElementById("security-level-button");
+ if (!button) {
+ return null;
+ }
+ return button;
+ },
+
+ get anchor() {
+ let anchor = this.button.icon;
+ if (!anchor) {
+ return null;
+ }
+
+ anchor.setAttribute("consumeanchor", SecurityLevelButton.button.id);
+ return anchor;
+ },
+
+ init : function() {
+ // set the initial class based off of the current pref
+ let button = this.button;
+ this._populateXUL(button);
+ this._configUIFromPrefs(button);
+
+ this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton.");
+ this._securityPrefsBranch.addObserver("", this, false);
+
+ CustomizableUI.addListener(this);
+
+ SecurityLevelPanel.init();
+ },
+
+ uninit : function() {
+ CustomizableUI.removeListener(this);
+
+ this._securityPrefsBranch.removeObserver("", this);
+ this._securityPrefsBranch = null;
+
+ SecurityLevelPanel.uninit();
+ },
+
+ observe : function(subject, topic, data) {
+ switch(topic) {
+ case "nsPref:changed":
+ if (data === "security_slider" || data === "security_custom") {
+ this._configUIFromPrefs(this.button);
+ }
+ break;
+ }
+ },
+
+ // callback for entering the 'Customize Firefox' screen to set icon
+ onCustomizeStart : function(window) {
+ let navigatorToolbox = document.getElementById("navigator-toolbox");
+ let button = navigatorToolbox.palette.querySelector("#security-level-button");
+ this._populateXUL(button);
+ this._configUIFromPrefs(button);
+ },
+
+ // callback when CustomizableUI modifies DOM
+ onWidgetAfterDOMChange : function(aNode, aNextNode, aContainer, aWasRemoval) {
+ if (aNode.id == "security-level-button" && !aWasRemoval) {
+ this._populateXUL(aNode);
+ this._configUIFromPrefs(aNode);
+ }
+ },
+
+ // for when the toolbar button needs to be activated and displays the Security Level panel
+ //
+ // In the toolbarbutton xul you'll notice we register this callback for both onkeypress and
+ // onmousedown. We do this to match the behavior of other panel spawning buttons such as Downloads,
+ // Library, and the Hamburger menus. Using oncommand alone would result in only getting fired
+ // after onclick, which is mousedown followed by mouseup.
+ onCommand : function(aEvent) {
+ // snippet borrowed from /browser/components/downloads/content/indicator.js DownloadsIndicatorView.onCommand(evt)
+ if (
+ // On Mac, ctrl-click will send a context menu event from the widget, so
+ // we don't want to bring up the panel when ctrl key is pressed.
+ (aEvent.type == "mousedown" &&
+ (aEvent.button != 0 ||
+ (AppConstants.platform == "macosx" && aEvent.ctrlKey))) ||
+ (aEvent.type == "keypress" && aEvent.key != " " && aEvent.key != "Enter")
+ ) {
+ return;
+ }
+
+ // we need to set this attribute for the button to be shaded correctly to look like it is pressed
+ // while the security level panel is open
+ this.button.setAttribute("open", "true");
+ SecurityLevelPanel.show();
+ aEvent.stopPropagation();
+ },
+}; /* Security Level Button */
+
+/*
+ Security Level Panel Code
+
+ Controls init and update of the panel in the security level hanger
+*/
+
+const SecurityLevelPanel = {
+ _securityPrefsBranch : null,
+ _panel : null,
+ _anchor : null,
+ _populated : false,
+
+ _selectors: Object.freeze({
+ panel: "panel#securityLevel-panel",
+ icon: "vbox#securityLevel-vbox>vbox",
+ header: "h1#securityLevel-header",
+ level: "label#securityLevel-level",
+ custom: "label#securityLevel-custom",
+ summary: "description#securityLevel-summary",
+ learnMore: "label#securityLevel-learnMore",
+ restoreDefaults: "button#securityLevel-restoreDefaults",
+ advancedSecuritySettings: "button#securityLevel-advancedSecuritySettings",
+ }),
+
+ _populateXUL : function() {
+ let selectors = this._selectors;
+
+ this._elements = {
+ panel: document.querySelector(selectors.panel),
+ icon: document.querySelector(selectors.icon),
+ header: document.querySelector(selectors.header),
+ levelLabel: document.querySelector(selectors.level),
+ customLabel: document.querySelector(selectors.custom),
+ summaryDescription: document.querySelector(selectors.summary),
+ learnMoreLabel: document.querySelector(selectors.learnMore),
+ restoreDefaultsButton: document.querySelector(selectors.restoreDefaults),
+ changeButton: document.querySelector(selectors.advancedSecuritySettings),
+ };
+ let elements = this._elements;
+
+ elements.header.textContent = TorStrings.securityLevel.securityLevel;
+ elements.customLabel.setAttribute("value", TorStrings.securityLevel.customWarning);
+ elements.learnMoreLabel.setAttribute("value", TorStrings.securityLevel.learnMore);
+ elements.learnMoreLabel.setAttribute("href", TorStrings.securityLevel.learnMoreURL);
+ elements.restoreDefaultsButton.setAttribute("label", TorStrings.securityLevel.restoreDefaults);
+ elements.changeButton.setAttribute("label", TorStrings.securityLevel.change);
+
+ this._configUIFromPrefs();
+ this._populated = true;
+ },
+
+ _configUIFromPrefs : function() {
+ // get security prefs
+ let securitySlider = SecurityLevelPrefs.securitySlider;
+ let securityCustom = SecurityLevelPrefs.securityCustom;
+
+ // get the panel elements we need to populate
+ let elements = this._elements;
+ let icon = elements.icon;
+ let labelLevel = elements.levelLabel;
+ let labelCustomWarning = elements.customLabel;
+ let summary = elements.summaryDescription;
+ let buttonRestoreDefaults = elements.restoreDefaultsButton;
+ let buttonAdvancedSecuritySettings = elements.changeButton;
+
+ // only visible when user is using custom settings
+ labelCustomWarning.hidden = !securityCustom;
+ buttonRestoreDefaults.hidden = !securityCustom;
+
+ // Descriptions change based on security level
+ switch(securitySlider) {
+ // standard
+ case 4:
+ icon.setAttribute("level", "standard");
+ labelLevel.setAttribute("value", TorStrings.securityLevel.standard.level);
+ summary.textContent = TorStrings.securityLevel.standard.summary;
+ break;
+ // safer
+ case 2:
+ icon.setAttribute("level", "safer");
+ labelLevel.setAttribute("value", TorStrings.securityLevel.safer.level);
+ summary.textContent = TorStrings.securityLevel.safer.summary;
+ break;
+ // safest
+ case 1:
+ icon.setAttribute("level", "safest");
+ labelLevel.setAttribute("value", TorStrings.securityLevel.safest.level);
+ summary.textContent = TorStrings.securityLevel.safest.summary;
+ break;
+ }
+
+ // override the summary text with custom warning
+ if (securityCustom) {
+ summary.textContent = TorStrings.securityLevel.custom.summary;
+ }
+ },
+
+ init : function() {
+ this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton.");
+ this._securityPrefsBranch.addObserver("", this, false);
+ },
+
+ uninit : function() {
+ this._securityPrefsBranch.removeObserver("", this);
+ this._securityPrefsBranch = null;
+ },
+
+ show : function() {
+ // we have to defer this until after the browser has finished init'ing before
+ // we can populate the panel
+ if (!this._populated) {
+ this._populateXUL();
+ }
+
+ let panel = document.getElementById("securityLevel-panel");
+ panel.hidden = false;
+ PanelMultiView.openPopup(panel, SecurityLevelButton.anchor, "bottomcenter topright",
+ 0, 0, false, null).catch(Cu.reportError);
+ },
+
+ hide : function() {
+ let panel = document.getElementById("securityLevel-panel");
+ PanelMultiView.hidePopup(panel);
+ },
+
+ restoreDefaults : function() {
+ SecurityLevelPrefs.securityCustom = false;
+ // hide and reshow so that layout re-renders properly
+ this.hide();
+ this.show(this._anchor);
+ },
+
+ openAdvancedSecuritySettings : function() {
+ openPreferences("privacy-securitylevel");
+ this.hide();
+ },
+
+ // callback when prefs change
+ observe : function(subject, topic, data) {
+ switch(topic) {
+ case "nsPref:changed":
+ if (data == "security_slider" || data == "security_custom") {
+ this._configUIFromPrefs();
+ }
+ break;
+ }
+ },
+
+ // callback when the panel is displayed
+ onPopupShown : function(event) {
+ SecurityLevelButton.button.setAttribute("open", "true");
+ },
+
+ // callback when the panel is hidden
+ onPopupHidden : function(event) {
+ SecurityLevelButton.button.removeAttribute("open");
+ }
+}; /* Security Level Panel */
+
+/*
+ Security Level Preferences Code
+
+ Code to handle init and update of security level section in about:preferences#privacy
+*/
+
+const SecurityLevelPreferences =
+{
+ _securityPrefsBranch : null,
+
+ _populateXUL : function() {
+ let groupbox = document.getElementById("securityLevel-groupbox");
+
+ let labelHeader = groupbox.querySelector("#securityLevel-header");
+ labelHeader.textContent = TorStrings.securityLevel.securityLevel;
+
+ let spanOverview = groupbox.querySelector("#securityLevel-overview");
+ spanOverview.textContent = TorStrings.securityLevel.overview;
+
+ let labelLearnMore = groupbox.querySelector("#securityLevel-learnMore");
+ labelLearnMore.setAttribute("value", TorStrings.securityLevel.learnMore);
+ labelLearnMore.setAttribute("href", TorStrings.securityLevel.learnMoreURL);
+
+ let radiogroup = document.getElementById("securityLevel-radiogroup");
+ radiogroup.addEventListener("command", SecurityLevelPreferences.selectSecurityLevel);
+
+ let populateRadioElements = function(vboxQuery, stringStruct) {
+ let vbox = groupbox.querySelector(vboxQuery);
+
+ let radio = vbox.querySelector("radio");
+ radio.setAttribute("label", stringStruct.level);
+
+ let customWarning = vbox.querySelector("#securityLevel-customWarning");
+ customWarning.setAttribute("value", TorStrings.securityLevel.customWarning);
+
+ let labelSummary = vbox.querySelector("#securityLevel-summary");
+ labelSummary.textContent = stringStruct.summary;
+
+ let labelRestoreDefaults = vbox.querySelector("#securityLevel-restoreDefaults");
+ labelRestoreDefaults.setAttribute("value", TorStrings.securityLevel.restoreDefaults);
+ labelRestoreDefaults.addEventListener("click", SecurityLevelPreferences.restoreDefaults);
+
+ let description1 = vbox.querySelector("#securityLevel-description1");
+ if (description1) {
+ description1.textContent = stringStruct.description1;
+ }
+ let description2 = vbox.querySelector("#securityLevel-description2");
+ if (description2) {
+ description2.textContent = stringStruct.description2;
+ }
+ let description3 = vbox.querySelector("#securityLevel-description3");
+ if (description3) {
+ description3.textContent = stringStruct.description3;
+ }
+ };
+
+ populateRadioElements("#securityLevel-vbox-standard", TorStrings.securityLevel.standard);
+ populateRadioElements("#securityLevel-vbox-safer", TorStrings.securityLevel.safer);
+ populateRadioElements("#securityLevel-vbox-safest", TorStrings.securityLevel.safest);
+ },
+
+ _configUIFromPrefs : function() {
+ // read our prefs
+ let securitySlider = SecurityLevelPrefs.securitySlider;
+ let securityCustom = SecurityLevelPrefs.securityCustom;
+
+ // get our elements
+ let groupbox = document.getElementById("securityLevel-groupbox");
+
+ let radiogroup = groupbox.querySelector("#securityLevel-radiogroup");
+ let labelStandardCustom = groupbox.querySelector("#securityLevel-vbox-standard label#securityLevel-customWarning");
+ let labelSaferCustom = groupbox.querySelector("#securityLevel-vbox-safer label#securityLevel-customWarning");
+ let labelSafestCustom = groupbox.querySelector("#securityLevel-vbox-safest label#securityLevel-customWarning");
+ let labelStandardRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-standard label#securityLevel-restoreDefaults");
+ let labelSaferRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-safer label#securityLevel-restoreDefaults");
+ let labelSafestRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-safest label#securityLevel-restoreDefaults");
+
+ // hide custom label by default until we know which level we're at
+ labelStandardCustom.hidden = true;
+ labelSaferCustom.hidden = true;
+ labelSafestCustom.hidden = true;
+
+ labelStandardRestoreDefaults.hidden = true;
+ labelSaferRestoreDefaults.hidden = true;
+ labelSafestRestoreDefaults.hidden = true;
+
+ switch(securitySlider) {
+ // standard
+ case 4:
+ radiogroup.value = "standard";
+ labelStandardCustom.hidden = !securityCustom;
+ labelStandardRestoreDefaults.hidden = !securityCustom;
+ break;
+ // safer
+ case 2:
+ radiogroup.value = "safer";
+ labelSaferCustom.hidden = !securityCustom;
+ labelSaferRestoreDefaults.hidden = !securityCustom;
+ break;
+ // safest
+ case 1:
+ radiogroup.value = "safest";
+ labelSafestCustom.hidden = !securityCustom;
+ labelSafestRestoreDefaults.hidden = !securityCustom;
+ break;
+ }
+ },
+
+ init : function() {
+ // populate XUL with localized strings
+ this._populateXUL();
+
+ // read prefs and populate UI
+ this._configUIFromPrefs();
+
+ // register for pref chagnes
+ this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton.");
+ this._securityPrefsBranch.addObserver("", this, false);
+ },
+
+ uninit : function() {
+ // unregister for pref change events
+ this._securityPrefsBranch.removeObserver("", this);
+ this._securityPrefsBranch = null;
+ },
+
+ // callback for when prefs change
+ observe : function(subject, topic, data) {
+ switch(topic) {
+ case "nsPref:changed":
+ if (data == "security_slider" ||
+ data == "security_custom") {
+ this._configUIFromPrefs();
+ }
+ break;
+ }
+ },
+
+ selectSecurityLevel : function() {
+ // radio group elements
+ let radiogroup = document.getElementById("securityLevel-radiogroup");
+
+ // update pref based on selected radio option
+ switch (radiogroup.value) {
+ case "standard":
+ SecurityLevelPrefs.securitySlider = 4;
+ break;
+ case "safer":
+ SecurityLevelPrefs.securitySlider = 2;
+ break;
+ case "safest":
+ SecurityLevelPrefs.securitySlider = 1;
+ break;
+ }
+
+ SecurityLevelPreferences.restoreDefaults();
+ },
+
+ restoreDefaults : function() {
+ SecurityLevelPrefs.securityCustom = false;
+ },
+}; /* Security Level Prefereces */
+
+Object.defineProperty(this, "SecurityLevelButton", {
+ value: SecurityLevelButton,
+ enumerable: true,
+ writable: false
+});
+
+Object.defineProperty(this, "SecurityLevelPanel", {
+ value: SecurityLevelPanel,
+ enumerable: true,
+ writable: false
+});
+
+Object.defineProperty(this, "SecurityLevelPreferences", {
+ value: SecurityLevelPreferences,
+ enumerable: true,
+ writable: false
+});
diff --git a/browser/components/securitylevel/content/securityLevelButton.css b/browser/components/securitylevel/content/securityLevelButton.css
new file mode 100644
index 000000000000..38701250e9c9
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevelButton.css
@@ -0,0 +1,18 @@
+toolbarbutton#security-level-button[level="standard"] {
+ list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#standard");
+}
+toolbarbutton#security-level-button[level="safer"] {
+ list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safer");
+}
+toolbarbutton#security-level-button[level="safest"] {
+ list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safest");
+}
+toolbarbutton#security-level-button[level="standard_custom"] {
+ list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#standard_custom");
+}
+toolbarbutton#security-level-button[level="safer_custom"] {
+ list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safer_custom");
+}
+toolbarbutton#security-level-button[level="safest_custom"] {
+ list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safest_custom");
+}
\ No newline at end of file
diff --git a/browser/components/securitylevel/content/securityLevelButton.inc.xhtml b/browser/components/securitylevel/content/securityLevelButton.inc.xhtml
new file mode 100644
index 000000000000..96ee1ec0ca49
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevelButton.inc.xhtml
@@ -0,0 +1,7 @@
+<toolbarbutton id="security-level-button" class="toolbarbutton-1 chromeclass-toolbar-additional"
+ badged="true"
+ removable="true"
+ onmousedown="SecurityLevelButton.onCommand(event);"
+ onkeypress="SecurityLevelButton.onCommand(event);"
+ closemenu="none"
+ cui-areatype="toolbar"/>
diff --git a/browser/components/securitylevel/content/securityLevelIcon.svg b/browser/components/securitylevel/content/securityLevelIcon.svg
new file mode 100644
index 000000000000..38cdbcb68afc
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevelIcon.svg
@@ -0,0 +1,40 @@
+<svg width="16" height="16" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <style>
+ use:not(:target) {
+ display: none;
+ }
+ </style>
+ <defs>
+ <g id="standard_icon" stroke="none" stroke-width="1">
+ <path clip-rule="evenodd" d="m8.49614.283505c-.30743-.175675-.68485-.175675-.99228.000001l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 4.0133-.9164 7-6 7-10v-1.41968c0-.35886-.1923-.6902-.5039-.86824zm-.49614 1.216495-5.75 3.28571v1.2746c0 1.71749.65238 3.7522 1.78726 5.46629 1.07287 1.6204 2.47498 2.8062 3.96274 3.2425 1.48776-.4363 2.8899-1.6221 3.9627-3.2425 1.1349-1.71409 1.7873-3.7488 1.7873-5.46629v-1.2746z" fill-rule="evenodd" />
+ </g>
+ <g id="safer_icon" stroke="none" stroke-width="1">
+ <path clip-rule="evenodd" d="m8.49614.283505c-.30743-.175675-.68485-.175675-.99228.000001l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 4.0133-.9164 7-6 7-10v-1.41968c0-.35886-.1923-.6902-.5039-.86824zm-.49614 1.216495-5.75 3.28571v1.2746c0 1.71749.65238 3.7522 1.78726 5.46629 1.07287 1.6204 2.47498 2.8062 3.96274 3.2425 1.48776-.4363 2.8899-1.6221 3.9627-3.2425 1.1349-1.71409 1.7873-3.7488 1.7873-5.46629v-1.2746z" fill-rule="evenodd"/>
+ <path d="m3.5 6.12062v-.40411c0-.08972.04807-.17255.12597-.21706l4-2.28572c.16666-.09523.37403.02511.37403.21707v10.0766c-1.01204-.408-2.054-1.3018-2.92048-2.6105-1.02134-1.54265-1.57952-3.34117-1.57952-4.77628z"/>
+ </g>
+ <g id="safest_icon" stroke="none" stroke-width="1">
+ <path clip-rule="evenodd" d="m8.49614.283505c-.30743-.175675-.68485-.175675-.99228.000001l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 4.0133-.9164 7-6 7-10v-1.41968c0-.35886-.1923-.6902-.5039-.86824zm-.49614 1.216495-5.75 3.28571v1.2746c0 1.71749.65238 3.7522 1.78726 5.46629 1.07287 1.6204 2.47498 2.8062 3.96274 3.2425 1.48776-.4363 2.8899-1.6221 3.9627-3.2425 1.1349-1.71409 1.7873-3.7488 1.7873-5.46629v-1.2746z" fill-rule="evenodd"/>
+ <path d="m3.5 6.12062v-.40411c0-.08972.04807-.17255.12597-.21706l4.25-2.42857c.07685-.04392.17121-.04392.24806 0l4.24997 2.42857c.0779.04451.126.12734.126.21706v.40411c0 1.43511-.5582 3.23363-1.5795 4.77628-.8665 1.3087-1.90846 2.2025-2.9205 2.6105-1.01204-.408-2.054-1.3018-2.92048-2.6105-1.02134-1.54265-1.57952-3.34117-1.57952-4.77628z"/>
+ </g>
+ <g id="standard_custom_icon" stroke="none" stroke-width="1">
+ <path d="m9.37255.784312-.87641-.500806c-.30743-.175676-.68485-.175676-.99228 0l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 3.7599-.8585 6.6186-5.3745 6.9647-9.23043-.4008.20936-.8392.35666-1.3024.42914-.2132 1.43414-.8072 2.98009-1.6996 4.32789-1.0728 1.6204-2.47494 2.8062-3.9627 3.2425-1.48776-.4363-2.88987-1.6221-3.96274-3.2425-1.13488-1.71409-1.78726-3.7488-1.78726-5.46629v-1.2746l5.75-3.28571.86913.49664c.10502-.43392.27664-.84184.50342-1.212328z"/>
+ <circle cx="13" cy="3" fill="#ffbd2e" r="3"/>
+ </g>
+ <g id="safer_custom_icon" stroke="none" stroke-width="1">
+ <path d="m9.37255.784312-.87641-.500806c-.30743-.175676-.68485-.175676-.99228 0l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 3.7599-.8585 6.6186-5.3745 6.9647-9.23043-.4008.20936-.8392.35666-1.3024.42914-.2132 1.43414-.8072 2.98009-1.6996 4.32789-1.0728 1.6204-2.47494 2.8062-3.9627 3.2425-1.48776-.4363-2.88987-1.6221-3.96274-3.2425-1.13488-1.71409-1.78726-3.7488-1.78726-5.46629v-1.2746l5.75-3.28571.86913.49664c.10502-.43392.27664-.84184.50342-1.212328z"/>
+ <path d="m3.5 6.12062v-.40411c0-.08972.04807-.17255.12597-.21706l4-2.28572c.16666-.09523.37403.02511.37403.21707v10.0766c-1.01204-.408-2.054-1.3018-2.92048-2.6105-1.02134-1.54265-1.57952-3.34117-1.57952-4.77628z"/>
+ <circle cx="13" cy="3" fill="#ffbd2e" r="3"/>
+ </g>
+ <g id="safest_custom_icon" stroke="none" stroke-width="1">
+ <path d="m9.37255.784312-.87641-.500806c-.30743-.175676-.68485-.175676-.99228 0l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 3.7599-.8585 6.6186-5.3745 6.9647-9.23043-.4008.20936-.8392.35666-1.3024.42914-.2132 1.43414-.8072 2.98009-1.6996 4.32789-1.0728 1.6204-2.47494 2.8062-3.9627 3.2425-1.48776-.4363-2.88987-1.6221-3.96274-3.2425-1.13488-1.71409-1.78726-3.7488-1.78726-5.46629v-1.2746l5.75-3.28571.86913.49664c.10502-.43392.27664-.84184.50342-1.212328z"/>
+ <path d="m8.77266 3.44151-.64863-.37064c-.07685-.04392-.17121-.04392-.24806 0l-4.25 2.42857c-.0779.04451-.12597.12735-.12597.21706v.40412c0 1.4351.55818 3.23362 1.57952 4.77618.86648 1.3087 1.90844 2.2026 2.92048 2.6106 1.01204-.408 2.054-1.3018 2.9205-2.6106.7761-1.17217 1.2847-2.49215 1.4843-3.68816-1.9219-.26934-3.43158-1.82403-3.63214-3.76713z"/>
+ <circle cx="13" cy="3" fill="#ffbd2e" r="3"/>
+ </g>
+ </defs>
+ <use id="standard" fill="context-fill" fill-opacity="context-fill-opacity" href="#standard_icon" />
+ <use id="safer" fill="context-fill" fill-opacity="context-fill-opacity" href="#safer_icon" />
+ <use id="safest" fill="context-fill" fill-opacity="context-fill-opacity" href="#safest_icon" />
+ <use id="standard_custom" fill="context-fill" fill-opacity="context-fill-opacity" href="#standard_custom_icon" />
+ <use id="safer_custom" fill="context-fill" fill-opacity="context-fill-opacity" href="#safer_custom_icon" />
+ <use id="safest_custom" fill="context-fill" fill-opacity="context-fill-opacity" href="#safest_custom_icon" />
+</svg>
diff --git a/browser/components/securitylevel/content/securityLevelPanel.css b/browser/components/securitylevel/content/securityLevelPanel.css
new file mode 100644
index 000000000000..6462c02f1594
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevelPanel.css
@@ -0,0 +1,74 @@
+/* Security Level CSS */
+
+panelview#securityLevel-panelview {
+ width: 25em;
+}
+
+vbox#securityLevel-vbox > vbox {
+ background-repeat: no-repeat;
+ /* icon center-line should be in-line with right margin */
+ /* -margin + panelWidth - imageWidth/2 */
+ background-position: calc(-16px + 25em - 4.5em) 0.4em;
+ background-size: 9em 9em;
+ -moz-context-properties: fill, fill-opacity;
+ fill-opacity: 1;
+ fill: var(--button-bgcolor);
+ min-height: 10em;
+}
+
+vbox#securityLevel-vbox > vbox[level="standard"] {
+ background-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#standard");
+}
+vbox#securityLevel-vbox > vbox[level="safer"] {
+ background-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safer");
+}
+vbox#securityLevel-vbox > vbox[level="safest"] {
+ background-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safest");
+}
+
+vbox#securityLevel-vbox > toolbarseparator {
+ margin-inline: 16px;
+}
+
+vbox#securityLevel-vbox > vbox {
+ margin-inline: 0;
+ padding-inline: 16px;
+}
+
+vbox#securityLevel-vbox > vbox * {
+ margin-inline: 0;
+}
+
+vbox#securityLevel-vbox > vbox > hbox {
+}
+
+label#securityLevel-level {
+ font-size: 1.25em;
+ font-weight: 600;
+ padding-top: 0.15em;
+}
+
+label#securityLevel-custom {
+ border-radius: 4px;
+ background-color: var(--yellow-50);
+ color: black;
+ font-size: 1em;
+ height: 1.6em;
+ line-height: 1.0em;
+ padding: 0.4em 0.5em;
+ margin-left: 1em!important;
+}
+
+description#securityLevel-summary {
+ margin-top: 1em;
+ padding-right: 5em;
+}
+
+vbox#securityLevel-vbox > hbox.panel-footer {
+ display: flex;
+}
+
+
+button#securityLevel-advancedSecuritySettings {
+ margin-block: 0;
+}
diff --git a/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml b/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml
new file mode 100644
index 000000000000..02d93b738ff5
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml
@@ -0,0 +1,47 @@
+<panel id="securityLevel-panel"
+ role="group"
+ type="arrow"
+ orient="vertical"
+ level="top"
+ hidden="true"
+ class="panel-no-padding"
+ onpopupshown="SecurityLevelPanel.onPopupShown(event);"
+ onpopuphidden="SecurityLevelPanel.onPopupHidden(event);">
+ <panelmultiview mainViewId="securityLevel-panelview">
+ <panelview id="securityLevel-panelview" descriptionheightworkaround="true">
+ <vbox id="securityLevel-vbox">
+ <box class="panel-header">
+ <html:h1 id="securityLevel-header"/>
+ </box>
+ <toolbarseparator></toolbarseparator>
+ <vbox>
+ <hbox>
+ <label id="securityLevel-level"/>
+ <vbox>
+ <spacer flex="1"/>
+ <label id="securityLevel-custom"/>
+ <spacer flex="1"/>
+ </vbox>
+ <spacer flex="1"/>
+ </hbox>
+ <description id="securityLevel-summary"/>
+ <hbox>
+ <label
+ id="securityLevel-learnMore"
+ class="learnMore text-link"
+ onclick="SecurityLevelPanel.hide();"
+ is="text-link"/>
+ <spacer/>
+ </hbox>
+ </vbox>
+ <hbox class="panel-footer">
+ <button id="securityLevel-restoreDefaults"
+ oncommand="SecurityLevelPanel.restoreDefaults();"/>
+ <button id="securityLevel-advancedSecuritySettings"
+ default="true"
+ oncommand="SecurityLevelPanel.openAdvancedSecuritySettings();"/>
+ </hbox>
+ </vbox>
+ </panelview>
+ </panelmultiview>
+</panel>
diff --git a/browser/components/securitylevel/content/securityLevelPreferences.css b/browser/components/securitylevel/content/securityLevelPreferences.css
new file mode 100644
index 000000000000..12a7cccffe09
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevelPreferences.css
@@ -0,0 +1,52 @@
+label#securityLevel-customWarning {
+ border-radius: 4px;
+ background-color: var(--yellow-50);
+ color: black;
+ font-size: 1em;
+ height: 1.6em;
+ padding: 0.4em 0.5em;
+}
+
+radiogroup#securityLevel-radiogroup description {
+ color: var(--in-content-page-color)!important;
+}
+
+radiogroup#securityLevel-radiogroup radio {
+ font-weight: bold;
+}
+
+radiogroup#securityLevel-radiogroup > vbox {
+ border: 1px solid var(--in-content-box-border-color);
+ border-radius: 4px;
+ margin: 3px 0;
+ padding: 9px;
+}
+
+radiogroup#securityLevel-radiogroup[value=standard] > vbox#securityLevel-vbox-standard,
+radiogroup#securityLevel-radiogroup[value=safer] > vbox#securityLevel-vbox-safer,
+radiogroup#securityLevel-radiogroup[value=safest] > vbox#securityLevel-vbox-safest {
+ --section-highlight-background-color: color-mix(in srgb, var(--in-content-accent-color) 20%, transparent);
+ background-color: var(--section-highlight-background-color);
+ border: 1px solid var(--in-content-accent-color);
+
+}
+
+vbox#securityLevel-descriptionList {
+ display: none;
+ margin-inline-start:
+}
+
+radiogroup#securityLevel-radiogroup[value=safer] > vbox#securityLevel-vbox-safer > vbox#securityLevel-descriptionList,
+radiogroup#securityLevel-radiogroup[value=safest] > vbox#securityLevel-vbox-safest > vbox#securityLevel-descriptionList {
+ display: inherit;
+}
+
+vbox#securityLevel-descriptionList > description {
+ display: list-item;
+}
+
+vbox#securityLevel-vbox-standard,
+vbox#securityLevel-vbox-safer,
+vbox#securityLevel-vbox-safest {
+ margin-top: 0.4em;
+}
diff --git a/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml b/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml
new file mode 100644
index 000000000000..b050dad81621
--- /dev/null
+++ b/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml
@@ -0,0 +1,67 @@
+<groupbox id="securityLevel-groupbox" data-category="panePrivacy" hidden="true">
+ <label><html:h2 id="securityLevel-header"/></label>
+ <vbox data-subcategory="securitylevel" flex="1">
+ <description flex="1">
+ <html:span id="securityLevel-overview" class="tail-with-learn-more"/>
+ <label id="securityLevel-learnMore" class="learnMore text-link" is="text-link"/>
+ </description>
+ <radiogroup id="securityLevel-radiogroup">
+ <vbox id="securityLevel-vbox-standard">
+ <hbox>
+ <radio value="standard"/>
+ <vbox>
+ <spacer flex="1"/>
+ <label id="securityLevel-customWarning"/>
+ <spacer flex="1"/>
+ </vbox>
+ <spacer flex="1"/>
+ </hbox>
+ <description flex="1" class="indent">
+ <html:span id="securityLevel-summary" class="tail-with-learn-more"/>
+ <label id="securityLevel-restoreDefaults"
+ class="learnMore text-link"/>
+ </description>
+ </vbox>
+ <vbox id="securityLevel-vbox-safer">
+ <hbox>
+ <radio value="safer"/>
+ <vbox>
+ <spacer flex="1"/>
+ <label id="securityLevel-customWarning"/>
+ <spacer flex="1"/>
+ </vbox>
+ </hbox>
+ <description flex="1" class="indent">
+ <html:span id="securityLevel-summary" class="tail-with-learn-more"/>
+ <label id="securityLevel-restoreDefaults"
+ class="learnMore text-link"/>
+ </description>
+ <vbox id="securityLevel-descriptionList" class="indent">
+ <description id="securityLevel-description1" class="indent"/>
+ <description id="securityLevel-description2" class="indent"/>
+ <description id="securityLevel-description3" class="indent"/>
+ </vbox>
+ </vbox>
+ <vbox id="securityLevel-vbox-safest">
+ <hbox>
+ <radio value="safest"/>
+ <vbox>
+ <spacer flex="1"/>
+ <label id="securityLevel-customWarning"/>
+ <spacer flex="1"/>
+ </vbox>
+ </hbox>
+ <description flex="1" class="indent">
+ <html:span id="securityLevel-summary" class="tail-with-learn-more"/>
+ <label id="securityLevel-restoreDefaults"
+ class="learnMore text-link"/>
+ </description>
+ <vbox id="securityLevel-descriptionList" class="indent">
+ <description id="securityLevel-description1" class="indent"/>
+ <description id="securityLevel-description2" class="indent"/>
+ <description id="securityLevel-description3" class="indent"/>
+ </vbox>
+ </vbox>
+ </radiogroup>
+ </vbox>
+</groupbox>
diff --git a/browser/components/securitylevel/jar.mn b/browser/components/securitylevel/jar.mn
new file mode 100644
index 000000000000..61aa4169f9ec
--- /dev/null
+++ b/browser/components/securitylevel/jar.mn
@@ -0,0 +1,6 @@
+browser.jar:
+ content/browser/securitylevel/securityLevel.js (content/securityLevel.js)
+ content/browser/securitylevel/securityLevelPanel.css (content/securityLevelPanel.css)
+ content/browser/securitylevel/securityLevelButton.css (content/securityLevelButton.css)
+ content/browser/securitylevel/securityLevelPreferences.css (content/securityLevelPreferences.css)
+ content/browser/securitylevel/securityLevelIcon.svg (content/securityLevelIcon.svg)
diff --git a/browser/components/securitylevel/moz.build b/browser/components/securitylevel/moz.build
new file mode 100644
index 000000000000..2661ad7cb9f3
--- /dev/null
+++ b/browser/components/securitylevel/moz.build
@@ -0,0 +1 @@
+JAR_MANIFESTS += ["jar.mn"]
diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm
index e8a8d37ae373..32dab2bfc6bf 100644
--- a/browser/modules/TorStrings.jsm
+++ b/browser/modules/TorStrings.jsm
@@ -182,6 +182,10 @@ var TorStrings = {
"advanced_security_settings",
"Advanced Security Settings\u2026"
),
+ change: getString(
+ "change",
+ "Change\u2026"
+ ),
};
return retval;
})() /* Security Level Strings */,
diff --git a/browser/themes/shared/customizableui/panelUI.inc.css b/browser/themes/shared/customizableui/panelUI.inc.css
index e1d64c707518..abecf34cdb92 100644
--- a/browser/themes/shared/customizableui/panelUI.inc.css
+++ b/browser/themes/shared/customizableui/panelUI.inc.css
@@ -1430,7 +1430,8 @@ menuitem.panel-subview-footer@menuStateActive@,
#editBookmarkPanel toolbarseparator,
#downloadsPanel-mainView toolbarseparator,
.cui-widget-panelview menuseparator,
-.cui-widget-panel toolbarseparator {
+.cui-widget-panel toolbarseparator,
+#securityLevel-panel toolbarseparator {
appearance: none;
min-height: 0;
border-top: 1px solid var(--panel-separator-color);
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 30541: Disable WebGL readPixel() for web content
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit 9008a2f3e466d60de96ae355f118b92e95e3dfa4
Author: Georg Koppen <gk(a)torproject.org>
Date: Wed May 29 12:29:19 2019 +0000
Bug 30541: Disable WebGL readPixel() for web content
---
dom/canvas/ClientWebGLContext.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/dom/canvas/ClientWebGLContext.cpp b/dom/canvas/ClientWebGLContext.cpp
index 05dcb79a230e..c9875e62c8af 100644
--- a/dom/canvas/ClientWebGLContext.cpp
+++ b/dom/canvas/ClientWebGLContext.cpp
@@ -4636,6 +4636,14 @@ bool ClientWebGLContext::ReadPixels_SharedPrecheck(
return false;
}
+ // Security check passed, but don't let content readPixel calls through for
+ // now, if Resist Fingerprinting Mode is enabled.
+ if (nsContentUtils::ResistFingerprinting(aCallerType)) {
+ JsWarning("readPixels: Not allowed in Resist Fingerprinting Mode");
+ out_error.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return false;
+ }
+
return true;
}
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 23104: Add a default line height compensation
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit 284bc795965507edf25a75a4c43e3e81337cef29
Author: Igor Oliveira <igor.oliveira(a)posteo.net>
Date: Sun Dec 10 18:16:59 2017 -0200
Bug 23104: Add a default line height compensation
Many fonts have issues with their vertical metrics. they
are used to influence the height of ascenders and depth
of descenders. Gecko uses it to calculate the line height
(font height + ascender + descender), however because of
that idiosyncratic behavior across multiple operating
systems, it can be used to identify the user's OS.
The solution proposed in the patch uses a default factor
to be multiplied with the font size, simulating the concept
of ascender and descender. This way all operating
systems will have the same line height only and only if the
frame is outside the chrome.
---
layout/generic/ReflowInput.cpp | 19 +++++++++---
layout/generic/test/mochitest.ini | 1 +
layout/generic/test/test_tor_bug23104.html | 50 ++++++++++++++++++++++++++++++
3 files changed, 65 insertions(+), 5 deletions(-)
diff --git a/layout/generic/ReflowInput.cpp b/layout/generic/ReflowInput.cpp
index 2c56afd2e02a..4d30c7762c14 100644
--- a/layout/generic/ReflowInput.cpp
+++ b/layout/generic/ReflowInput.cpp
@@ -31,6 +31,7 @@
#include "mozilla/SVGUtils.h"
#include "mozilla/dom/HTMLInputElement.h"
#include "nsGridContainerFrame.h"
+#include "nsContentUtils.h"
using namespace mozilla;
using namespace mozilla::css;
@@ -2642,7 +2643,8 @@ void ReflowInput::CalculateBlockSideMargins() {
// For risk management, we use preference to control the behavior, and
// eNoExternalLeading is the old behavior.
-static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) {
+static nscoord GetNormalLineHeight(nsIContent* aContent,
+ nsFontMetrics* aFontMetrics) {
MOZ_ASSERT(nullptr != aFontMetrics, "no font metrics");
nscoord normalLineHeight;
@@ -2650,6 +2652,12 @@ static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) {
nscoord externalLeading = aFontMetrics->ExternalLeading();
nscoord internalLeading = aFontMetrics->InternalLeading();
nscoord emHeight = aFontMetrics->EmHeight();
+
+ if (nsContentUtils::ShouldResistFingerprinting() &&
+ !aContent->IsInChromeDocument()) {
+ return NSToCoordRound(emHeight * NORMAL_LINE_HEIGHT_FACTOR);
+ }
+
switch (GetNormalLineHeightCalcControl()) {
case eIncludeExternalLeading:
normalLineHeight = emHeight + internalLeading + externalLeading;
@@ -2667,7 +2675,8 @@ static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) {
return normalLineHeight;
}
-static inline nscoord ComputeLineHeight(ComputedStyle* aComputedStyle,
+static inline nscoord ComputeLineHeight(nsIContent* aContent,
+ ComputedStyle* aComputedStyle,
nsPresContext* aPresContext,
nscoord aBlockBSize,
float aFontSizeInflation) {
@@ -2696,7 +2705,7 @@ static inline nscoord ComputeLineHeight(ComputedStyle* aComputedStyle,
RefPtr<nsFontMetrics> fm = nsLayoutUtils::GetFontMetricsForComputedStyle(
aComputedStyle, aPresContext, aFontSizeInflation);
- return GetNormalLineHeight(fm);
+ return GetNormalLineHeight(aContent, fm);
}
nscoord ReflowInput::CalcLineHeight() const {
@@ -2718,7 +2727,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent,
float aFontSizeInflation) {
MOZ_ASSERT(aComputedStyle, "Must have a ComputedStyle");
- nscoord lineHeight = ComputeLineHeight(aComputedStyle, aPresContext,
+ nscoord lineHeight = ComputeLineHeight(aContent, aComputedStyle, aPresContext,
aBlockBSize, aFontSizeInflation);
NS_ASSERTION(lineHeight >= 0, "ComputeLineHeight screwed up");
@@ -2731,7 +2740,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent,
if (!lh.IsNormal()) {
RefPtr<nsFontMetrics> fm = nsLayoutUtils::GetFontMetricsForComputedStyle(
aComputedStyle, aPresContext, aFontSizeInflation);
- nscoord normal = GetNormalLineHeight(fm);
+ nscoord normal = GetNormalLineHeight(aContent, fm);
if (lineHeight < normal) {
lineHeight = normal;
}
diff --git a/layout/generic/test/mochitest.ini b/layout/generic/test/mochitest.ini
index bde689457ebc..af9dbe3c0444 100644
--- a/layout/generic/test/mochitest.ini
+++ b/layout/generic/test/mochitest.ini
@@ -145,3 +145,4 @@ skip-if = debug == true || tsan # the test is slow. tsan: bug 1612707
support-files =
file_reframe_for_lazy_load_image.html
[test_bug1655135.html]
+[test_tor_bug23104.html]
diff --git a/layout/generic/test/test_tor_bug23104.html b/layout/generic/test/test_tor_bug23104.html
new file mode 100644
index 000000000000..8ff1d2190c45
--- /dev/null
+++ b/layout/generic/test/test_tor_bug23104.html
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML>
+<meta charset="UTF-8">
+<html>
+<head>
+ <title>Test for Tor Bug #23104: CSS line-height reveals the platform Tor browser is running</title>
+ <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="application/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
+ <style type="text/css">
+ span {
+ background-color: #000;
+ color: #fff;
+ font-size: 16.5px;
+ }
+ </style>
+</head>
+<body>
+<span id="test1">Test1</span>
+<span id="test2">كلمة</span>
+<span id="test3">ação</span>
+<script>
+
+let setPref = async function (key, value) {
+ await SpecialPowers.pushPrefEnv({"set": [[key, value]]});
+}
+
+function getStyle(el, styleprop) {
+ el = document.getElementById(el);
+ return document.defaultView.getComputedStyle(el, null).getPropertyValue(styleprop);
+}
+
+function validateElement(elementName, isFingerprintResistent) {
+ var fontSize = getStyle(elementName, 'font-size');
+ var lineHeight = getStyle(elementName, 'line-height');
+ var validationCb = isFingerprintResistent ? is : isnot;
+ validationCb(parseFloat(lineHeight), Math.round(parseFloat(fontSize)) * 1.2, 'Line Height validation');
+}
+
+add_task(async function() {
+ await setPref("layout.css.line-height.normal-as-resolved-value.enabled", false);
+ for (let resistFingerprintingValue of [true, false]) {
+ await setPref("privacy.resistFingerprinting", resistFingerprintingValue);
+ for (let elementId of ['test1', 'test2', 'test3']) {
+ validateElement(elementId, resistFingerprintingValue);
+ }
+ }
+});
+
+</script>
+</body>
+</html>
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 16285: Exclude ClearKey system for now
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit e1570b864d319383a758e04b0854c50583746ec6
Author: Georg Koppen <gk(a)torproject.org>
Date: Mon May 22 12:44:40 2017 +0000
Bug 16285: Exclude ClearKey system for now
In the past the ClearKey system had not been compiled when specifying
--disable-eme. But that changed and it is even bundled nowadays (see:
Mozilla's bug 1300654). We don't want to ship it right now as the use
case for it is not really visible while the code had security
vulnerabilities in the past.
---
browser/installer/package-manifest.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
index 20383c143afe..fb4993acbe7f 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -459,8 +459,8 @@ bin/libfreebl_64int_3.so
#endif
; media
-@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@
-@RESPATH@/gmp-clearkey/0.1/manifest.json
+;@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@
+;@RESPATH@/gmp-clearkey/0.1/manifest.json
#ifdef MOZ_DMD
; DMD
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 27511: Add new identity button to toolbar
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit 9310bbd04ad82f4ce162771e148db3ea4675ad4d
Author: Alex Catarineu <acat(a)torproject.org>
Date: Fri Oct 4 19:08:33 2019 +0200
Bug 27511: Add new identity button to toolbar
Also added 'New circuit for this site' button to CustomizableUI, but
not visible by default.
---
browser/base/content/navigator-toolbox.inc.xhtml | 10 ++++++++++
.../components/customizableui/CustomizableUI.jsm | 21 +++++++++++++++++++++
browser/themes/shared/icons/new_circuit.svg | 6 ++++++
browser/themes/shared/icons/new_identity.svg | 9 +++++++++
browser/themes/shared/jar.inc.mn | 3 +++
browser/themes/shared/toolbarbutton-icons.inc.css | 8 ++++++++
6 files changed, 57 insertions(+)
diff --git a/browser/base/content/navigator-toolbox.inc.xhtml b/browser/base/content/navigator-toolbox.inc.xhtml
index efe981a74826..7359cec49696 100644
--- a/browser/base/content/navigator-toolbox.inc.xhtml
+++ b/browser/base/content/navigator-toolbox.inc.xhtml
@@ -572,6 +572,16 @@
ondragenter="newWindowButtonObserver.onDragOver(event)"
ondragexit="newWindowButtonObserver.onDragExit(event)"/>
+ <toolbarbutton id="new-identity-button" class="toolbarbutton-1 chromeclass-toolbar-additional"
+ label="&torbutton.context_menu.new_identity;"
+ oncommand="torbutton_new_identity();"
+ tooltiptext="&torbutton.context_menu.new_identity;"/>
+
+ <toolbarbutton id="new-circuit-button" class="toolbarbutton-1 chromeclass-toolbar-additional"
+ label="&torbutton.context_menu.new_circuit;"
+ oncommand="torbutton_new_circuit();"
+ tooltiptext="&torbutton.context_menu.new_circuit;"/>
+
<toolbarbutton id="fullscreen-button" class="toolbarbutton-1 chromeclass-toolbar-additional"
observes="View:FullScreen"
type="checkbox"
diff --git a/browser/components/customizableui/CustomizableUI.jsm b/browser/components/customizableui/CustomizableUI.jsm
index 8649d93347c4..5c5ab909b9a4 100644
--- a/browser/components/customizableui/CustomizableUI.jsm
+++ b/browser/components/customizableui/CustomizableUI.jsm
@@ -79,6 +79,8 @@ const kSubviewEvents = ["ViewShowing", "ViewHiding"];
*/
var kVersion = 17;
+var kTorVersion = 1;
+
/**
* Buttons removed from built-ins by version they were removed. kVersion must be
* bumped any time a new id is added to this. Use the button id as key, and
@@ -619,6 +621,20 @@ var CustomizableUIInternal = {
navbarPlacements.splice(newPosition, 0, "save-to-pocket-button");
}
}
+
+ let currentTorVersion = gSavedState.currentTorVersion;
+ if (currentTorVersion < 1 && gSavedState.placements) {
+ let navbarPlacements = gSavedState.placements[CustomizableUI.AREA_NAVBAR];
+ if (navbarPlacements) {
+ let secLevelIndex = navbarPlacements.indexOf("security-level-button");
+ if (secLevelIndex === -1) {
+ let urlbarIndex = navbarPlacements.indexOf("urlbar-container");
+ secLevelIndex = urlbarIndex + 1;
+ navbarPlacements.splice(secLevelIndex, 0, "security-level-button");
+ }
+ navbarPlacements.splice(secLevelIndex + 1, 0, "new-identity-button");
+ }
+ }
},
_updateForNewProtonVersion() {
@@ -2528,6 +2544,10 @@ var CustomizableUIInternal = {
gSavedState.currentVersion = 0;
}
+ if (!("currentTorVersion" in gSavedState)) {
+ gSavedState.currentTorVersion = 0;
+ }
+
gSeenWidgets = new Set(gSavedState.seen || []);
gDirtyAreaCache = new Set(gSavedState.dirtyAreaCache || []);
gNewElementCount = gSavedState.newElementCount || 0;
@@ -2606,6 +2626,7 @@ var CustomizableUIInternal = {
seen: gSeenWidgets,
dirtyAreaCache: gDirtyAreaCache,
currentVersion: kVersion,
+ currentTorVersion: kTorVersion,
newElementCount: gNewElementCount,
};
diff --git a/browser/themes/shared/icons/new_circuit.svg b/browser/themes/shared/icons/new_circuit.svg
new file mode 100644
index 000000000000..ddc819946818
--- /dev/null
+++ b/browser/themes/shared/icons/new_circuit.svg
@@ -0,0 +1,6 @@
+<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <g stroke="none" stroke-width="1" fill="context-fill" fill-rule="evenodd" opacity="context-fill-opacity">
+ <path d="m10.707 6h3.993l.3-.3v-3.993c.0002-.09902-.0291-.19586-.084-.27825s-.1331-.14661-.2245-.18453c-.0915-.03792-.1922-.04782-.2893-.02845-.0971.01936-.1863.06713-.2562.13723l-1.459 1.459c-1.2817-1.16743-2.95335-1.813714-4.687-1.812-3.859 0-7 3.141-7 7s3.141 7 7 7c1.74123.007 3.422-.6379 4.7116-1.8079 1.2896-1.1701 2.0945-2.7804 2.2564-4.5141.0156-.1649-.0348-.32927-.1401-.4571s-.2571-.2087-.4219-.2249c-.1644-.01324-.3275.03801-.4548.1429s-.2088.2552-.2272.4191c-.1334 1.42392-.7948 2.7464-1.854 3.7072-1.0593.9609-2.43986 1.4905-3.87 1.4848-3.171 0-5.75-2.579-5.75-5.75s2.579-5.75 5.75-5.75c1.40277-.00207 2.7572.5123 3.805 1.445l-1.451 1.451c-.07.06987-.1178.15895-.1372.25597-.0194.09701-.0096.1976.0282.28903.0378.09144.1019.1696.1841.22461.0823.055.179.08437.2779.08439z"/>
+ <path d="m8 12.5c-2.48528 0-4.5-2.0147-4.5-4.5 0-2.48528 2.01472-4.5 4.5-4.5z"/>
+ </g>
+</svg>
diff --git a/browser/themes/shared/icons/new_identity.svg b/browser/themes/shared/icons/new_identity.svg
new file mode 100644
index 000000000000..096ff169c02f
--- /dev/null
+++ b/browser/themes/shared/icons/new_identity.svg
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <g fill="context-fill" fill-opacity="context-fill-opacity">
+ <path d="m13.5383 14.5627c-.1712-.0053-.3194-.1334-.3505-.3028-.0419-.294-.1441-.5789-.3001-.8369-.2583-.1558-.5436-.2579-.838-.2998-.1694-.0313-.2974-.1793-.3026-.3501-.0053-.1708.1136-.3146.2813-.3402.2944-.0329.5762-.1254.8284-.272.1426-.2476.2313-.5243.2608-.8129.0237-.1679.1662-.2884.3372-.2851.1699.0042.3181.1295.3517.2973.0471.2931.1533.5763.312.8323.2565.1573.5396.263.8326.3109.1682.0345.2929.1836.2958.3536.0028.17-.1171.3116-.2843.3357-.2894.0285-.5669.1172-.8147.2604-.1462.2521-.2386.5335-.2717.8274-.025.167-.1675.2861-.3379.2822z"/>
+ <path d="m6.49858 2.99992c-.14675-.00459-.27377-.11436-.3004-.25961-.03593-.25196-.12354-.49621-.25729-.71731-.22137-.13358-.46594-.22109-.71822-.25699-.14526-.02682-.25492-.15363-.25945-.30004-.00454-.14641.09737-.26967.24112-.29164.25236-.02817.49393-.10747.71013-.233093.12217-.2123.19825-.449454.22353-.696834.0203-.143878.14242-.24714456.28897-.24434753.14565.00358504.27273.11100153.30149.25484453.0404.251183.13139.493923.2674.713349.21988.134841.46256.225461.71364.266481.14417.02957.25114.15744.25358.30313.00244.1457-.10035.26707-.24368.28774-.2481.02441-.48592.10041-.69835.22319-.1253.2161-.20449.45729-.23284.7092-.0214.14312-.14361.24521-.28963.24193z"/>
+ <path d="m1.82093 5.3609c-.15279-.00473-.28512-.11875-.31315-.26981-.02739-.18014-.08781-.35525-.1782-.51643-.16152-.09021-.336989-.15052-.517512-.17788-.151437-.02794-.265749-.16003-.270474-.31254-.004724-.15251.101518-.2809.251381-.30378.181146-.02145.355265-.07593.513815-.16075.08209-.15545.13363-.32622.15197-.50355.02095-.15059.14903-.25861.3025-.25512.15164.00368.28404.11525.31428.26484.03021.18029.09338.35503.18632.51538.16048.09192.33508.15452.51517.18469.1503.0308.26181.164.26435.31577.00254.15176-.10462.27819-.25404.29971-.17764.01914-.34855.07141-.50396.15412-.08502.1582-.13963.33194-.16114.5127-.022.14911-.14912.25571-.30131.25265z"/>
+ <path clip-rule="evenodd" d="m15.3213 1.06694c.2441-.244076.2441-.639804 0-.883882-.2441-.2440775-.6398-.2440774-.8839 0l-5.96506 5.965062h-.50519c-1.996-1.09517-4.49023.42233-6.49079 1.63948-.41545.25277-.80961.49258-1.173597.69335-.16756.10002-.289261.26641-.30145394.48048-.01219156.21407.06079654.41038.21802994.56743l1.243691 1.24224 2.37084-1.02603c.15392-.06661.30331.14022.18601.25753l-1.66213 1.6621 1.46329 1.4616 1.66126-1.6613c.1173-.1173.32413.0321.25752.186l-1.02482 2.3682 1.25462 1.2531c.15724.157.35379.23.56815.2178.19095-.0561.35851-.1561.45869-.3234.20012-.3592.43577-.7455.68321-1.1511 1.22241-2.0039 2.73233-4.47901 1.66484-6.47533v-.49654zm-7.46715 6.55077c1.12692 1.12692.64113 2.69369-.05278 3.70149h-.50137l-3.13-3.1492v-.5c1.00858-.68566 2.56556-1.17088 3.68415-.05229z" fill-rule="evenodd"/>
+ </g>
+</svg>
diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn
index c1039e790245..3b11a9864cf8 100644
--- a/browser/themes/shared/jar.inc.mn
+++ b/browser/themes/shared/jar.inc.mn
@@ -234,3 +234,6 @@
skin/classic/browser/places/tree-icons.css (../shared/places/tree-icons.css)
skin/classic/browser/privatebrowsing/aboutPrivateBrowsing.css (../shared/privatebrowsing/aboutPrivateBrowsing.css)
skin/classic/browser/privatebrowsing/favicon.svg (../shared/privatebrowsing/favicon.svg)
+
+ skin/classic/browser/new_circuit.svg (../shared/icons/new_circuit.svg)
+ skin/classic/browser/new_identity.svg (../shared/icons/new_identity.svg)
diff --git a/browser/themes/shared/toolbarbutton-icons.inc.css b/browser/themes/shared/toolbarbutton-icons.inc.css
index 76d3f4212406..e3e6f6486999 100644
--- a/browser/themes/shared/toolbarbutton-icons.inc.css
+++ b/browser/themes/shared/toolbarbutton-icons.inc.css
@@ -253,6 +253,14 @@ toolbar[brighttext]:-moz-lwtheme {
list-style-image: url("chrome://browser/skin/new-tab.svg");
}
+#new-identity-button {
+ list-style-image: url("chrome://browser/skin/new_identity.svg");
+}
+
+#new-circuit-button {
+ list-style-image: url("chrome://browser/skin/new_circuit.svg");
+}
+
#privatebrowsing-button {
list-style-image: url("chrome://browser/skin/privateBrowsing.svg");
}
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 26345: Hide tracking protection UI
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit db963651284cb1e1e95ee6256edfb67862164d3c
Author: Alex Catarineu <acat(a)torproject.org>
Date: Tue Sep 10 16:29:31 2019 +0200
Bug 26345: Hide tracking protection UI
---
browser/base/content/appmenu-viewcache.inc.xhtml | 4 ++--
browser/base/content/browser-siteIdentity.js | 4 ++--
browser/components/about/AboutRedirector.cpp | 4 ----
browser/components/about/components.conf | 1 -
browser/components/moz.build | 1 -
browser/themes/shared/preferences/privacy.css | 4 ++++
6 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/browser/base/content/appmenu-viewcache.inc.xhtml b/browser/base/content/appmenu-viewcache.inc.xhtml
index 5eb8448065ae..0812e0e84f45 100644
--- a/browser/base/content/appmenu-viewcache.inc.xhtml
+++ b/browser/base/content/appmenu-viewcache.inc.xhtml
@@ -24,7 +24,7 @@
oncommand="gSync.toggleAccountPanel(this, event)"/>
</toolbaritem>
<toolbarseparator class="sync-ui-item"/>
- <toolbaritem>
+ <toolbaritem hidden="true">
<toolbarbutton id="appMenu-protection-report-button"
class="subviewbutton subviewbutton-iconic"
oncommand="gProtectionsHandler.openProtections(); gProtectionsHandler.recordClick('open_full_report', null, 'app_menu');">
@@ -35,7 +35,7 @@
</label>
</toolbarbutton>
</toolbaritem>
- <toolbarseparator id="appMenu-tp-separator"/>
+ <toolbarseparator hidden="true" id="appMenu-tp-separator"/>
<toolbarbutton id="appMenu-new-window-button"
class="subviewbutton subviewbutton-iconic"
data-l10n-id="appmenuitem-new-window"
diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js
index b616e3d3a635..539dfb9206a7 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -919,10 +919,10 @@ var gIdentityHandler = {
gPermissionPanel.refreshPermissionIcons();
}
- // Hide the shield icon if it is a chrome page.
+ // Bug 26345: Hide tracking protection UI.
gProtectionsHandler._trackingProtectionIconContainer.classList.toggle(
"chromeUI",
- this._isSecureInternalUI
+ true
);
},
diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp
index 956e25c818e1..e6cf3fe0ef9f 100644
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -122,10 +122,6 @@ static const RedirEntry kRedirMap[] = {
nsIAboutModule::HIDE_FROM_ABOUTABOUT},
{"restartrequired", "chrome://browser/content/aboutRestartRequired.xhtml",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
- {"protections", "chrome://browser/content/protections.html",
- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
- nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
- nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS},
{"ion", "chrome://browser/content/ion.html",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
#ifdef TOR_BROWSER_UPDATE
diff --git a/browser/components/about/components.conf b/browser/components/about/components.conf
index a880a161a0f2..faf6107d6fa6 100644
--- a/browser/components/about/components.conf
+++ b/browser/components/about/components.conf
@@ -20,7 +20,6 @@ pages = [
'policies',
'preferences',
'privatebrowsing',
- 'protections',
'profiling',
'reader',
'restartrequired',
diff --git a/browser/components/moz.build b/browser/components/moz.build
index becff6b356b3..57ec3c51c5e9 100644
--- a/browser/components/moz.build
+++ b/browser/components/moz.build
@@ -45,7 +45,6 @@ DIRS += [
"preferences",
"privatebrowsing",
"prompts",
- "protections",
"protocolhandler",
"resistfingerprinting",
"search",
diff --git a/browser/themes/shared/preferences/privacy.css b/browser/themes/shared/preferences/privacy.css
index b55c242b4c05..154222f84b11 100644
--- a/browser/themes/shared/preferences/privacy.css
+++ b/browser/themes/shared/preferences/privacy.css
@@ -77,6 +77,10 @@
/* Content Blocking */
+#trackingGroup {
+ display: none;
+}
+
/* Override styling that sets descriptions as grey */
#trackingGroup description.indent,
#trackingGroup .indent > description {
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 31575: Replace Firefox Home (newtab) with about:tor
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit a54d2f12c7002f1364b8e31b5dc3f5c870b1e9b3
Author: Alex Catarineu <acat(a)torproject.org>
Date: Mon Sep 9 13:04:34 2019 +0200
Bug 31575: Replace Firefox Home (newtab) with about:tor
Avoid loading AboutNewTab in BrowserGlue.jsm in order
to avoid several network requests that we do not need. Besides,
about:newtab will now point to about:blank or about:tor (depending
on browser.newtabpage.enabled) and about:home will point to
about:tor.
---
browser/components/BrowserGlue.jsm | 33 ++----------------------
browser/components/newtab/AboutNewTabService.jsm | 15 +----------
browser/components/preferences/home.inc.xhtml | 4 +--
browser/components/preferences/preferences.xhtml | 5 +++-
browser/modules/HomePage.jsm | 2 +-
5 files changed, 10 insertions(+), 49 deletions(-)
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 7c3a7ace3ae9..6ef6b16eea1b 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -20,7 +20,6 @@ const { AppConstants } = ChromeUtils.import(
Cu.importGlobalProperties(["Glean"]);
XPCOMUtils.defineLazyModuleGetters(this, {
- AboutNewTab: "resource:///modules/AboutNewTab.jsm",
ActorManagerParent: "resource://gre/modules/ActorManagerParent.jsm",
AddonManager: "resource://gre/modules/AddonManager.jsm",
AppMenuNotifications: "resource://gre/modules/AppMenuNotifications.jsm",
@@ -212,28 +211,6 @@ let JSWINDOWACTORS = {
matches: ["about:logins", "about:logins?*", "about:loginsimportreport"],
},
- AboutNewTab: {
- parent: {
- moduleURI: "resource:///actors/AboutNewTabParent.jsm",
- },
- child: {
- moduleURI: "resource:///actors/AboutNewTabChild.jsm",
- events: {
- DOMContentLoaded: {},
- pageshow: {},
- visibilitychange: {},
- },
- },
- // The wildcard on about:newtab is for the ?endpoint query parameter
- // that is used for snippets debugging. The wildcard for about:home
- // is similar, and also allows for falling back to loading the
- // about:home document dynamically if an attempt is made to load
- // about:home?jscache from the AboutHomeStartupCache as a top-level
- // load.
- matches: ["about:home*", "about:welcome", "about:newtab*"],
- remoteTypes: ["privilegedabout"],
- },
-
AboutPlugins: {
parent: {
moduleURI: "resource:///actors/AboutPluginsParent.jsm",
@@ -1619,8 +1596,6 @@ BrowserGlue.prototype = {
// the first browser window has finished initializing
_onFirstWindowLoaded: function BG__onFirstWindowLoaded(aWindow) {
- AboutNewTab.init();
-
TabCrashHandler.init();
ProcessHangMonitor.init();
@@ -5336,12 +5311,8 @@ var AboutHomeStartupCache = {
return { pageInputStream: null, scriptInputStream: null };
}
- let state = AboutNewTab.activityStream.store.getState();
- return new Promise(resolve => {
- this._cacheDeferred = resolve;
- this.log.trace("Parent is requesting cache streams.");
- this._procManager.sendAsyncMessage(this.CACHE_REQUEST_MESSAGE, { state });
- });
+ this.log.error("Activity Stream is disabled in Tor Browser.");
+ return { pageInputStream: null, scriptInputStream: null };
},
/**
diff --git a/browser/components/newtab/AboutNewTabService.jsm b/browser/components/newtab/AboutNewTabService.jsm
index 44308daa2b2d..d98c014e3f9e 100644
--- a/browser/components/newtab/AboutNewTabService.jsm
+++ b/browser/components/newtab/AboutNewTabService.jsm
@@ -420,20 +420,7 @@ class BaseAboutNewTabService {
* the newtab page has no effect on the result of this function.
*/
get defaultURL() {
- // Generate the desired activity stream resource depending on state, e.g.,
- // "resource://activity-stream/prerendered/activity-stream.html"
- // "resource://activity-stream/prerendered/activity-stream-debug.html"
- // "resource://activity-stream/prerendered/activity-stream-noscripts.html"
- return [
- "resource://activity-stream/prerendered/",
- "activity-stream",
- // Debug version loads dev scripts but noscripts separately loads scripts
- this.activityStreamDebug && !this.privilegedAboutProcessEnabled
- ? "-debug"
- : "",
- this.privilegedAboutProcessEnabled ? "-noscripts" : "",
- ".html",
- ].join("");
+ return "about:tor";
}
get welcomeURL() {
diff --git a/browser/components/preferences/home.inc.xhtml b/browser/components/preferences/home.inc.xhtml
index 5bb936782ed9..e812d969837e 100644
--- a/browser/components/preferences/home.inc.xhtml
+++ b/browser/components/preferences/home.inc.xhtml
@@ -33,7 +33,7 @@
class="check-home-page-controlled"
data-preference-related="browser.startup.homepage">
<menupopup>
- <menuitem value="0" data-l10n-id="home-mode-choice-default" />
+ <menuitem value="0" label="&aboutTor.title;" />
<menuitem value="2" data-l10n-id="home-mode-choice-custom" />
<menuitem value="1" data-l10n-id="home-mode-choice-blank" />
</menupopup>
@@ -84,7 +84,7 @@
Preferences so we need to handle setting the pref manually.-->
<menulist id="newTabMode" flex="1" data-preference-related="browser.newtabpage.enabled">
<menupopup>
- <menuitem value="0" data-l10n-id="home-mode-choice-default" />
+ <menuitem value="0" label="&aboutTor.title;" />
<menuitem value="1" data-l10n-id="home-mode-choice-blank" />
</menupopup>
</menulist>
diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml
index 10faf11bfecd..2d29b382350d 100644
--- a/browser/components/preferences/preferences.xhtml
+++ b/browser/components/preferences/preferences.xhtml
@@ -14,7 +14,10 @@
<?xml-stylesheet href="chrome://browser/skin/preferences/privacy.css"?>
<?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPreferences.css"?>
-<!DOCTYPE html>
+<!DOCTYPE html [
+<!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd">
+ %aboutTorDTD;
+]>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:html="http://www.w3.org/1999/xhtml"
diff --git a/browser/modules/HomePage.jsm b/browser/modules/HomePage.jsm
index f73b0f3e6c8c..26618374df3a 100644
--- a/browser/modules/HomePage.jsm
+++ b/browser/modules/HomePage.jsm
@@ -21,7 +21,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
});
const kPrefName = "browser.startup.homepage";
-const kDefaultHomePage = "about:home";
+const kDefaultHomePage = "about:tor";
const kExtensionControllerPref =
"browser.startup.homepage_override.extensionControlled";
const kHomePageIgnoreListId = "homepage-urls";
1
0
[tor-browser/tor-browser-91.4.0esr-11.0-1] Bug 31607: App menu items stop working on macOS
by sysrqb@torproject.org 02 Dec '21
by sysrqb@torproject.org 02 Dec '21
02 Dec '21
commit 3396dfbf06b2d83cc58aea47f0212fdda824700c
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Thu Oct 3 10:53:43 2019 -0400
Bug 31607: App menu items stop working on macOS
Avoid re-creating the hidden window, since this causes the nsMenuBarX
object that is associated with the app menu to be freed (which in
turn causes all of the app menu items to stop working).
More detail: There should only be one hidden window.
XREMain::XRE_mainRun() contains an explicit call to create the
hidden window and that is the normal path by which it is created.
However, when Tor Launcher's wizard/progress window is opened during
startup, a hidden window is created earlier as a side effect of
calls to nsAppShellService::GetHiddenWindow(). Then, when
XREMain::XRE_mainRun() creates its hidden window, the original one
is freed which also causes the app menu's nsMenuBarX object which
is associated with that window to be destroyed. When that happens,
the menuGroupOwner property within each Cocoa menu items's MenuItemInfo
object is cleared. This breaks the link that is necessary for
NativeMenuItemTarget's menuItemHit method to dispatch a menu item
event.
---
xpfe/appshell/nsAppShellService.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/xpfe/appshell/nsAppShellService.cpp b/xpfe/appshell/nsAppShellService.cpp
index ed7c2227f4d4..e56cbfb77ca9 100644
--- a/xpfe/appshell/nsAppShellService.cpp
+++ b/xpfe/appshell/nsAppShellService.cpp
@@ -93,6 +93,10 @@ void nsAppShellService::EnsureHiddenWindow() {
NS_IMETHODIMP
nsAppShellService::CreateHiddenWindow() {
+ if (mHiddenWindow) {
+ return NS_OK;
+ }
+
if (!XRE_IsParentProcess()) {
return NS_ERROR_NOT_IMPLEMENTED;
}
1
0