tbb-commits August 2024

tbb-commits@lists.torproject.org

1 participants
282 discussions

[Git][tpo/applications/tor-browser][tor-browser-128.1.0esr-14.0-1] 4 commits: fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
by morgan (＠morgan) 22 Aug '24

22 Aug '24

morgan pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: a7f45e05 by Pier Angelo Vendrame at 2024-08-22T14:02:09+02:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Bug 43074: Pass the browser to TorDomainIsolator.newCircuitForBrowser. - - - - - d25a948d by Pier Angelo Vendrame at 2024-08-22T14:03:09+02:00 fixup! Bug 41600: Add a tor circuit display panel. Bug 43074: Pass the browser to TorDomainIsolator.newCircuitForBrowser. - - - - - 6ca3c329 by Pier Angelo Vendrame at 2024-08-22T14:03:41+02:00 fixup! Bug 40209: Implement Basic Crypto Safety Bug 43074: Pass the browser to TorDomainIsolator.newCircuitForBrowser. - - - - - da2d11fa by Pier Angelo Vendrame at 2024-08-22T14:05:24+02:00 Bug 42247: Android helpers for the TorProvider Bug 42655: Add a backend function for the "New circuit for this site" functionality. - - - - - 9 changed files: - browser/actors/CryptoSafetyParent.sys.mjs - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-sets.inc - browser/base/content/navigator-toolbox.inc.xhtml - browser/components/torcircuit/content/torCircuitPanel.js - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java - mobile/shared/modules/geckoview/GeckoViewContent.sys.mjs - toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs Changes: ===================================== browser/actors/CryptoSafetyParent.sys.mjs ===================================== @@ -67,7 +67,7 @@ export class CryptoSafetyParent extends JSWindowActorParent { const browser = browsingContext.embedderElement; if (browser) { lazy.TorDomainIsolator.newCircuitForBrowser( - browser.ownerGlobal.gBrowser + browser.ownerGlobal.gBrowser.selectedBrowser ); } } ===================================== browser/base/content/appmenu-viewcache.inc.xhtml ===================================== @@ -56,7 +56,7 @@ class="subviewbutton" key="new-circuit-key" data-l10n-id="appmenuitem-new-tor-circuit" - oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser);"/> + oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser.selectedBrowser);"/> <toolbarseparator/> <toolbarbutton id="appMenu-bookmarks-button" class="subviewbutton subviewbutton-nav" ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -33,7 +33,7 @@ key="new-identity-key" data-l10n-id="menu-new-identity"/> <menuitem id="menu_newCircuit" key="new-circuit-key" data-l10n-id="menu-new-tor-circuit" - oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser);"/> + oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser.selectedBrowser);"/> <menuseparator/> <menuitem id="menu_openLocation" hidden="true" ===================================== browser/base/content/browser-sets.inc ===================================== @@ -392,5 +392,5 @@ internal="true"/> #endif <key id="new-identity-key" modifiers="accel shift" key="U" oncommand="NewIdentityButton.onCommand(event)"/> - <key id="new-circuit-key" modifiers="accel shift" key="L" oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser)"/> + <key id="new-circuit-key" modifiers="accel shift" key="L" oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser.selectedBrowser)"/> </keyset> ===================================== browser/base/content/navigator-toolbox.inc.xhtml ===================================== @@ -621,7 +621,7 @@ <toolbarbutton id="new-circuit-button" class="toolbarbutton-1 chromeclass-toolbar-additional" data-l10n-id="toolbar-new-tor-circuit" - oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser);"/> + oncommand="TorDomainIsolator.newCircuitForBrowser(gBrowser.selectedBrowser);"/> <toolbarbutton id="fullscreen-button" class="toolbarbutton-1 chromeclass-toolbar-additional" observes="View:FullScreen" ===================================== browser/components/torcircuit/content/torCircuitPanel.js ===================================== @@ -127,7 +127,7 @@ var gTorCircuitPanel = { document .getElementById("tor-circuit-new-circuit") .addEventListener("command", () => { - TorDomainIsolator.newCircuitForBrowser(gBrowser); + TorDomainIsolator.newCircuitForBrowser(gBrowser.selectedBrowser); }); // Update the display just before opening. ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -2610,6 +2610,14 @@ public class GeckoSession { return mEventDispatcher.queryBundle("GeckoView:GetTorCircuit"); } + /** + * Change the circuit for this session. + */ + @UiThread + public void newTorCircuit() { + mEventDispatcher.dispatch("GeckoView:NewTorCircuit"); + } + /** * Set this GeckoSession as active or inactive, which represents if the session is currently * visible or not. Setting a GeckoSession to inactive will significantly reduce its memory ===================================== mobile/shared/modules/geckoview/GeckoViewContent.sys.mjs ===================================== @@ -40,6 +40,7 @@ export class GeckoViewContent extends GeckoViewModule { "GeckoView:ZoomToInput", "GeckoView:IsPdfJs", "GeckoView:GetTorCircuit", + "GeckoView:NewTorCircuit", ]); } @@ -313,6 +314,9 @@ export class GeckoViewContent extends GeckoViewModule { case "GeckoView:GetTorCircuit": this._getTorCircuit(aCallback); break; + case "GeckoView:NewTorCircuit": + this._newTorCircuit(aCallback); + break; } } @@ -437,6 +441,11 @@ export class GeckoViewContent extends GeckoViewModule { } } + _newTorCircuit(aCallback) { + lazy.TorDomainIsolator.newCircuitForBrowser(this.browser); + aCallback?.onSuccess(); + } + async _containsFormData(aCallback) { aCallback.onSuccess(await this.actor.containsFormData()); } ===================================== toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs ===================================== @@ -225,11 +225,9 @@ class TorDomainIsolatorImpl { * Create a new nonce for the FP domain of the selected browser and reload the * tab with a new circuit. * - * @param {object} globalBrowser Should be the gBrowser from the context of - * the caller + * @param {object} browser The browser we want to change the circuit for. */ - newCircuitForBrowser(globalBrowser) { - const browser = globalBrowser.selectedBrowser; + newCircuitForBrowser(browser) { const firstPartyDomain = getDomainForBrowser(browser); this.newCircuitForDomain(firstPartyDomain); const { username, password } = this.#getSocksProxyCredentials( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3b1892… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3b1892… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.1.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 22 Aug '24

22 Aug '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 53f02328 by Morgan at 2024-08-22T09:36:35+02:00 fixup! Firefox preference overrides. Bug 42604: Remove safe-browsing google prefs - - - - - 1 changed file: - modules/libpref/init/all.js Changes: ===================================== modules/libpref/init/all.js ===================================== @@ -3529,6 +3529,8 @@ pref("browser.safebrowsing.downloads.remote.block_uncommon", true); // Android SafeBrowsing's configuration is in ContentBlocking.java, keep in sync. #ifndef MOZ_WIDGET_ANDROID +// tor-browser#42604: safe-browsing is disabled elsewhere, but no reason to ship scary google prefs +#ifndef BASE_BROWSER_VERSION // Google Safe Browsing provider (legacy) pref("browser.safebrowsing.provider.google.pver", "2.2"); pref("browser.safebrowsing.provider.google.lists", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar"); @@ -3552,6 +3554,7 @@ pref("browser.safebrowsing.provider.google4.advisoryURL", "https://developers.go pref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing"); pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobu…"); pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); +#endif // ifndef BASE_BROWSER_VERSION #endif // ifndef MOZ_WIDGET_ANDROID View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/53f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/53f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.1.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 22 Aug '24

22 Aug '24

Pier Angelo Vendrame pushed to branch base-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 1a4edd77 by Morgan at 2024-08-22T09:36:46+02:00 fixup! Firefox preference overrides. Bug 42604: Remove safe-browsing google prefs - - - - - 1 changed file: - modules/libpref/init/all.js Changes: ===================================== modules/libpref/init/all.js ===================================== @@ -3529,6 +3529,8 @@ pref("browser.safebrowsing.downloads.remote.block_uncommon", true); // Android SafeBrowsing's configuration is in ContentBlocking.java, keep in sync. #ifndef MOZ_WIDGET_ANDROID +// tor-browser#42604: safe-browsing is disabled elsewhere, but no reason to ship scary google prefs +#ifndef BASE_BROWSER_VERSION // Google Safe Browsing provider (legacy) pref("browser.safebrowsing.provider.google.pver", "2.2"); pref("browser.safebrowsing.provider.google.lists", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar"); @@ -3552,6 +3554,7 @@ pref("browser.safebrowsing.provider.google4.advisoryURL", "https://developers.go pref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing"); pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobu…"); pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); +#endif // ifndef BASE_BROWSER_VERSION #endif // ifndef MOZ_WIDGET_ANDROID View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1a4edd7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1a4edd7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.1.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 22 Aug '24

22 Aug '24

Pier Angelo Vendrame pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 3b18923a by Morgan at 2024-08-22T07:34:26+00:00 fixup! Firefox preference overrides. Bug 42604: Remove safe-browsing google prefs - - - - - 1 changed file: - modules/libpref/init/all.js Changes: ===================================== modules/libpref/init/all.js ===================================== @@ -3529,6 +3529,8 @@ pref("browser.safebrowsing.downloads.remote.block_uncommon", true); // Android SafeBrowsing's configuration is in ContentBlocking.java, keep in sync. #ifndef MOZ_WIDGET_ANDROID +// tor-browser#42604: safe-browsing is disabled elsewhere, but no reason to ship scary google prefs +#ifndef BASE_BROWSER_VERSION // Google Safe Browsing provider (legacy) pref("browser.safebrowsing.provider.google.pver", "2.2"); pref("browser.safebrowsing.provider.google.lists", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar"); @@ -3552,6 +3554,7 @@ pref("browser.safebrowsing.provider.google4.advisoryURL", "https://developers.go pref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing"); pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobu…"); pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); +#endif // ifndef BASE_BROWSER_VERSION #endif // ifndef MOZ_WIDGET_ANDROID View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3b18923… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3b18923… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.1.0esr-14.0-1] fixup! Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
by Pier Angelo Vendrame (＠pierov) 22 Aug '24

22 Aug '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 91750307 by Morgan at 2024-08-22T09:30:50+02:00 fixup! Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots - Revert 612d54e8e97017891865db8003826d8688ad5a9b - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -1538,20 +1538,6 @@ BrowserGlue.prototype = { // Base Browser-specific version of _migrateUI. this._migrateUIBB(); - // Clear possibly auto enabled enterprise_roots prefs (see bug 40166) - if ( - !Services.prefs.getBoolPref( - "security.certerrors.mitm.auto_enable_enterprise_roots" - ) && - Services.prefs.getBoolPref( - "security.enterprise_roots.auto-enabled", - false - ) - ) { - Services.prefs.clearUserPref("security.enterprise_roots.enabled"); - Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled"); - } - if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) { lazy.PdfJs.checkIsDefault(this._isNewProfile); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/917… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/917… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.1.0esr-14.0-1] fixup! Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
by Pier Angelo Vendrame (＠pierov) 22 Aug '24

22 Aug '24

Pier Angelo Vendrame pushed to branch base-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 8b6e208e by Morgan at 2024-08-22T09:29:41+02:00 fixup! Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots - Revert 612d54e8e97017891865db8003826d8688ad5a9b - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -1557,20 +1557,6 @@ BrowserGlue.prototype = { // Base Browser-specific version of _migrateUI. this._migrateUIBB(); - // Clear possibly auto enabled enterprise_roots prefs (see bug 40166) - if ( - !Services.prefs.getBoolPref( - "security.certerrors.mitm.auto_enable_enterprise_roots" - ) && - Services.prefs.getBoolPref( - "security.enterprise_roots.auto-enabled", - false - ) - ) { - Services.prefs.clearUserPref("security.enterprise_roots.enabled"); - Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled"); - } - if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) { lazy.PdfJs.checkIsDefault(this._isNewProfile); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8b6e208… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8b6e208… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.1.0esr-14.0-1] fixup! Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
by Pier Angelo Vendrame (＠pierov) 22 Aug '24

22 Aug '24

Pier Angelo Vendrame pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 73f74173 by Morgan at 2024-08-22T02:23:04+00:00 fixup! Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots - Revert 612d54e8e97017891865db8003826d8688ad5a9b - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -1640,20 +1640,6 @@ BrowserGlue.prototype = { // _migrateUI to make sure this._isNewProfile has been defined. this._migrateUITBB(); - // Clear possibly auto enabled enterprise_roots prefs (see bug 40166) - if ( - !Services.prefs.getBoolPref( - "security.certerrors.mitm.auto_enable_enterprise_roots" - ) && - Services.prefs.getBoolPref( - "security.enterprise_roots.auto-enabled", - false - ) - ) { - Services.prefs.clearUserPref("security.enterprise_roots.enabled"); - Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled"); - } - if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) { lazy.PdfJs.checkIsDefault(this._isNewProfile); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/73f7417… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/73f7417… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.14.0esr-13.5-1] fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in...
by morgan (＠morgan) 22 Aug '24

22 Aug '24

morgan pushed to branch tor-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: dbdcd092 by Henry Wilkes at 2024-08-22T01:29:55+00:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 42697: Remove inline-start padding from tor bridge provider list. - - - - - 1 changed file: - browser/components/torpreferences/content/torPreferences.css Changes: ===================================== browser/components/torpreferences/content/torPreferences.css ===================================== @@ -724,6 +724,7 @@ button.spoof-button-disabled { /* 16px gap between items. */ gap: 16px 12px; margin-block: 16px; + padding: 0; } .tor-bridges-provider-item { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdcd09… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdcd09… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] fixup! Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 21 Aug '24

21 Aug '24

ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 56186dd9 by hackademix at 2024-08-22T00:37:37+02:00 fixup! Bug 42835: Create an actor to filter file data transfers Bug 43064: Make file filtering more specific - - - - - 1 changed file: - toolkit/actors/FilesFilterChild.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -12,11 +12,14 @@ ChromeUtils.defineLazyGetter(lazy, "console", () => { export class FilesFilterChild extends JSWindowActorChild { handleEvent(event) { + if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) { + return; + } // drop or paste const { composedTarget } = event; const dt = event.clipboardData || event.dataTransfer; - if (dt.files.length) { + if ([...dt.files].some(f => f.mozFullPath)) { if ( ["HTMLInputElement", "HTMLTextAreaElement"].includes( ChromeUtils.getClassName(composedTarget) @@ -25,7 +28,7 @@ export class FilesFilterChild extends JSWindowActorChild { event.preventDefault(); lazy.console.log( `Preventing path leak on ${event.type} for ${[...dt.files] - .map(f => f.name) + .map(f => `${f.name} (${f.mozFullPath})`) .join(", ")}.` ); } @@ -33,7 +36,7 @@ export class FilesFilterChild extends JSWindowActorChild { } // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths - if (!(event.clipboardData && dt.getData("text"))) { + if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) { return; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/561… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/561… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.14.0esr-13.5-1] fixup! Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 21 Aug '24

21 Aug '24

ma1 pushed to branch base-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 18be328e by hackademix at 2024-08-22T00:37:33+02:00 fixup! Bug 42835: Create an actor to filter file data transfers Bug 43064: Make file filtering more specific - - - - - 1 changed file: - toolkit/actors/FilesFilterChild.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -12,11 +12,14 @@ ChromeUtils.defineLazyGetter(lazy, "console", () => { export class FilesFilterChild extends JSWindowActorChild { handleEvent(event) { + if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) { + return; + } // drop or paste const { composedTarget } = event; const dt = event.clipboardData || event.dataTransfer; - if (dt.files.length) { + if ([...dt.files].some(f => f.mozFullPath)) { if ( ["HTMLInputElement", "HTMLTextAreaElement"].includes( ChromeUtils.getClassName(composedTarget) @@ -25,7 +28,7 @@ export class FilesFilterChild extends JSWindowActorChild { event.preventDefault(); lazy.console.log( `Preventing path leak on ${event.type} for ${[...dt.files] - .map(f => f.name) + .map(f => `${f.name} (${f.mozFullPath})`) .join(", ")}.` ); } @@ -33,7 +36,7 @@ export class FilesFilterChild extends JSWindowActorChild { } // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths - if (!(event.clipboardData && dt.getData("text"))) { + if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) { return; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/18be328… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/18be328… You're receiving this email because of your account on gitlab.torproject.org.

1 0

← Newer
1
...
9
10
11
12
13
14
15
...
29
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits August 2024