August 2024 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag base-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch base-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 590ecd43 by Timothy Nikkel at 2024-08-05T10:25:19+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over … [View More]write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - ded2e90d by Jon Coppeard at 2024-08-05T10:25:20+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/aa9b97… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/aa9b97… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag tor-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch tor-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 76fd6391 by Timothy Nikkel at 2024-08-05T09:53:50+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over … [View More]write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - e2d05e0a by Jon Coppeard at 2024-08-05T09:53:51+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/804813… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/804813… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 823e74d9 by hackademix at 2024-08-05T09:11:58+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/… [View More]FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -55,6 +55,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -244,6 +244,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/823… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/823… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser][base-browser-115.14.0esr-13.5-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch base-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: aa9b979b by hackademix at 2024-08-05T09:09:37+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.… [View More]mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -55,6 +55,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -244,6 +244,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/aa9b979… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/aa9b979… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.14.0esr-13.5-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch tor-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 8048130a by hackademix at 2024-08-05T09:05:32+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.… [View More]mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -55,6 +55,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -244,6 +244,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8048130… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8048130… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41203: Tor Blog generation script uses the wrong url scheme for alpha releases
by boklm (＠boklm) 03 Aug '24

03 Aug '24

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: ce7944ec by Morgan at 2024-08-01T18:36:58+00:00 Bug 41203: Tor Blog generation script uses the wrong url scheme for alpha releases - - - - - 1 changed file: - tools/signing/create-blog-post Changes: ===================================== tools/signing/create-blog-post ===================================== @@ -9,31 +9,27 @@ var_is_defined blog_publish_user blog_directory content_dir="$… [View More]

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.1.0esr-14.0-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 02 Aug '24

02 Aug '24

ma1 pushed to branch mullvad-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: dccbed9e by hackademix at 2024-08-02T22:26:22+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/… [View More]FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -53,6 +53,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -285,6 +285,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/dcc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/dcc… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0

[Git][tpo/applications/tor-browser][base-browser-128.1.0esr-14.0-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 02 Aug '24

02 Aug '24

ma1 pushed to branch base-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: ac2dbd4d by hackademix at 2024-08-02T22:23:38+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.… [View More]mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -53,6 +53,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -285,6 +285,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ac2dbd4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ac2dbd4… You're receiving this email because of your account on gitlab.torproject.org. [View Less]

1 0