March 2025 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.5a4-build1
by morgan (＠morgan) 11 Mar '25

11 Mar '25

morgan pushed new tag tbb-14.5a4-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41369,41370: Prepare Tor+Mullvad Browser 14.5a4
by morgan (＠morgan) 11 Mar '25

11 Mar '25

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 136839a7 by Morgan at 2025-03-11T17:29:48+00:00 Bug 41369,41370: Prepare Tor+Mullvad Browser 14.5a4 - - - - - 9 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/firefox/config - projects/geckoview/config - projects/go/config - projects/openssl/config - projects/translation/config - projects/zstd/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,27 @@ +Mullvad Browser 14.5a4 - March 12 2025 + * All Platforms + * Updated Firefox to 128.8.0esr + * Bug 393: Rebase Mullvad Browser Alpha onto 128.8.0esr [mullvad-browser] + * Bug 395: Set Mullvad Leta as default search engine [mullvad-browser] + * Bug 404: Incorrect information in `about:rights` [mullvad-browser] + * Bug 43205: newwin / letterboxing rounding with subpixels is off [tor-browser] + * Bug 43551: Backport Mozilla Bug 1924070 - modify H.264 extradata to match sample conversion code.... [tor-browser] + * Linux + * Bug 394: Missing package when try to install Mullvad Browser in Debian Trixie [mullvad-browser] + * Bug 30970: Different window borders in XFCE can lead to different, not rounded window sizes [tor-browser] + * Build System + * All Platforms + * Bug 40799: Remove legacy locale iteration in build and signing scripts [tor-browser-build] + * Bug 41040: Add configuration to rbm.conf to select channel and platforms [tor-browser-build] + * Bug 41363: Change update-response generation script to create one commit per OS+arch tuple [tor-browser-build] + * Bug 41374: Remove support for migrate_archs and migrate_langs in update_responses [tor-browser-build] + * Bug 41380: Update kick-devmole script to use Mullvad's new GitHub action [tor-browser-build] + * Bug 41381: Usability improvements for the browser commit tagging script [tor-browser-build] + * Bug 41382: Replace gitlab templates ReleasePrep label references with Apps::Type::ReleasePreparation [tor-browser-build] + * Bug 41383: Add clairehurst to list of accepted firefox/geckoview signers [tor-browser-build] + * Bug 41389: Remove need to update set-config.tbb-version [tor-browser-build] + * Bug 40082: With `fetch: if_needed`, rbm is doing a git fetch when it shouldn't, when using a fixed commit [rbm] + Mullvad Browser 14.5a3 - February 10 2025 * All Platforms * Updated Firefox to 128.7.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,59 @@ +Tor Browser 14.5a4 - March 12 2025 + * All Platforms + * Updated OpenSSL to 3.0.16 + * Bug 43446: Change the Tor Browser name between releases [tor-browser] + * Bug 43463: Include moat circumvention countries in the build (tor-browser part) [tor-browser] + * Bug 43487: Rebase Tor Browser Alpha onto 128.8.0esr [tor-browser] + * Bug 43529: AutoBootstrapAttempt cancel does not await BootstrapAttempt.cancel [tor-browser] + * Bug 43524: Enable new locales: be, bg and pt-PT [tor-browser] + * Bug 43551: Backport Mozilla Bug 1924070 - modify H.264 extradata to match sample conversion code.... [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.8.0esr + * Bug 40473: Tor logs do not update in about:preferences#tor as new logs come in [tor-browser] + * Bug 43205: newwin / letterboxing rounding with subpixels is off [tor-browser] + * Bug 43328: Improve tor log dialog [tor-browser] + * Bug 43465: Show the urlbar Connect button during a bootstrap or final error [tor-browser] + * Bug 43469: Rename "Quickstart" toggle as "Connect automatically" (Desktop) [tor-browser] + * Bug 43502: Move openTorConnect and getRedirectUrl to TorConnectParent [tor-browser] + * Bug 43504: Implement User Survey UX (Desktop) [tor-browser] + * Bug 43547: Cannot remove the final bridge [tor-browser] + * Linux + * Bug 30970: Different window borders in XFCE can lead to different, not rounded window sizes [tor-browser] + * Android + * Updated GeckoView to 128.8.0esr + * Updated Zstandard to 1.5.7 + * Bug 43329: Remove remaining traces of the old Bootstrap on Android [tor-browser] + * Bug 43408: Access TorConnect.quickstart separately from TorSettings.getSettings on Android [tor-browser] + * Bug 43480: Split up TorConnectionAssistViewModel for better readibility and performance. [tor-browser] + * Bug 43498: Uplift tor-browser#43129: about:neterror cannot display SVG on Android with Security Level Safest [tor-browser] + * Bug 43528: Improper handling of TorBootstrapChangeListener in HomeActivity [tor-browser] + * Build System + * All Platforms + * Updated Go to 1.23.7 + * Bug 41040: Add configuration to rbm.conf to select channel and platforms [tor-browser-build] + * Bug 41121: Use the official Go binaries for bootstrapping [tor-browser-build] + * Bug 41372: Handle branding names in tor-browser-build [tor-browser-build] + * Bug 41379: Include moat circumvention countries in the build (tor-browser-build part) [tor-browser-build] + * Bug 41380: Update kick-devmole script to use Mullvad's new GitHub action [tor-browser-build] + * Bug 41381: Usability improvements for the browser commit tagging script [tor-browser-build] + * Bug 41382: Replace gitlab templates ReleasePrep label references with Apps::Type::ReleasePreparation [tor-browser-build] + * Bug 41383: Add clairehurst to list of accepted firefox/geckoview signers [tor-browser-build] + * Bug 41384: OpenSSL hash files have changed format [tor-browser-build] + * Bug 41389: Remove need to update set-config.tbb-version [tor-browser-build] + * Bug 40082: With `fetch: if_needed`, rbm is doing a git fetch when it shouldn't, when using a fixed commit [rbm] + * Windows + macOS + Linux + * Bug 40799: Remove legacy locale iteration in build and signing scripts [tor-browser-build] + * Bug 41363: Change update-response generation script to create one commit per OS+arch tuple [tor-browser-build] + * Bug 41374: Remove support for migrate_archs and migrate_langs in update_responses [tor-browser-build] + * Windows + Linux + Android + * Bug 41386: Upgrade Go to 1.23 for Windows, Linux, and Android [tor-browser-build] + * Linux + * Bug 41337: Remove libstdc++ from Linux tor-expert-bundle [tor-browser-build] + * Android + * Bug 42669: Remove dependency on Application-Services [tor-browser] + * Bug 43518: Verify existence of localProperties.dependencySubstitutions.geckoviewTopsrcdir before substituting [tor-browser] + * Bug 41387: Fix Golang toolchain breakage for lyrebird: linkname [tor-browser-build] + Tor Browser 14.5a3 - February 10 2025 * All Platforms * Bug 41065: navigator.storage "best effort" + "persistent" leak partitionSize/totalSpace entropy [tor-browser] ===================================== projects/firefox/config ===================================== @@ -20,7 +20,7 @@ var: browser_series: '14.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 1 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }).remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/geckoview/config ===================================== @@ -22,7 +22,7 @@ var: browser_series: '14.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 1 + browser_build: 2 gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }) %]' deps: ===================================== projects/go/config ===================================== @@ -1,11 +1,11 @@ # vim: filetype=yaml sw=2 -version: '1.23.6' +version: '1.23.7' filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 var: - source_sha256: 039c5b04e65279daceee8a6f71e70bd05cf5b801782b6f77c6e19e2ed0511222 + source_sha256: 7cfabd46b73eb4c26b19d69515dd043d7183a6559acccd5cfdb25eb6b266a458 no_crosscompile: 1 setup: | mkdir -p /var/tmp/dist ===================================== projects/openssl/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.0.15 +version: 3.0.16 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -36,5 +36,5 @@ input_files: - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://github.com/openssl/openssl/releases/download/openssl-[% c("version") %]/openssl-[% c("version") %].tar.gz' - sha256sum: 23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533 + sha256sum: 57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86 name: openssl ===================================== projects/translation/config ===================================== @@ -12,19 +12,19 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 93eddbd3888852c09e130d536fb3c9bd7e4e6f57 + git_hash: 292c09a35bcda153068e77a35107baf034929067 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: e7a334a4adb16e506515940e81f41964ef16af76 + git_hash: f969264d8ca95f8d75a8dfcd61b78cb7f7e5f385 targets: nightly: git_hash: 'tor-browser' mullvad-browser: mullvad-browser: '[% INCLUDE build %]' - git_hash: 6a1ef41c664a5185e25ca2c4bbf5d7447bd888a7 + git_hash: ceaea33b0fa3ad7cf0f563392185bc9e8519079f targets: nightly: git_hash: 'mullvad-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: e4f5825b1125e2c8c2aa8d4fdaa7e002d8f2934a + git_hash: 16ce780d14da56fd304d2bde886848a6ca19d512 compress_tar: 'zst' targets: nightly: ===================================== projects/zstd/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 -version: 1.5.6 +version: 1.5.7 git_url: https://github.com/facebook/zstd.git -git_hash: 794ea1b0afca0f020f4e57b6732332231fb23c70 +git_hash: f8745da6ff1ad1e7bab384bd1f9d742439278e99 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: ===================================== rbm.conf ===================================== @@ -73,11 +73,11 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '14.5a3' + torbrowser_version: '14.5a4' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2025/02/10 18:18:25' + browser_release_date: '2025/03/11 16:46:53' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' browser_default_channel: alpha browser_platforms: @@ -96,10 +96,9 @@ var: updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - 14.5a3 - 14.5a2 - 14.5a1 - - '[% IF c("var/mullvad-browser") %]14.0a10[% END %]' - - '[% IF c("var/tor-browser") %]14.0a9[% END %]' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' # By default, we sort the list of installed packages. This allows sharing View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 43524: Enable new locales: be (Belarusian), bg (Bulgarian) and pt-PT (Portugal Portguese)
by morgan (＠morgan) 11 Mar '25

11 Mar '25

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: d6c1620f by Morgan at 2025-03-11T16:43:13+00:00 Bug 43524: Enable new locales: be (Belarusian), bg (Bulgarian) and pt-PT (Portugal Portguese) - - - - - 2 changed files: - projects/browser/windows-installer/add-strings.py - rbm.conf Changes: ===================================== projects/browser/windows-installer/add-strings.py ===================================== @@ -27,6 +27,8 @@ args = parser.parse_args() # languages.nsh. languages = { "ar": "Arabic", + "be": "Belarusian", + "bg": "Bulgarian", "ca": "Catalan", "cs": "Czech", "da": "Danish", @@ -54,6 +56,7 @@ languages = { "nl": "Dutch", "pl": "Polish", "pt-BR": "PortugueseBR", + "pt-PT": "Portuguese", "ro": "Romanian", "ru": "Russian", "sq": "Albanian", @@ -64,10 +67,6 @@ languages = { "vi": "Vietnamese", "zh-CN": "SimpChinese", "zh-TW": "TradChinese", - # Nightly-only at the moment - "be": "Belarusian", - "bg": "Bulgarian", - "pt-PT": "Portuguese", } replacements = { ===================================== rbm.conf ===================================== @@ -133,6 +133,8 @@ var: # projects/browser/windows-installer/add-strings.py. locales: - ar + - be + - bg - ca - cs - da @@ -159,6 +161,7 @@ var: - nl - pl - pt-BR + - pt-PT - ro - ru - sq @@ -169,11 +172,10 @@ var: - vi - zh-CN - zh-TW - - '[% IF c("var/nightly") %]be[% END %]' - - '[% IF c("var/nightly") %]bg[% END %]' - - '[% IF c("var/nightly") %]pt-PT[% END %]' locales_mobile: - ar + - be + - bg - ca - cs - da @@ -200,6 +202,7 @@ var: - nl - pl - pt-rBR + - pt-rPT - ro - ru - sq View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.8.0esr-14.5-1-build2
by ma1 (＠ma1) 11 Mar '25

11 Mar '25

ma1 pushed new tag mullvad-browser-128.8.0esr-14.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.8.0esr-14.5-1] 5 commits: Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp]
by ma1 (＠ma1) 11 Mar '25

11 Mar '25

ma1 pushed to branch mullvad-browser-128.8.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: dfb650ec by Tara at 2025-03-11T16:16:15+01:00 Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp] Differential Revision: https://phabricator.services.mozilla.com/D236606 - - - - - df562bda by John Schanck at 2025-03-11T16:16:16+01:00 Bug 1922357 - disallow the fido: URI scheme. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D237313 Differential Revision: https://phabricator.services.mozilla.com/D238681 - - - - - 6edc4c91 by Jeff Boek at 2025-03-11T16:16:17+01:00 Bug 1928334 - Handles animating activities a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D238342 Differential Revision: https://phabricator.services.mozilla.com/D238845 - - - - - 569862aa by Tom Schuster at 2025-03-11T16:16:19+01:00 Bug 1942022 - Improve the about:protections CSP. r=firefox-desktop-core-reviewers ,mossop Differential Revision: https://phabricator.services.mozilla.com/D234507 - - - - - 12c981ec by Tom Schuster at 2025-03-11T16:16:20+01:00 Bug 1942025 - Improve the about:privatebrowsing CSP. r=firefox-desktop-core-reviewers ,Gijs Differential Revision: https://phabricator.services.mozilla.com/D234508 - - - - - 11 changed files: - browser/components/privatebrowsing/content/aboutPrivateBrowsing.html - browser/components/protections/content/protections.html - mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt - mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt - mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java Changes: ===================================== browser/components/privatebrowsing/content/aboutPrivateBrowsing.html ===================================== @@ -10,7 +10,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; img-src chrome: blob:; object-src 'none';" /> <meta name="color-scheme" content="light dark" /> <link rel="icon" href="chrome://browser/skin/privatebrowsing/favicon.svg" /> ===================================== browser/components/protections/content/protections.html ===================================== @@ -8,7 +8,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; object-src 'none'" /> <meta name="color-scheme" content="light dark" /> <link rel="localization" href="branding/brand.ftl" /> ===================================== mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt ===================================== @@ -1818,7 +1818,7 @@ class GeckoEngineSession( internal const val ABOUT_BLANK = "about:blank" internal const val JS_SCHEME = "javascript" internal val BLOCKED_SCHEMES = - listOf("file", "resource", JS_SCHEME) // See 1684761 and 1684947 + listOf("file", "resource", "fido", JS_SCHEME) // See 1684761 and 1684947 /** * Provides an ErrorType corresponding to the error code provided. ===================================== mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt ===================================== @@ -631,6 +631,11 @@ class GeckoEngineSessionTest { engineSession.loadUrl("RESOURCE://package/test.text") verify(geckoSession, never()).load(GeckoSession.Loader().uri("resource://package/test.text")) verify(geckoSession, never()).load(GeckoSession.Loader().uri("RESOURCE://package/test.text")) + + engineSession.loadUrl("fido:/12345678") + engineSession.loadUrl("FIDO:/12345678") + verify(geckoSession, never()).load(GeckoSession.Loader().uri("fido:/12345678")) + verify(geckoSession, never()).load(GeckoSession.Loader().uri("FIDO:/12345678")) } @Test ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt ===================================== @@ -313,6 +313,7 @@ class AppLinksUseCases( "https", "moz-extension", "moz-safe-about", "resource", "view-source", "ws", "wss", "blob", ) - internal val ALWAYS_DENY_SCHEMES: Set<String> = setOf("jar", "file", "javascript", "data", "about", "content") + internal val ALWAYS_DENY_SCHEMES: Set<String> = + setOf("jar", "file", "javascript", "data", "about", "content", "fido") } } ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt ===================================== @@ -47,6 +47,7 @@ class AppLinksUseCasesTest { private val javascriptUrl = "javascript:'hello, world'" private val jarUrl = "jar:file://some/path/test.html" private val contentUrl = "content://media/external_primary/downloads/12345" + private val fidoPath = "fido:12345678" private val fileType = "audio/mpeg" private val layerUrl = "https://example.com" private val layerPackage = "com.example.app" @@ -215,6 +216,15 @@ class AppLinksUseCasesTest { assertFalse(redirect.isRedirect()) } + @Test + fun `A fido url is not an app link`() { + val context = createContext(Triple(fidoPath, appPackage, "")) + val subject = AppLinksUseCases(context, { true }) + + val redirect = subject.interceptedAppLinkRedirect(fidoPath) + assertFalse(redirect.isRedirect()) + } + @Test fun `Will not redirect app link if browser option set to false and scheme is supported`() { val context = createContext(Triple(appUrl, appPackage, "")) ===================================== mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt ===================================== @@ -9,6 +9,7 @@ import android.content.Intent import androidx.annotation.VisibleForTesting import androidx.annotation.VisibleForTesting.Companion.PRIVATE import androidx.core.view.isVisible +import androidx.fragment.app.DialogFragment import androidx.fragment.app.Fragment import androidx.fragment.app.FragmentManager import kotlinx.coroutines.CoroutineScope @@ -1094,7 +1095,15 @@ class PromptFeature private constructor( emitPromptDismissedFact(promptName = promptRequest::class.simpleName.ifNullOrEmpty { "" }) } + @VisibleForTesting + internal fun redirectDialogFragmentIsActive() = + (fragmentManager.findFragmentByTag("SHOULD_OPEN_APP_LINK_PROMPT_DIALOG") as? DialogFragment) != null + private fun canShowThisPrompt(promptRequest: PromptRequest): Boolean { + if (redirectDialogFragmentIsActive()) { + return false + } + return when (promptRequest) { is SingleChoice, is MultipleChoice, ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -798,7 +798,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { return false } - final override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { ProfilerMarkers.addForDispatchTouchEvent(components.core.engine.profiler, ev) return super.dispatchTouchEvent(ev) } ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt ===================================== @@ -7,6 +7,7 @@ package org.mozilla.fenix.customtabs import android.app.assist.AssistContent import android.net.Uri import android.os.Build +import android.view.MotionEvent import androidx.annotation.RequiresApi import androidx.annotation.VisibleForTesting import mozilla.components.browser.state.selector.findCustomTab @@ -24,6 +25,8 @@ const val EXTRA_IS_SANDBOX_CUSTOM_TAB = "org.mozilla.fenix.customtabs.EXTRA_IS_S */ @Suppress("TooManyFunctions") open class ExternalAppBrowserActivity : HomeActivity() { + var isFinishedAnimating = false + override fun onResume() { super.onResume() @@ -74,4 +77,17 @@ open class ExternalAppBrowserActivity : HomeActivity() { val currentTabUrl = getExternalTab()?.content?.url outContent?.webUri = currentTabUrl?.let { Uri.parse(it) } } + + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + if (!isFinishedAnimating) { + return true + } + + return super.dispatchTouchEvent(ev) + } + + override fun onEnterAnimationComplete() { + super.onEnterAnimationComplete() + isFinishedAnimating = true + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -76,6 +76,10 @@ public class IntentUtils { return getSafeIntent(aUri) != null; } + if ("fido".equals(scheme)) { + return false; + } + return true; } ===================================== mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java ===================================== @@ -63,4 +63,10 @@ public class IntentUtilsTest { final String uri = "intent:non_scheme_intent#Intent;end"; assertTrue(IntentUtils.isUriSafeForScheme(uri)); } + + @Test + public void unsafeFidoUri() { + final String uri = "fido:/12345678"; + assertFalse(IntentUtils.isUriSafeForScheme(uri)); + } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/70… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/70… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.8.0esr-14.5-1-build2
by ma1 (＠ma1) 11 Mar '25

11 Mar '25

ma1 pushed new tag tor-browser-128.8.0esr-14.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.8.0esr-14.5-1] 5 commits: Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp]
by ma1 (＠ma1) 11 Mar '25

11 Mar '25

ma1 pushed to branch tor-browser-128.8.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 7b6625d5 by Tara at 2025-03-11T16:09:32+01:00 Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp] Differential Revision: https://phabricator.services.mozilla.com/D236606 - - - - - 3915453d by John Schanck at 2025-03-11T16:09:33+01:00 Bug 1922357 - disallow the fido: URI scheme. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D237313 Differential Revision: https://phabricator.services.mozilla.com/D238681 - - - - - 3d4b0928 by Jeff Boek at 2025-03-11T16:09:34+01:00 Bug 1928334 - Handles animating activities a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D238342 Differential Revision: https://phabricator.services.mozilla.com/D238845 - - - - - 793ba006 by Tom Schuster at 2025-03-11T16:09:36+01:00 Bug 1942022 - Improve the about:protections CSP. r=firefox-desktop-core-reviewers ,mossop Differential Revision: https://phabricator.services.mozilla.com/D234507 - - - - - b4b62a4c by Tom Schuster at 2025-03-11T16:09:37+01:00 Bug 1942025 - Improve the about:privatebrowsing CSP. r=firefox-desktop-core-reviewers ,Gijs Differential Revision: https://phabricator.services.mozilla.com/D234508 - - - - - 11 changed files: - browser/components/privatebrowsing/content/aboutPrivateBrowsing.html - browser/components/protections/content/protections.html - mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt - mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt - mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java Changes: ===================================== browser/components/privatebrowsing/content/aboutPrivateBrowsing.html ===================================== @@ -10,7 +10,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; img-src chrome: blob:; object-src 'none';" /> <meta name="color-scheme" content="light dark" /> <link rel="icon" href="chrome://browser/skin/privatebrowsing/favicon.svg" /> ===================================== browser/components/protections/content/protections.html ===================================== @@ -8,7 +8,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; object-src 'none'" /> <meta name="color-scheme" content="light dark" /> <link rel="localization" href="branding/brand.ftl" /> ===================================== mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt ===================================== @@ -1822,7 +1822,7 @@ class GeckoEngineSession( internal const val ABOUT_BLANK = "about:blank" internal const val JS_SCHEME = "javascript" internal val BLOCKED_SCHEMES = - listOf("file", "resource", JS_SCHEME) // See 1684761 and 1684947 + listOf("file", "resource", "fido", JS_SCHEME) // See 1684761 and 1684947 /** * Provides an ErrorType corresponding to the error code provided. ===================================== mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt ===================================== @@ -631,6 +631,11 @@ class GeckoEngineSessionTest { engineSession.loadUrl("RESOURCE://package/test.text") verify(geckoSession, never()).load(GeckoSession.Loader().uri("resource://package/test.text")) verify(geckoSession, never()).load(GeckoSession.Loader().uri("RESOURCE://package/test.text")) + + engineSession.loadUrl("fido:/12345678") + engineSession.loadUrl("FIDO:/12345678") + verify(geckoSession, never()).load(GeckoSession.Loader().uri("fido:/12345678")) + verify(geckoSession, never()).load(GeckoSession.Loader().uri("FIDO:/12345678")) } @Test ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt ===================================== @@ -314,6 +314,7 @@ class AppLinksUseCases( "https", "moz-extension", "moz-safe-about", "resource", "view-source", "ws", "wss", "blob", ) - internal val ALWAYS_DENY_SCHEMES: Set<String> = setOf("jar", "file", "javascript", "data", "about", "content") + internal val ALWAYS_DENY_SCHEMES: Set<String> = + setOf("jar", "file", "javascript", "data", "about", "content", "fido") } } ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt ===================================== @@ -47,6 +47,7 @@ class AppLinksUseCasesTest { private val javascriptUrl = "javascript:'hello, world'" private val jarUrl = "jar:file://some/path/test.html" private val contentUrl = "content://media/external_primary/downloads/12345" + private val fidoPath = "fido:12345678" private val fileType = "audio/mpeg" private val layerUrl = "https://example.com" private val layerPackage = "com.example.app" @@ -215,6 +216,15 @@ class AppLinksUseCasesTest { assertFalse(redirect.isRedirect()) } + @Test + fun `A fido url is not an app link`() { + val context = createContext(Triple(fidoPath, appPackage, "")) + val subject = AppLinksUseCases(context, { true }) + + val redirect = subject.interceptedAppLinkRedirect(fidoPath) + assertFalse(redirect.isRedirect()) + } + @Test fun `Will not redirect app link if browser option set to false and scheme is supported`() { val context = createContext(Triple(appUrl, appPackage, "")) ===================================== mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt ===================================== @@ -9,6 +9,7 @@ import android.content.Intent import androidx.annotation.VisibleForTesting import androidx.annotation.VisibleForTesting.Companion.PRIVATE import androidx.core.view.isVisible +import androidx.fragment.app.DialogFragment import androidx.fragment.app.Fragment import androidx.fragment.app.FragmentManager import kotlinx.coroutines.CoroutineScope @@ -1094,7 +1095,15 @@ class PromptFeature private constructor( emitPromptDismissedFact(promptName = promptRequest::class.simpleName.ifNullOrEmpty { "" }) } + @VisibleForTesting + internal fun redirectDialogFragmentIsActive() = + (fragmentManager.findFragmentByTag("SHOULD_OPEN_APP_LINK_PROMPT_DIALOG") as? DialogFragment) != null + private fun canShowThisPrompt(promptRequest: PromptRequest): Boolean { + if (redirectDialogFragmentIsActive()) { + return false + } + return when (promptRequest) { is SingleChoice, is MultipleChoice, ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -905,7 +905,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity, TorAn return false } - final override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { ProfilerMarkers.addForDispatchTouchEvent(components.core.engine.profiler, ev) return super.dispatchTouchEvent(ev) } ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt ===================================== @@ -7,6 +7,7 @@ package org.mozilla.fenix.customtabs import android.app.assist.AssistContent import android.net.Uri import android.os.Build +import android.view.MotionEvent import androidx.annotation.RequiresApi import androidx.annotation.VisibleForTesting import mozilla.components.browser.state.selector.findCustomTab @@ -24,6 +25,8 @@ const val EXTRA_IS_SANDBOX_CUSTOM_TAB = "org.mozilla.fenix.customtabs.EXTRA_IS_S */ @Suppress("TooManyFunctions") open class ExternalAppBrowserActivity : HomeActivity() { + var isFinishedAnimating = false + override fun onResume() { super.onResume() @@ -74,4 +77,17 @@ open class ExternalAppBrowserActivity : HomeActivity() { val currentTabUrl = getExternalTab()?.content?.url outContent?.webUri = currentTabUrl?.let { Uri.parse(it) } } + + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + if (!isFinishedAnimating) { + return true + } + + return super.dispatchTouchEvent(ev) + } + + override fun onEnterAnimationComplete() { + super.onEnterAnimationComplete() + isFinishedAnimating = true + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -76,6 +76,10 @@ public class IntentUtils { return getSafeIntent(aUri) != null; } + if ("fido".equals(scheme)) { + return false; + } + return true; } ===================================== mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java ===================================== @@ -63,4 +63,10 @@ public class IntentUtilsTest { final String uri = "intent:non_scheme_intent#Intent;end"; assertTrue(IntentUtils.isUriSafeForScheme(uri)); } + + @Test + public void unsafeFidoUri() { + final String uri = "fido:/12345678"; + assertFalse(IntentUtils.isUriSafeForScheme(uri)); + } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d2b56b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d2b56b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-128.8.0esr-14.5-1-build2
by ma1 (＠ma1) 11 Mar '25

11 Mar '25

ma1 pushed new tag base-browser-128.8.0esr-14.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.8.0esr-14.5-1] 5 commits: Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp]
by ma1 (＠ma1) 11 Mar '25

11 Mar '25

ma1 pushed to branch base-browser-128.8.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 21515074 by Tara at 2025-03-11T15:57:27+01:00 Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp] Differential Revision: https://phabricator.services.mozilla.com/D236606 - - - - - d5800762 by John Schanck at 2025-03-11T15:57:32+01:00 Bug 1922357 - disallow the fido: URI scheme. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D237313 Differential Revision: https://phabricator.services.mozilla.com/D238681 - - - - - 9faca754 by Jeff Boek at 2025-03-11T15:57:33+01:00 Bug 1928334 - Handles animating activities a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D238342 Differential Revision: https://phabricator.services.mozilla.com/D238845 - - - - - 7759f889 by Tom Schuster at 2025-03-11T15:57:35+01:00 Bug 1942022 - Improve the about:protections CSP. r=firefox-desktop-core-reviewers ,mossop Differential Revision: https://phabricator.services.mozilla.com/D234507 - - - - - 0beebec4 by Tom Schuster at 2025-03-11T15:57:36+01:00 Bug 1942025 - Improve the about:privatebrowsing CSP. r=firefox-desktop-core-reviewers ,Gijs Differential Revision: https://phabricator.services.mozilla.com/D234508 - - - - - 11 changed files: - browser/components/privatebrowsing/content/aboutPrivateBrowsing.html - browser/components/protections/content/protections.html - mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt - mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt - mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java Changes: ===================================== browser/components/privatebrowsing/content/aboutPrivateBrowsing.html ===================================== @@ -10,7 +10,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; img-src chrome: blob:; object-src 'none';" /> <meta name="color-scheme" content="light dark" /> <link rel="icon" href="chrome://browser/skin/privatebrowsing/favicon.svg" /> ===================================== browser/components/protections/content/protections.html ===================================== @@ -8,7 +8,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; object-src 'none'" /> <meta name="color-scheme" content="light dark" /> <link rel="localization" href="branding/brand.ftl" /> ===================================== mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt ===================================== @@ -1818,7 +1818,7 @@ class GeckoEngineSession( internal const val ABOUT_BLANK = "about:blank" internal const val JS_SCHEME = "javascript" internal val BLOCKED_SCHEMES = - listOf("file", "resource", JS_SCHEME) // See 1684761 and 1684947 + listOf("file", "resource", "fido", JS_SCHEME) // See 1684761 and 1684947 /** * Provides an ErrorType corresponding to the error code provided. ===================================== mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt ===================================== @@ -631,6 +631,11 @@ class GeckoEngineSessionTest { engineSession.loadUrl("RESOURCE://package/test.text") verify(geckoSession, never()).load(GeckoSession.Loader().uri("resource://package/test.text")) verify(geckoSession, never()).load(GeckoSession.Loader().uri("RESOURCE://package/test.text")) + + engineSession.loadUrl("fido:/12345678") + engineSession.loadUrl("FIDO:/12345678") + verify(geckoSession, never()).load(GeckoSession.Loader().uri("fido:/12345678")) + verify(geckoSession, never()).load(GeckoSession.Loader().uri("FIDO:/12345678")) } @Test ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt ===================================== @@ -313,6 +313,7 @@ class AppLinksUseCases( "https", "moz-extension", "moz-safe-about", "resource", "view-source", "ws", "wss", "blob", ) - internal val ALWAYS_DENY_SCHEMES: Set<String> = setOf("jar", "file", "javascript", "data", "about", "content") + internal val ALWAYS_DENY_SCHEMES: Set<String> = + setOf("jar", "file", "javascript", "data", "about", "content", "fido") } } ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt ===================================== @@ -47,6 +47,7 @@ class AppLinksUseCasesTest { private val javascriptUrl = "javascript:'hello, world'" private val jarUrl = "jar:file://some/path/test.html" private val contentUrl = "content://media/external_primary/downloads/12345" + private val fidoPath = "fido:12345678" private val fileType = "audio/mpeg" private val layerUrl = "https://example.com" private val layerPackage = "com.example.app" @@ -215,6 +216,15 @@ class AppLinksUseCasesTest { assertFalse(redirect.isRedirect()) } + @Test + fun `A fido url is not an app link`() { + val context = createContext(Triple(fidoPath, appPackage, "")) + val subject = AppLinksUseCases(context, { true }) + + val redirect = subject.interceptedAppLinkRedirect(fidoPath) + assertFalse(redirect.isRedirect()) + } + @Test fun `Will not redirect app link if browser option set to false and scheme is supported`() { val context = createContext(Triple(appUrl, appPackage, "")) ===================================== mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt ===================================== @@ -9,6 +9,7 @@ import android.content.Intent import androidx.annotation.VisibleForTesting import androidx.annotation.VisibleForTesting.Companion.PRIVATE import androidx.core.view.isVisible +import androidx.fragment.app.DialogFragment import androidx.fragment.app.Fragment import androidx.fragment.app.FragmentManager import kotlinx.coroutines.CoroutineScope @@ -1094,7 +1095,15 @@ class PromptFeature private constructor( emitPromptDismissedFact(promptName = promptRequest::class.simpleName.ifNullOrEmpty { "" }) } + @VisibleForTesting + internal fun redirectDialogFragmentIsActive() = + (fragmentManager.findFragmentByTag("SHOULD_OPEN_APP_LINK_PROMPT_DIALOG") as? DialogFragment) != null + private fun canShowThisPrompt(promptRequest: PromptRequest): Boolean { + if (redirectDialogFragmentIsActive()) { + return false + } + return when (promptRequest) { is SingleChoice, is MultipleChoice, ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -798,7 +798,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { return false } - final override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { ProfilerMarkers.addForDispatchTouchEvent(components.core.engine.profiler, ev) return super.dispatchTouchEvent(ev) } ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt ===================================== @@ -7,6 +7,7 @@ package org.mozilla.fenix.customtabs import android.app.assist.AssistContent import android.net.Uri import android.os.Build +import android.view.MotionEvent import androidx.annotation.RequiresApi import androidx.annotation.VisibleForTesting import mozilla.components.browser.state.selector.findCustomTab @@ -24,6 +25,8 @@ const val EXTRA_IS_SANDBOX_CUSTOM_TAB = "org.mozilla.fenix.customtabs.EXTRA_IS_S */ @Suppress("TooManyFunctions") open class ExternalAppBrowserActivity : HomeActivity() { + var isFinishedAnimating = false + override fun onResume() { super.onResume() @@ -74,4 +77,17 @@ open class ExternalAppBrowserActivity : HomeActivity() { val currentTabUrl = getExternalTab()?.content?.url outContent?.webUri = currentTabUrl?.let { Uri.parse(it) } } + + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + if (!isFinishedAnimating) { + return true + } + + return super.dispatchTouchEvent(ev) + } + + override fun onEnterAnimationComplete() { + super.onEnterAnimationComplete() + isFinishedAnimating = true + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -76,6 +76,10 @@ public class IntentUtils { return getSafeIntent(aUri) != null; } + if ("fido".equals(scheme)) { + return false; + } + return true; } ===================================== mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java ===================================== @@ -63,4 +63,10 @@ public class IntentUtilsTest { final String uri = "intent:non_scheme_intent#Intent;end"; assertTrue(IntentUtils.isUriSafeForScheme(uri)); } + + @Test + public void unsafeFidoUri() { + final String uri = "fido:/12345678"; + assertFalse(IntentUtils.isUriSafeForScheme(uri)); + } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2aa783… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2aa783… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new branch tor-browser-128.8.0esr-14.0-1
by morgan (＠morgan) 11 Mar '25

11 Mar '25

morgan pushed new branch tor-browser-128.8.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/tor-b… You're receiving this email because of your account on gitlab.torproject.org.

1 0