- tbb-commits - lists.torproject.org

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.5-1] 4 commits: Revert "Bug 1836786 - Improve prompts a=dmeehan - BP, tor-browser#42693"
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch firefox-android-115.2.1-13.5-1 at The Tor Project / Applications / firefox-android Commits: cd556e14 by hackademix at 2024-08-02T22:31:10+02:00 Revert "Bug 1836786 - Improve prompts a=dmeehan - BP, tor-browser#42693" This reverts commit 6271d70897cd1cd4fba39a75d63e3bd1869bcccc. We'll re-apply this patch (and others depending on it) after merging Bug 1903828 - Refactor PromptAbuserDetector into support-utils - - - - - c60897e8 by hackademix at 2024-08-02T22:57:38+02:00 Bug 1903828 - Refactor PromptAbuserDetector into support-utils - BP, tor-browser#43005 - - - - - 1e885468 by hackademix at 2024-08-02T23:25:03+02:00 Bug 1836786 - Improve prompts r=gl - BP, tor-browser#43005 - - - - - 233d8217 by hackademix at 2024-08-04T17:32:36+02:00 Bug 1908344 - Improve prompts showing a=dmeehan - BP, tor-browser#43005 - - - - - 7 changed files: - android-components/.buildconfig.yml - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt - android-components/components/feature/sitepermissions/build.gradle - android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt - android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/PromptAbuserDetector.kt → android-components/components/support/utils/src/main/java/mozilla/components/support/ktx/util/PromptAbuserDetector.kt - focus-android/app/src/androidTest/java/org/mozilla/focus/activity/SitePermissionsTest.kt Changes: ===================================== android-components/.buildconfig.yml ===================================== @@ -1150,7 +1150,6 @@ projects: - concept-tabstray - concept-toolbar - feature-session - - feature-prompts - feature-tabs - lib-publicsuffixlist - lib-state ===================================== android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt ===================================== @@ -61,7 +61,6 @@ import mozilla.components.feature.prompts.dialog.ChoiceDialogFragment.Companion. import mozilla.components.feature.prompts.dialog.ColorPickerDialogFragment import mozilla.components.feature.prompts.dialog.ConfirmDialogFragment import mozilla.components.feature.prompts.dialog.MultiButtonDialogFragment -import mozilla.components.feature.prompts.dialog.PromptAbuserDetector import mozilla.components.feature.prompts.dialog.PromptDialogFragment import mozilla.components.feature.prompts.dialog.Prompter import mozilla.components.feature.prompts.dialog.SaveLoginDialogFragment @@ -91,6 +90,7 @@ import mozilla.components.support.base.feature.UserInteractionHandler import mozilla.components.support.base.log.logger.Logger import mozilla.components.support.ktx.kotlin.ifNullOrEmpty import mozilla.components.support.ktx.kotlinx.coroutines.flow.ifAnyChanged +import mozilla.components.support.ktx.util.PromptAbuserDetector import java.lang.ref.WeakReference import java.security.InvalidParameterException import java.util.Collections @@ -467,36 +467,51 @@ class PromptFeature private constructor( internal fun onPromptRequested(session: SessionState) { // Some requests are handle with intents session.content.promptRequests.lastOrNull()?.let { promptRequest -> - store.state.findTabOrCustomTabOrSelectedTab(customTabId)?.let { - promptRequest.executeIfWindowedPrompt { exitFullscreenUsecase(it.id) } + if (session.content.permissionRequestsList.isNotEmpty()) { + onCancel(session.id, promptRequest.uid) + } else { + processPromptRequest(promptRequest, session) } + } + } - when (promptRequest) { - is File -> { - emitPromptDisplayedFact(promptName = "FilePrompt") - filePicker.handleFileRequest(promptRequest) - } - is Share -> handleShareRequest(promptRequest, session) - is SelectCreditCard -> { - emitSuccessfulCreditCardAutofillFormDetectedFact() - if (isCreditCardAutofillEnabled() && promptRequest.creditCards.isNotEmpty()) { - creditCardPicker?.handleSelectCreditCardRequest(promptRequest) - } + @Suppress("NestedBlockDepth") + private fun processPromptRequest( + promptRequest: PromptRequest, + session: SessionState, + ) { + store.state.findTabOrCustomTabOrSelectedTab(customTabId)?.let { + promptRequest.executeIfWindowedPrompt { exitFullscreenUsecase(it.id) } + } + + when (promptRequest) { + is File -> { + emitPromptDisplayedFact(promptName = "FilePrompt") + filePicker.handleFileRequest(promptRequest) + } + + is Share -> handleShareRequest(promptRequest, session) + is SelectCreditCard -> { + emitSuccessfulCreditCardAutofillFormDetectedFact() + if (isCreditCardAutofillEnabled() && promptRequest.creditCards.isNotEmpty()) { + creditCardPicker?.handleSelectCreditCardRequest(promptRequest) } - is SelectLoginPrompt -> { - emitPromptDisplayedFact(promptName = "SelectLoginPrompt") - if (promptRequest.logins.isNotEmpty()) { - loginPicker?.handleSelectLoginRequest(promptRequest) - } + } + + is SelectLoginPrompt -> { + emitPromptDisplayedFact(promptName = "SelectLoginPrompt") + if (promptRequest.logins.isNotEmpty()) { + loginPicker?.handleSelectLoginRequest(promptRequest) } - is SelectAddress -> { - emitSuccessfulAddressAutofillFormDetectedFact() - if (isAddressAutofillEnabled() && promptRequest.addresses.isNotEmpty()) { - addressPicker?.handleSelectAddressRequest(promptRequest) - } + } + is SelectAddress -> { + emitSuccessfulAddressAutofillFormDetectedFact() + if (isAddressAutofillEnabled() && promptRequest.addresses.isNotEmpty()) { + addressPicker?.handleSelectAddressRequest(promptRequest) } - else -> handleDialogsRequest(promptRequest, session) } + + else -> handleDialogsRequest(promptRequest, session) } } ===================================== android-components/components/feature/sitepermissions/build.gradle ===================================== @@ -58,8 +58,8 @@ dependencies { implementation project(':concept-engine') implementation project(':ui-icons') implementation project(':support-ktx') - implementation project(':feature-prompts') implementation project(':feature-tabs') + implementation project(':support-utils') implementation ComponentsDependencies.kotlin_coroutines ===================================== android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt ===================================== @@ -23,7 +23,7 @@ import android.widget.TextView import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AppCompatDialogFragment import androidx.core.content.ContextCompat -import mozilla.components.feature.prompts.dialog.PromptAbuserDetector +import mozilla.components.support.ktx.util.PromptAbuserDetector internal const val KEY_SESSION_ID = "KEY_SESSION_ID" internal const val KEY_TITLE = "KEY_TITLE" ===================================== android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt ===================================== @@ -19,6 +19,7 @@ import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertEquals import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -233,6 +234,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `clicking on positive button notifies the feature (temporary)`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( @@ -261,6 +263,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `dismissing the dialog notifies the feature`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( @@ -360,6 +363,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `clicking on positive button notifies the feature (permanent)`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( @@ -389,6 +393,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `clicking on negative button notifies the feature (permanent)`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( ===================================== android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/PromptAbuserDetector.kt → android-components/components/support/utils/src/main/java/mozilla/components/support/ktx/util/PromptAbuserDetector.kt ===================================== @@ -2,25 +2,38 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -package mozilla.components.feature.prompts.dialog +package mozilla.components.support.ktx.util +import androidx.annotation.VisibleForTesting import java.util.Date /** * Helper class to identify if a website has shown many dialogs. + * @param maxSuccessiveDialogSecondsLimit Maximum time required + * between dialogs in seconds before not showing more dialog. */ class PromptAbuserDetector(private val maxSuccessiveDialogSecondsLimit: Int = MAX_SUCCESSIVE_DIALOG_SECONDS_LIMIT) { - internal var jsAlertCount = 0 - internal var lastDialogShownAt = Date() + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + var jsAlertCount = 0 + + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + var lastDialogShownAt = Date() + var shouldShowMoreDialogs = true private set + /** + * Updates internal state for alerts counts. + */ fun resetJSAlertAbuseState() { jsAlertCount = 0 shouldShowMoreDialogs = true } + /** + * Updates internal state for last shown and count of dialogs. + */ fun updateJSDialogAbusedState() { if (!areDialogsAbusedByTime()) { jsAlertCount = 0 @@ -29,25 +42,35 @@ class PromptAbuserDetector(private val maxSuccessiveDialogSecondsLimit: Int = MA lastDialogShownAt = Date() } + /** + * Indicates whether or not user wants to see more dialogs. + */ fun userWantsMoreDialogs(checkBox: Boolean) { shouldShowMoreDialogs = checkBox } + /** + * Indicates whether dialogs are being abused or not. + */ fun areDialogsBeingAbused(): Boolean { return areDialogsAbusedByTime() || areDialogsAbusedByCount() } - internal fun areDialogsAbusedByTime(): Boolean { + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + @Suppress("UndocumentedPublicFunction") // this is visible only for tests + fun now() = Date() + + private fun areDialogsAbusedByTime(): Boolean { return if (jsAlertCount == 0) { false } else { - val now = Date() + val now = now() val diffInSeconds = (now.time - lastDialogShownAt.time) / SECOND_MS diffInSeconds < maxSuccessiveDialogSecondsLimit } } - internal fun areDialogsAbusedByCount(): Boolean { + private fun areDialogsAbusedByCount(): Boolean { return jsAlertCount > MAX_SUCCESSIVE_DIALOG_COUNT } ===================================== focus-android/app/src/androidTest/java/org/mozilla/focus/activity/SitePermissionsTest.kt ===================================== @@ -229,6 +229,7 @@ class SitePermissionsTest { @SmokeTest @Test + @Ignore fun testLocationSharingAllowed() { mockLocationUpdatesRule.setMockLocation() @@ -244,6 +245,7 @@ class SitePermissionsTest { @SmokeTest @Test + @Ignore fun allowCameraPermissionsTest() { Assume.assumeTrue(cameraManager.cameraIdList.isNotEmpty()) searchScreen { View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/62… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/62… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.1.0esr-14.0-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7bd25966 by Timothy Nikkel at 2024-08-05T10:37:44+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - 88158de9 by Jon Coppeard at 2024-08-05T10:40:09+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 6 changed files: - image/test/browser/browser.toml - + image/test/browser/browser_bug1899180.js - + image/test/browser/helper1899180.html - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== image/test/browser/browser.toml ===================================== @@ -15,6 +15,9 @@ skip-if = ["true"] # Bug 1207012 - Permaorange from an uncaught exception that i ["browser_bug1869938.js"] support-files = ["helper1869938.html"] +["browser_bug1899180.js"] +support-files = ["helper1899180.html"] + ["browser_docshell_type_editor.js"] ["browser_image.js"] ===================================== image/test/browser/browser_bug1899180.js ===================================== @@ -0,0 +1,49 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * This test opens a private browsing window, then opens a content page in it + * that loads an svg image that contains an image to an external protocol. + * This tests that we don't hit an assert in this situation. + */ + +add_task(async function test() { + function httpURL(filename) { + let chromeURL = getRootDirectory(gTestPath) + filename; + return chromeURL.replace( + "chrome://mochitests/content/", + "http://mochi.test:8888/" + ); + } + + let win = await BrowserTestUtils.openNewBrowserWindow({ private: true }); + + let tab = (win.gBrowser.selectedTab = BrowserTestUtils.addTab( + win.gBrowser, + "about:blank" + )); + + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + const pageUrl = httpURL("helper1899180.html"); + + BrowserTestUtils.startLoadingURIString(tab.linkedBrowser, pageUrl); + + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + await new Promise(resolve => { + waitForFocus(resolve, win); + }); + + // do a couple rafs here to ensure its loaded and displayed + await new Promise(r => requestAnimationFrame(r)); + await new Promise(r => requestAnimationFrame(r)); + + await BrowserTestUtils.closeWindow(win); + + win = null; + tab = null; + + ok(true, "we got here and didn't crash/assert"); +}); ===================================== image/test/browser/helper1899180.html ===================================== @@ -0,0 +1,5 @@ +<!DOCTYPE html> +<html> + +<img src='data:image/svg+xml;charset=UTF-8,<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 120 120"><image width="10" height="10" xlink:href="C:\doesntmatter.png"/></svg>'/> +</html> ===================================== js/src/gc/Zone.cpp ===================================== @@ -906,7 +906,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -927,7 +933,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -447,7 +447,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -456,7 +456,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/693e12… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/693e12… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.1.0esr-14.0-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag tor-browser-128.1.0esr-14.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag mullvad-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 9d8af849 by Timothy Nikkel at 2024-08-05T10:31:07+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - 7f222f82 by Jon Coppeard at 2024-08-05T10:31:07+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/82… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/82… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag base-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch base-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 590ecd43 by Timothy Nikkel at 2024-08-05T10:25:19+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - ded2e90d by Jon Coppeard at 2024-08-05T10:25:20+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/aa9b97… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/aa9b97… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag tor-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch tor-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 76fd6391 by Timothy Nikkel at 2024-08-05T09:53:50+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - e2d05e0a by Jon Coppeard at 2024-08-05T09:53:51+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/804813… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/804813… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 823e74d9 by hackademix at 2024-08-05T09:11:58+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -55,6 +55,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -244,6 +244,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/823… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/823… You're receiving this email because of your account on gitlab.torproject.org.

1 0