- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0.3-build1
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed new tag tbb-14.0.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41301, 41302: Prepare Tor+Mullvad Browser 14.0.3
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: b512d066 by Morgan at 2024-11-25T15:48:43+00:00 Bug 41301, 41302: Prepare Tor+Mullvad Browser 14.0.3 - - - - - 7 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,18 @@ +Mullvad Browser 14.0.3 - November 25 2024 + * All Platforms + * Updated Firefox to 128.5.0esr + * Updated uBlock Origin to 1.61.0 + * Bug 382: Rebase Mullvad Browser stable onto Firefox 128.5.0esr [mullvad-browser] + * Bug 43313: Backport security fixes from Firefox 133 [tor-browser] + * macOS + * Bug 43165: Disable Microsoft SSO on macOS [MozBug 1768724] [tor-browser] + * Build System + * All Platforms + * Bug 40996: Do not version the .nobackup files [tor-browser-build] + * Bug 41284: Update relprep.py script to not synchronise changelogs between channels [tor-browser-build] + * Bug 41300: Add bea, clairehurst, and jwilde to tb_builders [tor-browser-build] + * Bug 41315: Fix the Mullvad Extension update in relprep.py [tor-browser-build] + Mullvad Browser 14.0 - November 13 2024 * All Platforms * Updated Firefox to 128.4.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,20 @@ +Tor Browser 14.0.3 - November 25 2024 + * All Platforms + * Bug 43306: Rebase Tor Browser Stable onto 128.5.0esr [tor-browser] + * Bug 43313: Backport security fixes from Firefox 133 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.5.0esr + * macOS + * Bug 43165: Disable Microsoft SSO on macOS [MozBug 1768724] [tor-browser] + * Android + * Updated GeckoView to 128.5.0esr + * Build System + * All Platforms + * Updated Go to 1.22.9 + * Bug 40996: Do not version the .nobackup files [tor-browser-build] + * Bug 41284: Update relprep.py script to not synchronise changelogs between channels [tor-browser-build] + * Bug 41300: Add bea, clairehurst, and jwilde to tb_builders [tor-browser-build] + Tor Browser 14.0.2 - November 12 2024 * All Platforms * Updated NoScript to 11.5.2 ===================================== projects/browser/config ===================================== @@ -111,9 +111,9 @@ input_files: - URL: https://addons.mozilla.org/firefox/downloads/file/4379558/noscript-11.5.2.x… name: noscript sha256sum: 460aaa6484bf8422415dfe08260e8536866e3731ed5b8b7913cf4b7b1333493a - - URL: https://addons.mozilla.org/firefox/downloads/file/4359936/ublock_origin-1.6… + - URL: https://addons.mozilla.org/firefox/downloads/file/4382536/ublock_origin-1.6… name: ublock-origin - sha256sum: e2cda9b2a1b0a7f6e5ef0da9f87f28df52f8560587ba2e51a3003121cfb81600 + sha256sum: e6fd55b799a568c66c10892a8f22428e6773fe16d7466ce9dee2952f224b203d enable: '[% c("var/mullvad-browser") %]' - URL: https://cdn.mullvad.net/browser-extension/0.9.3/mullvad-browser-extension-0… name: mullvad-extension ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: '128.4.0' + firefox_platform_version: '128.5.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -107,8 +107,6 @@ targets: gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' nightly_updates_publish_dir_prefix: mullvadbrowser- - browser_build: 2 - linux-x86_64: var: arch_deps: ===================================== projects/geckoview/config ===================================== @@ -16,12 +16,12 @@ container: build_apk: 1 var: - firefox_platform_version: '128.4.0' + firefox_platform_version: '128.5.0' geckoview_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 5a074e0814015db3c2edbf63ff8e9d1f552900aa + git_hash: caa431bbea1a76d7ad61eeda94086a1513762605 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 7276d3d2ad0319c3d3762047226da7ee104d1d42 + git_hash: 4314d0a7ce780ffdf82b84e324bfbc437198f993 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: f7a877d66205f33e3cf33e717384b504a374039e + git_hash: 4c8637121e71699d2432069ad56a30ff77116000 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,20 +73,20 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '[% IF c("var/tor-browser") %]14.0.2[% ELSE %]14.0[% END %]' - torbrowser_build: 'build2' + torbrowser_version: '14.0.3' + torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/11/12 20:16:21' + browser_release_date: '2024/11/25 15:42:04' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - '[% IF c("var/tor-browser") %]14.0.2[% END %]' - '[% IF c("var/tor-browser") %]14.0.1[% END %]' - - '[% IF c("var/tor-browser") %]14.0[% END %]' + - '14.0' - '[% IF c("var/mullvad-browser") %]13.5.9[% END %]' - - '13.5.7' - - '[% IF c("var/mullvad-browser") %]13.5.6[% END %]' + - '[% IF c("var/mullvad-browser") %]13.5.7[% END %]' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' torbrowser_legacy_version: 13.5.9 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.5.0esr-14.0-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed to branch base-browser-128.5.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 5b511dd7 by Arturo Mejia at 2024-11-25T15:23:58+01:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - 776b61f5 by Malte Juergens at 2024-11-25T15:24:00+01:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - 927d61a7 by Makoto Kato at 2024-11-25T15:24:02+01:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - cabb4f40 by Cathy Lu at 2024-11-25T15:24:04+01:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e17244… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e17244… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.5.0esr-14.0-1-build2
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed new tag mullvad-browser-128.5.0esr-14.0-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.5.0esr-14.0-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed to branch mullvad-browser-128.5.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 437543c6 by Arturo Mejia at 2024-11-25T15:21:36+01:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - 33f6b33b by Malte Juergens at 2024-11-25T15:21:38+01:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - 412bde12 by Makoto Kato at 2024-11-25T15:21:40+01:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - 866130a7 by Cathy Lu at 2024-11-25T15:21:41+01:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/f2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/f2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.5.0esr-14.0-1-build2
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed new tag tor-browser-128.5.0esr-14.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.5.0esr-14.0-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed to branch tor-browser-128.5.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: c262ab56 by Arturo Mejia at 2024-11-20T13:10:39+01:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - cdd6f724 by Malte Juergens at 2024-11-22T17:17:19+01:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - 7ba8318e by Makoto Kato at 2024-11-25T11:15:10+01:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - 0ad899bf by Cathy Lu at 2024-11-25T14:56:28+01:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2e8439… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2e8439… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Add .gitignore to tools/browser
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 2477a638 by Morgan at 2024-11-23T01:34:58+00:00 Add .gitignore to tools/browser - - - - - 1 changed file: - + tools/browser/.gitignore Changes: ===================================== tools/browser/.gitignore ===================================== @@ -0,0 +1,3 @@ +basebrowser +mullvadbrowser +torbrowser View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41304: Backport tools/browser/.gitignore to hide main branch's symlinks
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 8ccad839 by Morgan at 2024-11-23T01:32:47+00:00 Bug 41304: Backport tools/browser/.gitignore to hide main branch's symlinks - - - - - 1 changed file: - + tools/browser/.gitignore Changes: ===================================== tools/browser/.gitignore ===================================== @@ -0,0 +1,3 @@ +basebrowser +mullvadbrowser +torbrowser View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] 3 commits: Bug 41284: Stop sync'ing changelogs between channels.
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 72f49dc1 by Pier Angelo Vendrame at 2024-11-21T17:35:24+01:00 Bug 41284: Stop sync'ing changelogs between channels. - - - - - bf089520 by Pier Angelo Vendrame at 2024-11-21T17:45:32+01:00 Bug 41200: Remove the tools for allowed_addons.json. For tor-browser#42618 and tor-browser#42619, we stopped using the allowed_addons.json, but initially we kept the tools to update it. However, the file creates some confusion, because it is used only for Andorid, but should be updated also when doing desktop-only releases when they update NoScript, or Android nightly builds might fail. So, since as a matter of fact we do not use that file anymore, we decided to stop updating it and remove the related tools. - - - - - 84e2ad6a by Pier Angelo Vendrame at 2024-11-21T18:10:39+01:00 Bug 41310: 13.5-specific fixes for relprep.py. When I wrote relprep.py, I did not think about a legacy channel, as we never had one before. Our approach was to keep everything to build releases as stable, so we decided to comment or remove the undesired functionalities rather than implementing a legacy channel in the script. - - - - - 11 changed files: - − .gitattributes - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - − projects/browser/allowed_addons.json - projects/browser/build.android - projects/browser/config - − projects/browser/verify_allowed_addons.py - projects/manual/config - − tools/fetch_allowed_addons.py - tools/fetch_changelogs.py - tools/relprep.py Changes: ===================================== .gitattributes deleted ===================================== @@ -1 +0,0 @@ -projects/browser/allowed_addons.json -diff ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -59,8 +59,6 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] `fenix_version` : update to match alpha `firefox-android` build tag - [ ] `browser_branch` : update to match alpha `firefox-android` build tag - [ ] `browser_build` : update to match alpha `firefox-android` build tag - - [ ] Update allowed_addons.json by running (from `tor-browser-build` root): - - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json` - [ ] Update `projects/translation/config`: - [ ] run `make list_translation_updates-alpha` to get updated hashes - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -60,8 +60,6 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] `browser_branch` : update to match stable `firefox-android` build tag - [ ] `browser_build` : update to match stable `firefox-android` build tag variant: Beta - - [ ] Update allowed_addons.json by running (from `tor-browser-build` root): - - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json` - [ ] Update `projects/translation/config`: - [ ] run `make list_translation_updates-release` to get updated hashes - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch ===================================== projects/browser/allowed_addons.json deleted ===================================== The diff for this file was not included because it is too large. ===================================== projects/browser/build.android ===================================== @@ -39,15 +39,6 @@ unzip ../omni.ja }) %] popd - -[% IF c("var/verify_allowed_addons") %] - # Check that allowed_addons.json contains the right versions of our bundled extension(s). - # If so, replace the default allowed_addons.json by ours in the apk assets folder. - $rootdir/verify_allowed_addons.py "$rootdir/allowed_addons.json" "$noscript_path" -[% END %] - -mv $rootdir/allowed_addons.json $assets_dir/allowed_addons.json - mkdir apk pushd apk 7zz x "$apk" ===================================== projects/browser/config ===================================== @@ -49,7 +49,6 @@ targets: android: build: '[% INCLUDE build.android %]' var: - verify_allowed_addons: 1 arch_deps: - 7zip - openjdk-17-jdk-headless @@ -159,10 +158,6 @@ input_files: enable: '[% c("var/namecoin") %]' - filename: namecoin.patch enable: '[% c("var/namecoin") %]' - - filename: allowed_addons.json - enable: '[% c("var/android") %]' - - filename: verify_allowed_addons.py - enable: '[% c("var/android") && c("var/verify_allowed_addons") %]' - project: manual name: manual enable: '[% ! c("var/android") && c("var/tor-browser") %]' ===================================== projects/browser/verify_allowed_addons.py deleted ===================================== @@ -1,49 +0,0 @@ -#!/usr/bin/env python3 - -import json -import sys -import hashlib -import zipfile - -def find_addon(addons, addon_id): - results = addons['results'] - for x in results: - addon = x['addon'] - if addon['guid'] == addon_id: - return addon - sys.exit("Error: cannot find addon " + addon_id) - -def verify_extension_version(addons, addon_id, version): - addon = find_addon(addons, addon_id) - expected_version = addon['current_version']['version'] - if version != expected_version: - sys.exit("Error: version " + version + " != " + expected_version) - -def verify_extension_hash(addons, addon_id, hash): - addon = find_addon(addons, addon_id) - expected_hash = addon["current_version"]["files"][0]["hash"] - if hash != expected_hash: - sys.exit("Error: hash " + hash + " != " + expected_hash) - -def read_extension_manifest(path): - return json.loads(zipfile.ZipFile(path, 'r').read('manifest.json')) - -def main(argv): - allowed_addons_path = argv[0] - noscript_path = argv[1] - - addons = None - with open(allowed_addons_path, 'r') as file: - addons = json.loads(file.read()) - - noscript_hash = None - with open(noscript_path, 'rb') as file: - noscript_hash = "sha256:" + hashlib.sha256(file.read()).hexdigest() - - noscript_version = read_extension_manifest(noscript_path)["version"] - - verify_extension_hash(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_hash) - verify_extension_version(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_version) - -if __name__ == "__main__": - main(sys.argv[1:]) ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 222718 +version: 210938 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: 051174ba012fa2241e865cc604658a0af116d3bbf9d02474025277fff1b34636 + sha256sum: eb83259f0525a14dae1a1c3944e1e5ac3a2f8111a42834ab0f401628c8a38791 - filename: packagemanual.py name: package_script ===================================== tools/fetch_allowed_addons.py deleted ===================================== @@ -1,53 +0,0 @@ -#!/usr/bin/env python3 - -import urllib.request -import json -import base64 -import sys - -NOSCRIPT = "{73a6fe31-595d-460b-a920-fcc0f8843232}" - - -def fetch(x): - with urllib.request.urlopen(x) as response: - return response.read() - - -def find_addon(addons, addon_id): - results = addons["results"] - for x in results: - addon = x["addon"] - if addon["guid"] == addon_id: - return addon - - -def fetch_and_embed_icons(addons): - results = addons["results"] - for x in results: - addon = x["addon"] - icon_data = fetch(addon["icon_url"]) - addon["icon_url"] = "data:image/png;base64," + str( - base64.b64encode(icon_data), "utf8" - ) - - -def fetch_allowed_addons(amo_collection=None): - if amo_collection is None: - amo_collection = "83a9cccfe6e24a34bd7b155ff9ee32" - url = f"https://services.addons.mozilla.org/api/v4/accounts/account/mozilla/collect…" - data = json.loads(fetch(url)) - fetch_and_embed_icons(data) - data["results"].sort(key=lambda x: x["addon"]["guid"]) - return data - - -def main(argv): - data = fetch_allowed_addons(argv[0] if len(argv) > 1 else None) - # Check that NoScript is present - if find_addon(data, NOSCRIPT) is None: - sys.exit("Error: cannot find NoScript.") - print(json.dumps(data, indent=2, ensure_ascii=False)) - - -if __name__ == "__main__": - main(sys.argv[1:]) ===================================== tools/fetch_changelogs.py ===================================== @@ -21,12 +21,10 @@ class EntryType(enum.IntFlag): class Platform(enum.IntFlag): - WINDOWS = 8 - MACOS = 4 - LINUX = 2 - ANDROID = 1 - DESKTOP = 8 | 4 | 2 - ALL_PLATFORMS = 8 | 4 | 2 | 1 + WINDOWS = 2 + MACOS = 1 + DESKTOP = 2 | 1 + ALL_PLATFORMS = 2 | 1 class ChangelogEntry: @@ -52,10 +50,6 @@ class ChangelogEntry: platforms.append("Windows") if self.platform & Platform.MACOS: platforms.append("macOS") - if self.platform & Platform.LINUX: - platforms.append("Linux") - if self.platform & Platform.ANDROID: - platforms.append("Android") return " + ".join(platforms) def __lt__(self, other): @@ -78,15 +72,8 @@ class ChangelogEntry: class UpdateEntry(ChangelogEntry): def __init__(self, name, version, is_mb): - if name == "Firefox" and not is_mb: - platform = Platform.DESKTOP - num_platforms = 3 - elif name == "GeckoView" or name == "Zstandard": - platform = Platform.ANDROID - num_platforms = 1 - else: - platform = Platform.ALL_PLATFORMS - num_platforms = 4 + platform = Platform.ALL_PLATFORMS + num_platforms = 2 super().__init__( EntryType.UPDATE, platform, num_platforms, name == "Go", is_mb ) @@ -107,8 +94,8 @@ class Issue(ChangelogEntry): platform = 0 num_platforms = 0 if "Desktop" in j["labels"]: - platform = Platform.DESKTOP - num_platforms += 3 + platform = Platform.ALL_PLATFORMS + num_platforms += 2 else: if "Windows" in j["labels"]: platform |= Platform.WINDOWS @@ -116,20 +103,13 @@ class Issue(ChangelogEntry): if "MacOS" in j["labels"]: platform |= Platform.MACOS num_platforms += 1 - if "Linux" in j["labels"]: - platform |= Platform.LINUX - num_platforms += 1 - if "Android" in j["labels"]: - if is_mb and num_platforms == 0: + if not platform: + if "Android" in j["labels"] or "Linux" in j["labels"]: raise Exception( - f"Android-only issue on Mullvad Browser: {j['references']['full']}!" + f"The legacy channel should include only fixes for macOS and/or Windows, please check {self.project}#{self.number}." ) - elif not is_mb: - platform |= Platform.ANDROID - num_platforms += 1 - if not platform or (is_mb and platform == Platform.DESKTOP): platform = Platform.ALL_PLATFORMS - num_platforms = 4 + num_platforms = 2 is_build = "Build System" in j["labels"] super().__init__( EntryType.ISSUE, platform, num_platforms, is_build, is_mb ===================================== tools/relprep.py ===================================== @@ -4,7 +4,6 @@ from collections import namedtuple import configparser from datetime import datetime, timezone from hashlib import sha256 -import json import locale import logging from pathlib import Path @@ -16,7 +15,6 @@ from git import Repo import requests import ruamel.yaml -from fetch_allowed_addons import NOSCRIPT, fetch_allowed_addons, find_addon import fetch_changelogs from update_manual import update_manual @@ -93,13 +91,10 @@ class ReleasePreparation: self.base_path = Path(repo_path) self.repo = Repo(self.base_path) - self.tor_browser = bool(kwargs.get("tor_browser", True)) - self.mullvad_browser = bool(kwargs.get("mullvad_browser", True)) - if not self.tor_browser and not self.mullvad_browser: - raise ValueError("Nothing to do") - self.android = kwargs.get("android", self.tor_browser) - if not self.tor_browser and self.android: - raise ValueError("Only Tor Browser supports Android") + # Legacy channel, always do Tor Browser desktop only. + self.tor_browser = True + self.mullvad_browser = False + self.android = False logger.debug( "Tor Browser: %s; Mullvad Browser: %s; Android: %s", @@ -142,7 +137,8 @@ class ReleasePreparation: # Do not update Go anymore: 1.21.x is not listed anymore in # the download page as it is EOL as of August 13, 2024. # self.update_go() - self.update_manual() + # Freeze the manual to before 14.0. + # self.update_manual() self.update_changelogs() self.update_rbm_conf() @@ -304,7 +300,6 @@ class ReleasePreparation: targets = ["base-browser"] if self.tor_browser: targets.append("tor-browser") - targets.append("fenix") if self.mullvad_browser: targets.append("mullvad-browser") for i in targets: @@ -319,28 +314,27 @@ class ReleasePreparation: logger.info("Updating addons") config = self.load_config("browser") - amo_data = fetch_allowed_addons() - logger.debug("Fetched AMO data") - if self.android: - with ( - self.base_path / "projects/browser/allowed_addons.json" - ).open("w") as f: - json.dump(amo_data, f, indent=2) - - noscript = find_addon(amo_data, NOSCRIPT) logger.debug("Updating NoScript") - self.update_addon_amo(config, "noscript", noscript) + self.update_addon_amo( + config, "noscript", "{73a6fe31-595d-460b-a920-fcc0f8843232}" + ) if self.mullvad_browser: logger.debug("Updating uBlock Origin") - ublock = find_addon(amo_data, "uBlock0(a)raymondhill.net") - self.update_addon_amo(config, "ublock-origin", ublock) + self.update_addon_amo( + config, "ublock-origin", "uBlock0(a)raymondhill.net" + ) logger.debug("Updating the Mullvad Browser extension") self.update_mullvad_addon(config) self.save_config("browser", config) - def update_addon_amo(self, config, name, addon): - addon = addon["current_version"]["files"][0] + def update_addon_amo(self, config, name, addon_id): + r = requests.get( + f"https://services.addons.mozilla.org/api/v4/addons/addon/{addon_id}" + ) + r.raise_for_status() + amo_data = r.json() + addon = amo_data["current_version"]["files"][0] assert addon["hash"].startswith("sha256:") addon_input = self.find_input(config, name) addon_input["URL"] = addon["url"] @@ -523,6 +517,10 @@ class ReleasePreparation: self.build_number, ) continue + if version.major > self.version.major: + # Ignore more recent version. + # E.g., for the legacy channel. + continue key = (project, version.channel) if key not in self.last_releases: self.last_releases[key] = [] @@ -590,14 +588,9 @@ class ReleasePreparation: changelogs = cb.create(**kwargs) path = f"projects/browser/Bundle-Data/Docs-{tag_prefix.upper()}/ChangeLog.txt" - stable_tag = self.last_releases[(tag_prefix, "release")][0].tag - alpha_tag = self.last_releases[(tag_prefix, "alpha")][0].tag - if stable_tag.tagged_date > alpha_tag.tagged_date: - last_tag = stable_tag - else: - last_tag = alpha_tag - logger.debug("Using %s to add the new changelogs to.", last_tag.tag) - last_changelogs = self.repo.git.show(f"{last_tag.tag}:{path}") + # Take HEAD to reset any changes we might already have from a + # previous run. + last_changelogs = self.repo.git.show(f"HEAD:{path}") with (self.base_path / path).open("w") as f: f.write(changelogs + "\n" + last_changelogs + "\n") @@ -705,8 +698,6 @@ if __name__ == "__main__": default=Path(__file__).parent.parent, help="Path to a tor-browser-build.git clone", ) - parser.add_argument("--tor-browser", action="store_true") - parser.add_argument("--mullvad-browser", action="store_true") parser.add_argument( "--date", help="Release date and optionally time for changelog purposes. " @@ -747,12 +738,7 @@ if __name__ == "__main__": ) logger.addHandler(ch) - tbb = bool(args.tor_browser) - mb = bool(args.mullvad_browser) kwargs = {} - if tbb or mb: - kwargs["tor_browser"] = tbb - kwargs["mullvad_browser"] = mb if args.date: try: kwargs["changelog_date"] = datetime.fromisoformat(args.date) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0