GitLab

at 2023-11-16T13:36:51+01:00

Bug 1849186 - Add a preference not to expose the content title in the window title. r=Gijs,tabbrowser-reviewers,dao

Differential Revision: https://phabricator.services.mozilla.com/D190496

fixup! Firefox preference overrides.

Bug 41988: Do not expose page titles in winow title

 // Disable capturing thumbnails (tor-browser#41595)

 // Also not needed in PBM at the moment.

 pref("browser.pagethumbnails.capturing_disabled", true);

+// tor-browser#41988: Remove page titles from window titles to prevent possible

+// disk leaks, e.g., in system logs.

+// For example, it happened that GNOME shell logged the window name that caused

+// JS errors/unexpected conditions for unrelated issues.

+pref("privacy.exposeContentTitleInWindow", false);

+pref("privacy.exposeContentTitleInWindow.pbm", false);

 // Empty clipboard content from private windows on exit (tor-browser#42154)

 pref("browser.privatebrowsing.preserveClipboard", false);

 // Time until temporary permissions expire, in ms

 pref("privacy.temporary_permission_expire_time_ms",  3600000);

-// Enables protection mechanism against password spoofing for cross domain auh requests

+// Enables protection mechanism against password spoofing for cross domain auth requests

 // See bug 791594

 pref("privacy.authPromptSpoofingProtection",         true);

 // before navigating to the actual meeting room page. Doesn't survive tab close.

 pref("privacy.webrtc.deviceGracePeriodTimeoutMs", 3600000);

+// Enable including the content in the window title.

+// PBM users might want to disable this to avoid a possible source of disk

+// leaks.

+pref("privacy.exposeContentTitleInWindow", true);

+pref("privacy.exposeContentTitleInWindow.pbm", true);

+

 // Start the browser in e10s mode

 pref("browser.tabs.remote.autostart", true);

 pref("browser.tabs.remote.desktopbehavior", true);

           true

         );

       });

+      XPCOMUtils.defineLazyPreferenceGetter(

+        this,

+        "_shouldExposeContentTitle",

+        "privacy.exposeContentTitleInWindow",

+        true

+      );

+      XPCOMUtils.defineLazyPreferenceGetter(

+        this,

+        "_shouldExposeContentTitlePbm",

+        "privacy.exposeContentTitleInWindow.pbm",

+        true

+      );

       if (AppConstants.MOZ_CRASHREPORTER) {

         ChromeUtils.defineModuleGetter(

     getWindowTitleForBrowser(aBrowser) {

       let docElement = document.documentElement;

       let title = "";

+      let dataSuffix =

+        docElement.getAttribute("privatebrowsingmode") == "temporary"

+          ? "Private"

+          : "Default";

+      let defaultTitle = docElement.dataset["title" + dataSuffix];

+

+      if (

+        !this._shouldExposeContentTitle ||

+        (PrivateBrowsingUtils.isWindowPrivate(window) &&

+          !this._shouldExposeContentTitlePbm)

+      ) {

+        return defaultTitle;

+      }

       // If location bar is hidden and the URL type supports a host,

       // add the scheme and host to the title to prevent spoofing.

         title += tab.getAttribute("label").replace(/\0/g, "");

       }

-      let dataSuffix =

-        docElement.getAttribute("privatebrowsingmode") == "temporary"

-          ? "Private"

-          : "Default";

       if (title) {

         // We're using a function rather than just using `title` as the

         // new substring to avoid `$$`, `$'` etc. having a special

         );

       }

-      return docElement.dataset["title" + dataSuffix];

+      return defaultTitle;

     },

     updateTitlebar() {

     true,

     pb_about_pb_title

   );

+

+  await SpecialPowers.pushPrefEnv({

+    set: [["privacy.exposeContentTitleInWindow.pbm", false]],

+  });

+  await testTabTitle(await openWin(false), testPageURL, false, page_with_title);

+  await testTabTitle(

+    await openWin(true),

+    testPageURL,

+    true,

+    pb_page_without_title

+  );

+  await SpecialPowers.pushPrefEnv({

+    set: [

+      ["privacy.exposeContentTitleInWindow", false],

+      ["privacy.exposeContentTitleInWindow.pbm", true],

+    ],

+  });

+  await testTabTitle(

+    await openWin(false),

+    testPageURL,

+    false,

+    page_without_title

+  );

+  // The generic preference set to false is intended to override the PBM one

+  await testTabTitle(

+    await openWin(true),

+    testPageURL,

+    true,

+    pb_page_without_title

+  );

 });

Pier Angelo Vendrame pushed to branch base-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

4 changed files:

Changes: