ma1 pushed to branch tor-browser-115.27.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
-
f89188bd
by Tom Schuster at 2025-08-18T17:22:37+02:00
-
85feb19a
by Steve Fink at 2025-08-18T17:22:42+02:00
-
3239846a
by Kershaw Chang at 2025-08-18T17:22:43+02:00
5 changed files:
- browser/actors/ClickHandlerChild.sys.mjs
- browser/app/profile/firefox.js
- js/src/util/NativeStack.cpp
- mozglue/misc/StackWalk.cpp
- netwerk/protocol/http/nsHttpConnection.cpp
Changes:
| ... | ... | @@ -12,12 +12,26 @@ ChromeUtils.defineESModuleGetters(lazy, { |
| 12 | 12 | E10SUtils: "resource://gre/modules/E10SUtils.sys.mjs",
|
| 13 | 13 | });
|
| 14 | 14 | |
| 15 | +XPCOMUtils.defineLazyPreferenceGetter(
|
|
| 16 | + lazy,
|
|
| 17 | + "autoscrollEnabled",
|
|
| 18 | + "general.autoScroll",
|
|
| 19 | + true
|
|
| 20 | +);
|
|
| 21 | + |
|
| 22 | +XPCOMUtils.defineLazyPreferenceGetter(
|
|
| 23 | + lazy,
|
|
| 24 | + "blockJavascript",
|
|
| 25 | + "browser.link.alternative_click.block_javascript",
|
|
| 26 | + true
|
|
| 27 | +);
|
|
| 28 | + |
|
| 15 | 29 | export class MiddleMousePasteHandlerChild extends JSWindowActorChild {
|
| 16 | 30 | handleEvent(clickEvent) {
|
| 17 | 31 | if (
|
| 18 | 32 | clickEvent.defaultPrevented ||
|
| 19 | 33 | clickEvent.button != 1 ||
|
| 20 | - MiddleMousePasteHandlerChild.autoscrollEnabled
|
|
| 34 | + lazy.autoscrollEnabled
|
|
| 21 | 35 | ) {
|
| 22 | 36 | return;
|
| 23 | 37 | }
|
| ... | ... | @@ -34,13 +48,6 @@ export class MiddleMousePasteHandlerChild extends JSWindowActorChild { |
| 34 | 48 | }
|
| 35 | 49 | }
|
| 36 | 50 | |
| 37 | -XPCOMUtils.defineLazyPreferenceGetter(
|
|
| 38 | - MiddleMousePasteHandlerChild,
|
|
| 39 | - "autoscrollEnabled",
|
|
| 40 | - "general.autoScroll",
|
|
| 41 | - true
|
|
| 42 | -);
|
|
| 43 | - |
|
| 44 | 51 | export class ClickHandlerChild extends JSWindowActorChild {
|
| 45 | 52 | handleEvent(wrapperEvent) {
|
| 46 | 53 | this.handleClickEvent(wrapperEvent.sourceEvent);
|
| ... | ... | @@ -112,6 +119,14 @@ export class ClickHandlerChild extends JSWindowActorChild { |
| 112 | 119 | };
|
| 113 | 120 | |
| 114 | 121 | if (href && !isFromMiddleMousePasteHandler) {
|
| 122 | + if (
|
|
| 123 | + lazy.blockJavascript &&
|
|
| 124 | + Services.io.extractScheme(href) == "javascript"
|
|
| 125 | + ) {
|
|
| 126 | + // We don't want to open new tabs or windows for javascript: links.
|
|
| 127 | + return;
|
|
| 128 | + }
|
|
| 129 | + |
|
| 115 | 130 | try {
|
| 116 | 131 | Services.scriptSecurityManager.checkLoadURIStrWithPrincipal(
|
| 117 | 132 | principal,
|
| ... | ... | @@ -759,6 +759,9 @@ pref("browser.link.open_newwindow.restriction", 2); |
| 759 | 759 | pref("browser.link.open_newwindow.disabled_in_fullscreen", false);
|
| 760 | 760 | #endif
|
| 761 | 761 | |
| 762 | +// If true, opening javscript: URLs using middle-click, CTRL+click etc. are blocked.
|
|
| 763 | +pref("browser.link.alternative_click.block_javascript", true);
|
|
| 764 | + |
|
| 762 | 765 | // Tabbed browser
|
| 763 | 766 | pref("browser.tabs.closeTabByDblclick", false);
|
| 764 | 767 | pref("browser.tabs.closeWindowWithLastTab", true);
|
| ... | ... | @@ -95,17 +95,16 @@ void* js::GetNativeStackBaseImpl() { |
| 95 | 95 | pthread_t thread = pthread_self();
|
| 96 | 96 | pthread_attr_t sattr;
|
| 97 | 97 | pthread_attr_init(&sattr);
|
| 98 | - pthread_getattr_np(thread, &sattr);
|
|
| 98 | + int rc = pthread_getattr_np(thread, &sattr);
|
|
| 99 | + MOZ_RELEASE_ASSERT(rc == 0, "pthread_getattr_np failed");
|
|
| 99 | 100 | |
| 100 | 101 | // stackBase will be the *lowest* address on all architectures.
|
| 101 | 102 | void* stackBase = nullptr;
|
| 102 | 103 | size_t stackSize = 0;
|
| 103 | - int rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize);
|
|
| 104 | - if (rc) {
|
|
| 105 | - MOZ_CRASH(
|
|
| 106 | - "call to pthread_attr_getstack failed, unable to setup stack range for "
|
|
| 107 | - "JS");
|
|
| 108 | - }
|
|
| 104 | + rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize);
|
|
| 105 | + MOZ_RELEASE_ASSERT(rc == 0,
|
|
| 106 | + "call to pthread_attr_getstack failed, unable to setup "
|
|
| 107 | + "stack range for JS");
|
|
| 109 | 108 | MOZ_RELEASE_ASSERT(stackBase,
|
| 110 | 109 | "invalid stack base, unable to setup stack range for JS");
|
| 111 | 110 | pthread_attr_destroy(&sattr);
|
| ... | ... | @@ -148,7 +147,8 @@ void* js::GetNativeStackBaseImpl() { |
| 148 | 147 | * FIXME: this function is non-portable;
|
| 149 | 148 | * other POSIX systems may have different np alternatives
|
| 150 | 149 | */
|
| 151 | - pthread_getattr_np(thread, &sattr);
|
|
| 150 | + MOZ_RELEASE_ASSERT(pthread_getattr_np(thread, &sattr) == 0,
|
|
| 151 | + "pthread_getattr_np failed");
|
|
| 152 | 152 | # endif
|
| 153 | 153 | |
| 154 | 154 | void* stackBase = 0;
|
| ... | ... | @@ -695,7 +695,8 @@ MFBT_API void MozStackWalk(MozWalkStackCallback aCallback, |
| 695 | 695 | # elif defined(ANDROID)
|
| 696 | 696 | pthread_attr_t sattr;
|
| 697 | 697 | pthread_attr_init(&sattr);
|
| 698 | - pthread_getattr_np(pthread_self(), &sattr);
|
|
| 698 | + int rc = pthread_getattr_np(pthread_self(), &sattr);
|
|
| 699 | + MOZ_RELEASE_ASSERT(rc == 0, "pthread_getattr_np failed");
|
|
| 699 | 700 | void* stackBase = stackEnd = nullptr;
|
| 700 | 701 | size_t stackSize = 0;
|
| 701 | 702 | if (gettid() != getpid()) {
|
| ... | ... | @@ -1635,9 +1635,10 @@ nsresult nsHttpConnection::OnSocketWritable() { |
| 1635 | 1635 | }
|
| 1636 | 1636 | |
| 1637 | 1637 | LOG((" writing transaction request stream\n"));
|
| 1638 | - rv = mTransaction->ReadSegmentsAgain(this,
|
|
| 1639 | - nsIOService::gDefaultSegmentSize,
|
|
| 1640 | - &transactionBytes, &again);
|
|
| 1638 | + RefPtr<nsAHttpTransaction> transaction = mTransaction;
|
|
| 1639 | + rv = transaction->ReadSegmentsAgain(this,
|
|
| 1640 | + nsIOService::gDefaultSegmentSize,
|
|
| 1641 | + &transactionBytes, &again);
|
|
| 1641 | 1642 | if (mTlsHandshaker->EarlyDataUsed()) {
|
| 1642 | 1643 | mContentBytesWritten0RTT += transactionBytes;
|
| 1643 | 1644 | if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) {
|
| ... | ... | @@ -1660,7 +1661,8 @@ nsresult nsHttpConnection::OnSocketWritable() { |
| 1660 | 1661 | static_cast<uint32_t>(mSocketOutCondition), again));
|
| 1661 | 1662 | |
| 1662 | 1663 | // XXX some streams return NS_BASE_STREAM_CLOSED to indicate EOF.
|
| 1663 | - if (rv == NS_BASE_STREAM_CLOSED && !mTransaction->IsDone()) {
|
|
| 1664 | + if (rv == NS_BASE_STREAM_CLOSED &&
|
|
| 1665 | + (mTransaction && !mTransaction->IsDone())) {
|
|
| 1664 | 1666 | rv = NS_OK;
|
| 1665 | 1667 | transactionBytes = 0;
|
| 1666 | 1668 | }
|
| ... | ... | @@ -1703,7 +1705,8 @@ nsresult nsHttpConnection::OnSocketWritable() { |
| 1703 | 1705 | // When Spdy tunnel is used we need to explicitly set when a request is
|
| 1704 | 1706 | // done.
|
| 1705 | 1707 | if ((mState != HttpConnectionState::SETTING_UP_TUNNEL) && !mSpdySession) {
|
| 1706 | - nsHttpTransaction* trans = mTransaction->QueryHttpTransaction();
|
|
| 1708 | + nsHttpTransaction* trans =
|
|
| 1709 | + mTransaction ? mTransaction->QueryHttpTransaction() : nullptr;
|
|
| 1707 | 1710 | // needed for websocket over h2 (direct)
|
| 1708 | 1711 | if (!trans || !trans->IsWebsocketUpgrade()) {
|
| 1709 | 1712 | mRequestDone = true;
|
| ... | ... | @@ -1806,7 +1809,8 @@ nsresult nsHttpConnection::OnSocketReadable() { |
| 1806 | 1809 | rv = NS_ERROR_FAILURE;
|
| 1807 | 1810 | LOG((" No Transaction In OnSocketWritable\n"));
|
| 1808 | 1811 | } else {
|
| 1809 | - rv = mTransaction->WriteSegmentsAgain(
|
|
| 1812 | + RefPtr<nsAHttpTransaction> transaction = mTransaction;
|
|
| 1813 | + rv = transaction->WriteSegmentsAgain(
|
|
| 1810 | 1814 | this, nsIOService::gDefaultSegmentSize, &n, &again);
|
| 1811 | 1815 | }
|
| 1812 | 1816 | LOG(("nsHttpConnection::OnSocketReadable %p trans->ws rv=%" PRIx32
|