ma1 pushed to branch tor-browser-128.8.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
-
eb2f9e50
by Tara at 2025-03-02T23:38:07+01:00
-
913be926
by John Schanck at 2025-03-02T23:42:15+01:00
-
6eb75b58
by Jeff Boek at 2025-03-02T23:44:03+01:00
-
d7bd10bb
by Tom Schuster at 2025-03-02T23:54:33+01:00
-
fada429d
by Tom Schuster at 2025-03-02T23:59:43+01:00
11 changed files:
- browser/components/privatebrowsing/content/aboutPrivateBrowsing.html
- browser/components/protections/content/protections.html
- mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt
- mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt
- mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt
- mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt
- mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt
- mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt
- mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt
- mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java
- mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java
Changes:
| ... | ... | @@ -10,7 +10,7 @@ |
| 10 | 10 | <meta charset="utf-8" />
|
| 11 | 11 | <meta
|
| 12 | 12 | http-equiv="Content-Security-Policy"
|
| 13 | - content="default-src chrome: blob:; object-src 'none'"
|
|
| 13 | + content="default-src chrome:; img-src chrome: blob:; object-src 'none';"
|
|
| 14 | 14 | />
|
| 15 | 15 | <meta name="color-scheme" content="light dark" />
|
| 16 | 16 | <link rel="icon" href="chrome://browser/skin/privatebrowsing/favicon.svg" />
|
| ... | ... | @@ -8,7 +8,7 @@ |
| 8 | 8 | <meta charset="utf-8" />
|
| 9 | 9 | <meta
|
| 10 | 10 | http-equiv="Content-Security-Policy"
|
| 11 | - content="default-src chrome: blob:; object-src 'none'"
|
|
| 11 | + content="default-src chrome:; object-src 'none'"
|
|
| 12 | 12 | />
|
| 13 | 13 | <meta name="color-scheme" content="light dark" />
|
| 14 | 14 | <link rel="localization" href="branding/brand.ftl" />
|
| ... | ... | @@ -1822,7 +1822,7 @@ class GeckoEngineSession( |
| 1822 | 1822 | internal const val ABOUT_BLANK = "about:blank"
|
| 1823 | 1823 | internal const val JS_SCHEME = "javascript"
|
| 1824 | 1824 | internal val BLOCKED_SCHEMES =
|
| 1825 | - listOf("file", "resource", JS_SCHEME) // See 1684761 and 1684947
|
|
| 1825 | + listOf("file", "resource", "fido", JS_SCHEME) // See 1684761 and 1684947
|
|
| 1826 | 1826 | |
| 1827 | 1827 | /**
|
| 1828 | 1828 | * Provides an ErrorType corresponding to the error code provided.
|
| ... | ... | @@ -631,6 +631,11 @@ class GeckoEngineSessionTest { |
| 631 | 631 | engineSession.loadUrl("RESOURCE://package/test.text")
|
| 632 | 632 | verify(geckoSession, never()).load(GeckoSession.Loader().uri("resource://package/test.text"))
|
| 633 | 633 | verify(geckoSession, never()).load(GeckoSession.Loader().uri("RESOURCE://package/test.text"))
|
| 634 | + |
|
| 635 | + engineSession.loadUrl("fido:/12345678")
|
|
| 636 | + engineSession.loadUrl("FIDO:/12345678")
|
|
| 637 | + verify(geckoSession, never()).load(GeckoSession.Loader().uri("fido:/12345678"))
|
|
| 638 | + verify(geckoSession, never()).load(GeckoSession.Loader().uri("FIDO:/12345678"))
|
|
| 634 | 639 | }
|
| 635 | 640 | |
| 636 | 641 | @Test
|
| ... | ... | @@ -314,6 +314,7 @@ class AppLinksUseCases( |
| 314 | 314 | "https", "moz-extension", "moz-safe-about", "resource", "view-source", "ws", "wss", "blob",
|
| 315 | 315 | )
|
| 316 | 316 | |
| 317 | - internal val ALWAYS_DENY_SCHEMES: Set<String> = setOf("jar", "file", "javascript", "data", "about", "content")
|
|
| 317 | + internal val ALWAYS_DENY_SCHEMES: Set<String> =
|
|
| 318 | + setOf("jar", "file", "javascript", "data", "about", "content", "fido")
|
|
| 318 | 319 | }
|
| 319 | 320 | } |
| ... | ... | @@ -47,6 +47,7 @@ class AppLinksUseCasesTest { |
| 47 | 47 | private val javascriptUrl = "javascript:'hello, world'"
|
| 48 | 48 | private val jarUrl = "jar:file://some/path/test.html"
|
| 49 | 49 | private val contentUrl = "content://media/external_primary/downloads/12345"
|
| 50 | + private val fidoPath = "fido:12345678"
|
|
| 50 | 51 | private val fileType = "audio/mpeg"
|
| 51 | 52 | private val layerUrl = "https://example.com"
|
| 52 | 53 | private val layerPackage = "com.example.app"
|
| ... | ... | @@ -215,6 +216,15 @@ class AppLinksUseCasesTest { |
| 215 | 216 | assertFalse(redirect.isRedirect())
|
| 216 | 217 | }
|
| 217 | 218 | |
| 219 | + @Test
|
|
| 220 | + fun `A fido url is not an app link`() {
|
|
| 221 | + val context = createContext(Triple(fidoPath, appPackage, ""))
|
|
| 222 | + val subject = AppLinksUseCases(context, { true })
|
|
| 223 | + |
|
| 224 | + val redirect = subject.interceptedAppLinkRedirect(fidoPath)
|
|
| 225 | + assertFalse(redirect.isRedirect())
|
|
| 226 | + }
|
|
| 227 | + |
|
| 218 | 228 | @Test
|
| 219 | 229 | fun `Will not redirect app link if browser option set to false and scheme is supported`() {
|
| 220 | 230 | val context = createContext(Triple(appUrl, appPackage, ""))
|
| ... | ... | @@ -9,6 +9,7 @@ import android.content.Intent |
| 9 | 9 | import androidx.annotation.VisibleForTesting
|
| 10 | 10 | import androidx.annotation.VisibleForTesting.Companion.PRIVATE
|
| 11 | 11 | import androidx.core.view.isVisible
|
| 12 | +import androidx.fragment.app.DialogFragment
|
|
| 12 | 13 | import androidx.fragment.app.Fragment
|
| 13 | 14 | import androidx.fragment.app.FragmentManager
|
| 14 | 15 | import kotlinx.coroutines.CoroutineScope
|
| ... | ... | @@ -1094,7 +1095,15 @@ class PromptFeature private constructor( |
| 1094 | 1095 | emitPromptDismissedFact(promptName = promptRequest::class.simpleName.ifNullOrEmpty { "" })
|
| 1095 | 1096 | }
|
| 1096 | 1097 | |
| 1098 | + @VisibleForTesting
|
|
| 1099 | + internal fun redirectDialogFragmentIsActive() =
|
|
| 1100 | + (fragmentManager.findFragmentByTag("SHOULD_OPEN_APP_LINK_PROMPT_DIALOG") as? DialogFragment) != null
|
|
| 1101 | + |
|
| 1097 | 1102 | private fun canShowThisPrompt(promptRequest: PromptRequest): Boolean {
|
| 1103 | + if (redirectDialogFragmentIsActive()) {
|
|
| 1104 | + return false
|
|
| 1105 | + }
|
|
| 1106 | + |
|
| 1098 | 1107 | return when (promptRequest) {
|
| 1099 | 1108 | is SingleChoice,
|
| 1100 | 1109 | is MultipleChoice,
|
| ... | ... | @@ -903,7 +903,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity, TorIn |
| 903 | 903 | return false
|
| 904 | 904 | }
|
| 905 | 905 | |
| 906 | - final override fun dispatchTouchEvent(ev: MotionEvent?): Boolean {
|
|
| 906 | + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean {
|
|
| 907 | 907 | ProfilerMarkers.addForDispatchTouchEvent(components.core.engine.profiler, ev)
|
| 908 | 908 | return super.dispatchTouchEvent(ev)
|
| 909 | 909 | }
|
| ... | ... | @@ -7,6 +7,7 @@ package org.mozilla.fenix.customtabs |
| 7 | 7 | import android.app.assist.AssistContent
|
| 8 | 8 | import android.net.Uri
|
| 9 | 9 | import android.os.Build
|
| 10 | +import android.view.MotionEvent
|
|
| 10 | 11 | import androidx.annotation.RequiresApi
|
| 11 | 12 | import androidx.annotation.VisibleForTesting
|
| 12 | 13 | import mozilla.components.browser.state.selector.findCustomTab
|
| ... | ... | @@ -24,6 +25,8 @@ const val EXTRA_IS_SANDBOX_CUSTOM_TAB = "org.mozilla.fenix.customtabs.EXTRA_IS_S |
| 24 | 25 | */
|
| 25 | 26 | @Suppress("TooManyFunctions")
|
| 26 | 27 | open class ExternalAppBrowserActivity : HomeActivity() {
|
| 28 | + var isFinishedAnimating = false
|
|
| 29 | + |
|
| 27 | 30 | override fun onResume() {
|
| 28 | 31 | super.onResume()
|
| 29 | 32 | |
| ... | ... | @@ -74,4 +77,17 @@ open class ExternalAppBrowserActivity : HomeActivity() { |
| 74 | 77 | val currentTabUrl = getExternalTab()?.content?.url
|
| 75 | 78 | outContent?.webUri = currentTabUrl?.let { Uri.parse(it) }
|
| 76 | 79 | }
|
| 80 | + |
|
| 81 | + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean {
|
|
| 82 | + if (!isFinishedAnimating) {
|
|
| 83 | + return true
|
|
| 84 | + }
|
|
| 85 | + |
|
| 86 | + return super.dispatchTouchEvent(ev)
|
|
| 87 | + }
|
|
| 88 | + |
|
| 89 | + override fun onEnterAnimationComplete() {
|
|
| 90 | + super.onEnterAnimationComplete()
|
|
| 91 | + isFinishedAnimating = true
|
|
| 92 | + }
|
|
| 77 | 93 | } |
| ... | ... | @@ -76,6 +76,10 @@ public class IntentUtils { |
| 76 | 76 | return getSafeIntent(aUri) != null;
|
| 77 | 77 | }
|
| 78 | 78 | |
| 79 | + if ("fido".equals(scheme)) {
|
|
| 80 | + return false;
|
|
| 81 | + }
|
|
| 82 | + |
|
| 79 | 83 | return true;
|
| 80 | 84 | }
|
| 81 | 85 |
| ... | ... | @@ -63,4 +63,10 @@ public class IntentUtilsTest { |
| 63 | 63 | final String uri = "intent:non_scheme_intent#Intent;end";
|
| 64 | 64 | assertTrue(IntentUtils.isUriSafeForScheme(uri));
|
| 65 | 65 | }
|
| 66 | + |
|
| 67 | + @Test
|
|
| 68 | + public void unsafeFidoUri() {
|
|
| 69 | + final String uri = "fido:/12345678";
|
|
| 70 | + assertFalse(IntentUtils.isUriSafeForScheme(uri));
|
|
| 71 | + }
|
|
| 66 | 72 | } |