commit 915ec73bb2b556aa937a827fbe746b21dacec1f3 Author: Georg Koppen gk@torproject.org Date: Mon Jan 12 13:03:34 2015 +0000
Bug 13998: Adapt code to fixed globalHttpsWhitelist --- src/chrome/content/torbutton.js | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 4715fb6..8adef28 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -2166,6 +2166,7 @@ var torbutton_sec_ml_bool_prefs = {
var torbutton_sec_mh_bool_prefs = { "javascript.options.baselinejit.content" : false, + "noscript.global" : false, "noscript.globalHttpsWhitelist" : true, // XXX: pref for disableing SVG is missing }; @@ -2198,7 +2199,10 @@ function torbutton_update_security_slider() { for (p in torbutton_sec_h_bool_prefs) { m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p]) } - // XXX: Adding and removing "https:" is needed due to a bug in Noscript. + // Removing "https:" is needed due to a bug in older Noscript versions. + // We leave that in for a while as there may be users that were affected + // by this bug. Removing it immediately and having the auto-updater might + // leave users exposed to the problem. if (capValue.indexOf(" https:") >= 0) { m_tb_prefs.setCharPref("capability.policy.maonoscript.sites", capValue.replace(" https:", "")); @@ -2224,7 +2228,10 @@ function torbutton_update_security_slider() { for (p in torbutton_sec_h_bool_prefs) { m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p]) } - // XXX: Adding and removing "https:" is needed due to a bug in Noscript. + // Removing "https:" is needed due to a bug in older Noscript versions. + // We leave that in for a while as there may be users that were affected + // by this bug. Removing it immediately and having the auto-updater might + // leave users exposed to the problem. if (capValue.indexOf(" https:") >= 0) { m_tb_prefs.setCharPref("capability.policy.maonoscript.sites", capValue.replace(" https:", "")); @@ -2244,17 +2251,14 @@ function torbutton_update_security_slider() { for (p in torbutton_sec_ml_bool_prefs) { m_tb_prefs.setBoolPref(p, torbutton_sec_ml_bool_prefs[p]) } - for (p in torbutton_sec_mh_bool_prefs) { - m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p]) - } + // Order matters here as both the high mode and the medium-high mode + // share some preferences/values. So, let's revert the high mode + // preferences first and set the medium-high mode ones afterwards. for (p in torbutton_sec_h_bool_prefs) { m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p]) } - // XXX: Adding and removing "https:" is needed due to a bug in Noscript. - // missing. - if (capValue.indexOf(" https:") < 0) { - m_tb_prefs.setCharPref("capability.policy.maonoscript.sites", capValue + - " https:"); + for (p in torbutton_sec_mh_bool_prefs) { + m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p]) } m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", false); break; @@ -2276,7 +2280,10 @@ function torbutton_update_security_slider() { for (p in torbutton_sec_h_bool_prefs) { m_tb_prefs.setBoolPref(p, torbutton_sec_h_bool_prefs[p]) } - // XXX: Adding and removing "https:" is needed due to a bug in Noscript. + // Removing "https:" is needed due to a bug in older Noscript versions. + // We leave that in for a while as there may be users that were affected + // by this bug. Removing it immediately and having the auto-updater might + // leave users exposed to the problem. if (capValue.indexOf(" https:") >= 0) { m_tb_prefs.setCharPref("capability.policy.maonoscript.sites", capValue.replace(" https:", ""));