morgan pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 6b86c2c8 by Henry Wilkes at 2025-10-13T14:09:41+00:00 fixup! Firefox preference overrides. TB 43850: Do not use automatic forced colours on Windows. - - - - - 975e6f3a by Henry Wilkes at 2025-10-13T14:09:41+00:00 fixup! BB 42027: Base Browser migration procedures. TB 43850: Clear browser colour preferences if the user has RFP enabled. - - - - - 5756a349 by Henry Wilkes at 2025-10-13T14:09:41+00:00 fixup! Base Browser strings TB 43850: Add alternative name and description for the "Custom" contrast control. - - - - - 385a9630 by Henry Wilkes at 2025-10-13T14:09:42+00:00 BB 43850: Modify the Contrast Control settings for RFP. - - - - - 5 changed files: - browser/app/profile/001-base-profile.js - browser/components/ProfileDataUpgrader.sys.mjs - browser/components/preferences/main.inc.xhtml - browser/components/preferences/main.js - toolkit/locales/en-US/toolkit/global/base-browser.ftl Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -544,7 +544,13 @@ pref("pdfjs.enableScripting", false); // tor-browser#42255: pdfjs.disabled used to be part of RFP until Bug 1838415; lock pref to false in stable pref("pdfjs.disabled", false, locked); #endif -// Bug 40057: Ensure system colors are not used for CSS4 colors +// tor-browser#43850. Keep forced colors off by default for all platforms. +// Upstream sets a value of "0" for Windows. +pref("browser.display.document_color_use", 1); +// Bug 40057: Ensure system colors are not used for CSS4 colors. +// FIXME: This preference seems to be unread since bugzilla bug 1898096, but +// still exists in the static preference list. Remove when upstream removes +// this or confirms it will not be used again in the future. pref("browser.display.use_system_colors", false); // tor-browser#43366: do not use system accent color in inputs. // See also https://bugzilla.mozilla.org/show_bug.cgi?id=1861362. ===================================== browser/components/ProfileDataUpgrader.sys.mjs ===================================== @@ -914,7 +914,8 @@ export let ProfileDataUpgrader = { // Version 3: 14.0a7: Reset general.smoothScroll. tor-browser#42070. // Version 4: 15.0a2: Drop ML components. tor-browser#44045. // Version 5: 15.0a3: Disable LaterRun using prefs. tor-browser#42630. - const MIGRATION_VERSION = 5; + // Version 6: 15.0a4: Reset browser colors. tor-browser#43850. + const MIGRATION_VERSION = 6; const MIGRATION_PREF = "basebrowser.migration.version"; if (isNewProfile) { @@ -982,6 +983,36 @@ export let ProfileDataUpgrader = { Services.prefs.clearUserPref(prefName); } } + if (currentVersion < 6) { + // Clear the related preference that is no longer read by upstream's code. + Services.prefs.clearUserPref("browser.display.use_system_colors"); + if (Services.prefs.getBoolPref("privacy.resistFingerprinting", true)) { + for (const prefName of [ + // User has not switched off resist fingerprinting. We want to reset + // any "0" (automatic, use system colours) and "2" (always use browser + // colours) values. + // The "0" value cannot be set by the user under RFP in + // about:preferences. The "2" value can be set, but has a different + // name and a warning about website detectability. tor-browser#43850. + "browser.display.document_color_use", + // Under RFP, the following colours are ignored. So we clear them. + // NOTE: Only a subset of can be set via the colors.xhtml dialog in + // about:preferences. + "browser.anchor_color", + "browser.anchor_color.dark", + "browser.visited_color", + "browser.visited_color.dark", + "browser.display.foreground_color", + "browser.display.foreground_color.dark", + "browser.display.background_color", + "browser.display.background_color.dark", + "browser.active_color", + "browser.active_color.dark", + ]) { + Services.prefs.clearUserPref(prefName); + } + } + } Services.prefs.setIntPref(MIGRATION_PREF, MIGRATION_VERSION); }, ===================================== browser/components/preferences/main.inc.xhtml ===================================== @@ -264,6 +264,15 @@ value="2" flex="1" data-l10n-id="preferences-contrast-control-custom"/> + <description id="contrastSettingsFixedColorsDescription" class="indent"> + <html:span + data-l10n-id="preferences-contrast-control-fixed-color-description" + ></html:span> + <html:a + is="moz-support-link" + tor-manual-page="anti-fingerprinting" + ></html:a> + </description> <button id="colors" is="highlightable-button" class="accessory-button indent" ===================================== browser/components/preferences/main.js ===================================== @@ -733,6 +733,78 @@ var gMainPane = { gMainPane.updateColorsButton.bind(gMainPane) ); gMainPane.updateColorsButton(); + + // Modify the contrast setting options when resist fingerprinting (RFP) is + // enabled because the custom colours will not be used in this state. + // Instead, some fixed set of stand-in colours is used. tor-browser#43850. + const resistFingerprintingPref = "privacy.resistFingerprinting"; + const updateContrastControls = () => { + const rfpEnabled = Services.prefs.getBoolPref( + resistFingerprintingPref, + false + ); + const autoOptionEl = document.getElementById("contrastSettingsAuto"); + const onOptionEl = document.getElementById("contrastSettingsOn"); + const onDescriptionEl = document.getElementById( + "contrastSettingsFixedColorsDescription" + ); + const colorButtonEl = document.getElementById("colors"); + for (const { element, hide } of [ + { + element: autoOptionEl, + // Hide the "Automatic" option under RFP if it is not already + // selected. We generally want to discourage this reflection of system + // settings if RFP is enabled. + // NOTE: It would be unexpected for this value to be selected under + // RFP since there is no visible UI to do so in this state. It would + // likely require some direct preference manipulation. + hide: + rfpEnabled && + autoOptionEl.value !== + String( + Preferences.get("browser.display.document_color_use").value + ), + }, + { element: colorButtonEl, hide: rfpEnabled }, + { element: onDescriptionEl, hide: !rfpEnabled }, + ]) { + element.hidden = hide; + if (hide) { + element.setAttribute("data-hidden-from-search", "true"); + } else { + element.removeAttribute("data-hidden-from-search"); + } + } + if (rfpEnabled) { + onOptionEl.setAttribute( + "data-l10n-id", + "preferences-contrast-control-fixed-color" + ); + onOptionEl.setAttribute("aria-describedby", onDescriptionEl.id); + } else { + onOptionEl.setAttribute( + "data-l10n-id", + "preferences-contrast-control-custom" + ); + onOptionEl.removeAttribute("aria-describedby"); + } + }; + updateContrastControls(); + Services.prefs.addObserver( + resistFingerprintingPref, + updateContrastControls + ); + window.addEventListener( + "unload", + () => { + Services.prefs.removeObserver( + resistFingerprintingPref, + updateContrastControls + ); + }, + { once: true } + ); + Preferences.get("layers.acceleration.disabled").on( "change", gMainPane.updateHardwareAcceleration.bind(gMainPane) ===================================== toolkit/locales/en-US/toolkit/global/base-browser.ftl ===================================== @@ -101,6 +101,13 @@ letterboxing-enable-button = browser-layout-show-sidebar-desc-limited = Quickly access bookmarks and more without leaving your main view. +## Preferences - Contrast Control. + +preferences-contrast-control-fixed-color = + .label = Fixed colors + .accesskey = F +preferences-contrast-control-fixed-color-description = This will be detectable by websites and will make you appear more unique to web trackers. + ## Security level toolbar button. ## Uses sentence case in English (US). ## ".label" is the accessible name, and shown in the overflow menu and when customizing the toolbar. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f0d854d... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f0d854d... You're receiving this email because of your account on gitlab.torproject.org.