Pier Angelo Vendrame pushed to branch tor-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: d2aece5a by Tom Ritter at 2025-11-24T09:42:57+01:00 Bug 1999126: Hide the value of the pdfjs pref from being disabled when RFP is enabled r=timhuang Differential Revision: https://phabricator.services.mozilla.com/D272930 - - - - - 5 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - dom/base/Navigator.cpp - dom/base/nsMimeTypeArray.cpp - dom/base/nsPluginArray.cpp - toolkit/components/resistfingerprinting/RFPTargets.inc Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -331,6 +331,13 @@ add_task(async () => { await simpleRFPTest(uri, testNavigator, expectedResults); }); +add_task(async () => { + expectedResults = structuredClone(allSpoofed); + await simpleRFPTest(uri, testNavigator, expectedResults, {}, [ + ["pdfjs.disabled", true], + ]); +}); + // In the below tests, we use the cross-origin domain as the base URI of a resource we fetch (on both the framer and framee) // so we can check that the HTTP header is as expected. ===================================== dom/base/Navigator.cpp ===================================== @@ -510,7 +510,11 @@ nsPluginArray* Navigator::GetPlugins(ErrorResult& aRv) { return mPlugins; } -bool Navigator::PdfViewerEnabled() { return !StaticPrefs::pdfjs_disabled(); } +bool Navigator::PdfViewerEnabled() { + return !StaticPrefs::pdfjs_disabled() || + nsContentUtils::ShouldResistFingerprinting(GetDocShell(), + RFPTarget::PdfjsSpoof); +} Permissions* Navigator::GetPermissions(ErrorResult& aRv) { if (!mWindow) { ===================================== dom/base/nsMimeTypeArray.cpp ===================================== @@ -79,7 +79,11 @@ void nsMimeTypeArray::GetSupportedNames(nsTArray<nsString>& retval) { } } -bool nsMimeTypeArray::ForceNoPlugins() { return StaticPrefs::pdfjs_disabled(); } +bool nsMimeTypeArray::ForceNoPlugins() { + return StaticPrefs::pdfjs_disabled() && + !nsContentUtils::ShouldResistFingerprinting( + mWindow ? mWindow->GetDocShell() : nullptr, RFPTarget::PdfjsSpoof); +} NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(nsMimeType, mPluginElement) ===================================== dom/base/nsPluginArray.cpp ===================================== @@ -97,7 +97,11 @@ void nsPluginArray::GetSupportedNames(nsTArray<nsString>& aRetval) { } } -bool nsPluginArray::ForceNoPlugins() { return StaticPrefs::pdfjs_disabled(); } +bool nsPluginArray::ForceNoPlugins() { + return StaticPrefs::pdfjs_disabled() && + !nsContentUtils::ShouldResistFingerprinting( + mWindow ? mWindow->GetDocShell() : nullptr, RFPTarget::PdfjsSpoof); +} NS_IMPL_CYCLE_COLLECTING_ADDREF(nsPluginArray) NS_IMPL_CYCLE_COLLECTING_RELEASE(nsPluginArray) ===================================== toolkit/components/resistfingerprinting/RFPTargets.inc ===================================== @@ -34,7 +34,8 @@ ITEM_VALUE(NavigatorHWConcurrency, 16) ITEM_VALUE(NavigatorOscpu, 17) ITEM_VALUE(NavigatorPlatform, 18) ITEM_VALUE(NavigatorUserAgent, 19) -// We no longer use PointerId, it can renamed and reused +// If the user disables PDFJS via a pref, we do not expose that to the web +ITEM_VALUE(PdfjsSpoof, 20) ITEM_VALUE(StreamVideoFacingMode, 21) ITEM_VALUE(JSDateTimeUTC, 22) ITEM_VALUE(JSMathFdlibm, 23) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d2aece5a... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d2aece5a... You're receiving this email because of your account on gitlab.torproject.org.