June 2018 - tor-commits - lists.torproject.org

[translation/tor-browser-manual] Update translations for tor-browser-manual
by translation＠torproject.org 19 Jun '18

19 Jun '18

commit 287e6da6c33d47759036e3c4ca447d280ef4bfb9 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jun 19 13:18:54 2018 +0000 Update translations for tor-browser-manual --- ar/ar.po | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ar/ar.po b/ar/ar.po index 8235d6866..94a1ec06b 100644 --- a/ar/ar.po +++ b/ar/ar.po @@ -895,6 +895,11 @@ msgid "" "connections. Tor Browser will warn you that all activity and downloads will " "be stopped, so take this into account before clicking “New Identity”." msgstr "" +"يفيد هذا الخيار إذا كنت تريد منع ربط نشاطات تصفحك بما كنت تفعله قبلها. " +"اختيار هذا سيغلق كل الألسنة والنوافذ المفتوحة، وسيمسح كل البيانات الخاصة مثل" +" الكعكات وتأريخ التصفح، وسيستخدم دوائر تور جديدة للاتصالات. سيحذرك متصفح تور" +" عن إيقاف كل الأنشطة والتنزيلات، لذا ضع هذا في الحسبان قبل النقر على ”هوية " +"جديدة“." #: managing-identities.page:123 msgid "New Tor Circuit for this Site" @@ -911,6 +916,12 @@ msgid "" "or unlink your activity, nor does it affect your current connections to " "other websites." msgstr "" +"يفيد هذا الخيار في حال تعذّر على <link xref=\"about-tor-browser#how-tor-" +"works\">تحويلة الخروج</link> التي تستخدمها الاتصال بالموقع الذي تريده، أو لم" +" يحمل بشكل صحيح. اختيار هذا سيتسبب في إعادة تحميل الصفحة أو اللسان الحالي " +"عبر الدائرة الجديدة. الألسنة والنوافذ الأخرى من نفس الموقع ستستخدم الدائرة " +"الجديدة عند إعادة تحميلهم. لا يمسح هذا الخيار أي بيانات خاصة أو يفضل الرابط " +"بين نشاطاتك، أو يؤثر على الاتصالات الحالية للمواقع الأخرى." #: onionsites.page:6 msgid "Services that are only accessible using Tor"

1 0

[translation/tor-browser-manual] Update translations for tor-browser-manual
by translation＠torproject.org 19 Jun '18

19 Jun '18

commit f30d14dbcf44fe31d27ca8e9a3834d4f43831a78 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jun 19 11:48:42 2018 +0000 Update translations for tor-browser-manual --- ar/ar.po | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/ar/ar.po b/ar/ar.po index 4345aeed8..8235d6866 100644 --- a/ar/ar.po +++ b/ar/ar.po @@ -831,12 +831,16 @@ msgid "" "When you log in to a website over Tor, there are several points you should " "bear in mind:" msgstr "" +"عند الولوج إلى موقع عبر متصفح تور، فهناك بعض النقاط التي ينبغي الانتباه " +"إليها:" #: managing-identities.page:79 msgid "" "See the <link xref=\"secure-connections\">Secure Connections</link> page for" " important information on how to secure your connection when logging in." msgstr "" +"راجع صفحة <link xref=\"secure-connections\">الاتصالات الآمنة</link> لمعلومات" +" مهمة حول كيفية تأمين اتصالك أثناء الولوج." #: managing-identities.page:87 msgid "" @@ -847,10 +851,15 @@ msgid "" "following the site’s recommended procedure for account recovery, or " "contacting the operators and explaining the situation." msgstr "" +"كثيرا ما يجعل متصفح تور اتصالاتك تبدو وكأنها قادمة من منطقة أخرى من العالم. " +"بعض المواقع، مثل البنوك أو خدمات البريد الإلكتروني، قد تفسر هذا على أنه مؤشر" +" على اختراق حسابك، وبالتالي تمنعك من الولوج. الحل الوحيد لهذه المشكلة هو " +"اتباع الإجراءات التي ينصح به الموقع لاستعادة الحساب، أو التواصل مع مشغلي " +"الموقع لتوضيح اللبس." #: managing-identities.page:101 msgid "Changing identities and circuits" -msgstr "" +msgstr "تغيير الهويات والدوائر" #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -862,12 +871,16 @@ msgid "" "external ref='media/managing-identities/new_identity.png' " "md5='15b01e35fa83185d94b57bf0ccf09d76'" msgstr "" +"external ref='media/managing-identities/new_identity.png' " +"md5='15b01e35fa83185d94b57bf0ccf09d76'" #: managing-identities.page:105 msgid "" "Tor Browser features “New Identity” and “New Tor Circuit for this Site” " "options, located in the Torbutton menu." msgstr "" +"يحتوي متصفح تور على خياري ”هوية جديدة“ و ”دائرة تور جديدة لهذا الموقع“، في " +"قائمة زر تور." #: managing-identities.page:111 msgid "New Identity" @@ -1081,7 +1094,7 @@ msgstr "" #: secure-connections.page:12 msgid "Secure Connections" -msgstr "" +msgstr "الاتصالات الآمنة" #: secure-connections.page:14 msgid "" @@ -1103,6 +1116,8 @@ msgid "" "external ref='media/secure-connections/https.png' " "md5='364bcbde7a649b0cea9ae178007c1a50'" msgstr "" +"external ref='media/secure-connections/https.png' " +"md5='364bcbde7a649b0cea9ae178007c1a50'" #: secure-connections.page:26 msgid ""

1 0

[translation/tor-browser-manual] Update translations for tor-browser-manual
by translation＠torproject.org 19 Jun '18

19 Jun '18

commit 85b8c8e40f448dacb8a315783e463a990c922fad Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jun 19 11:18:45 2018 +0000 Update translations for tor-browser-manual --- ar/ar.po | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/ar/ar.po b/ar/ar.po index fcbfa50a6..4345aeed8 100644 --- a/ar/ar.po +++ b/ar/ar.po @@ -759,6 +759,10 @@ msgid "" " be served over two different Tor circuits, so the tracker will not know " "that both connections originate from your browser." msgstr "" +"مع متصفح تور تتمركز تجربتك على الوب حول علاقتك بالموقع الموجود في شريط " +"العناوين. حتى إذا اتصلت بموقعين مختلفين يستخدمان نفس خدمة التعقب الخارجية، " +"فسيجبر متصفح تور أن يمر محتوى كل موقع عبر دائرتي تور مختلفتين، لذا لن يعرف " +"المتعقب أن كلا الاتصالين يأتي من متصفحك." #: managing-identities.page:38 msgid "" @@ -767,6 +771,9 @@ msgid "" "single website in separate tabs or windows, without any loss of " "functionality." msgstr "" +"ومن الناحية الأخرى، كل الاتصالات إلى عنوان موقع واحد تمر عبر نفس دائرة تور، " +"مما يعني أنك تستطيع تصفح صفحات مختلفة من نفس الموقع في ألسنة أو نوافذ منفصلة" +" دون أي تأثير على وظيفة الموقع." #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -778,16 +785,20 @@ msgid "" "external ref='media/managing-identities/circuit_full.png' " "md5='bd46d22de952fee42643be46d3f95928'" msgstr "" +"external ref='media/managing-identities/circuit_full.png' " +"md5='bd46d22de952fee42643be46d3f95928'" #: managing-identities.page:48 msgid "" "You can see a diagram of the circuit that Tor Browser is using for the " "current tab in the onion menu." msgstr "" +"يمكنك الاطلاع على رسم بياني بالدائرة التي يستخدمها متصفح تور للسان الحالي من" +" قائمة البصلة." #: managing-identities.page:55 msgid "Logging in over Tor" -msgstr "" +msgstr "الولوج عبر تور" #: managing-identities.page:56 msgid "" @@ -795,6 +806,9 @@ msgid "" "there may be situations in which it makes sense to use Tor with websites " "that require usernames, passwords, or other identifying information." msgstr "" +"بالرغم من أن متصفح تور مصمم ليتيح إخفاء هوية مستخدميه بشكل كامل على الوب، " +"إلا أنه أحيانا ما يكون من المفيد استخدام تور مع مواقع تتطلب أسماء مستخدمين " +"وكلمات سر، أو معلومات تعريفية أخرى." #: managing-identities.page:62 msgid "" @@ -805,6 +819,12 @@ msgid "" "you reveal to the websites you browse. Logging in using Tor Browser is also " "useful if the website you are trying to reach is censored on your network." msgstr "" +"عند ولوجك إلى موقع باستخدام متصفح عادي فأنت تكشف أيضا عن مكانك الجغرافي " +"وعنوان الإنترنت (IP). ونفس الشيء كثيرا ما يحدث عندما ترسل بريدا إلكترونيا. " +"لكن الولوج إلى حسابات شبكات التواصل الاجتماعي والبريد الإلكتروني من متصفح " +"تور يتيح لك التحكم في المعلومات التي تكشفها في نفسك للمواقع التي تتصفحها. " +"كما يفيد الولوج عبر متصفح تور إذا كان الموقع الذي تحاول الوصول إليه محجوبا " +"على شبكتك." #: managing-identities.page:72 msgid ""

1 0

[tor-browser-build/master] Bug 26362: Use old MAR format for update file creation
by boklm＠torproject.org 19 Jun '18

19 Jun '18

commit befc4910feb0eee2016e10000ed31e3fea7ef6b1 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Jun 19 09:29:37 2018 +0000 Bug 26362: Use old MAR format for update file creation Mozilla switched from Bzip2 to LZMA as compression algorithm for MAR files during th Firefox 56. That means esr52-based Tor Browsers don't understand LZMA yet. Thus, we still use Bzip2 for the first esr60-based MAR files and switch afterwards to LZMA. --- Makefile | 8 ++++---- projects/tor-browser/build | 3 +++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 4c21a83..80e9983 100644 --- a/Makefile +++ b/Makefile @@ -113,13 +113,13 @@ signtag-alpha: submodule-update incrementals-release: submodule-update $(rbm) build release --step update_responses_config --target release --target create_unsigned_incrementals tools/update-responses/download_missing_versions release - tools/update-responses/gen_incrementals release + MAR_OLD_FORMAT=1 tools/update-responses/gen_incrementals release $(rbm) build release --step hash_incrementals --target release incrementals-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target create_unsigned_incrementals tools/update-responses/download_missing_versions alpha - tools/update-responses/gen_incrementals alpha + MAR_OLD_FORMAT=1 tools/update-responses/gen_incrementals alpha $(rbm) build release --step hash_incrementals --target alpha update_responses-release: submodule-update @@ -134,13 +134,13 @@ dmg2mar-release: submodule-update $(rbm) build release --step update_responses_config --target release --target signed $(rbm) build release --step dmg2mar --target release --target signed tools/update-responses/download_missing_versions release - CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals release + CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 MAR_OLD_FORMAT=1 tools/update-responses/gen_incrementals release dmg2mar-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target signed $(rbm) build release --step dmg2mar --target alpha --target signed tools/update-responses/download_missing_versions alpha - CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha + CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 MAR_OLD_FORMAT=1 tools/update-responses/gen_incrementals alpha submodule-update: git submodule update --init diff --git a/projects/tor-browser/build b/projects/tor-browser/build index 19aa657..52678ed 100644 --- a/projects/tor-browser/build +++ b/projects/tor-browser/build @@ -268,6 +268,9 @@ popd cd $distdir [% IF c("var/build_mar") -%] + # Let's use the bzip2 format for now so that users can update to the first + # esr60-based Tor Browser. + export MAR_OLD_FORMAT=1 # Create full MAR file and compressed package. MAR_FILE=tor-browser-[% c("var/mar_osname") %]-[% c("var/torbrowser_version") %]_${PKG_LOCALE}.mar MAR=$MARTOOLS/mar MBSDIFF=$MARTOOLS/mbsdiff $MARTOOLS/make_full_update.sh -q $OUTDIR/$MAR_FILE "$TBDIR"

1 0

[translation/support-miscellaneous] Update translations for support-miscellaneous
by translation＠torproject.org 19 Jun '18

19 Jun '18

commit 06965d334607690e8f4225033327c8a5c5e911ff Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jun 19 10:19:30 2018 +0000 Update translations for support-miscellaneous --- tr.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tr.json b/tr.json index 17f6be438..bda160471 100644 --- a/tr.json +++ b/tr.json @@ -9,12 +9,12 @@ "id": "#çeşitli-2", "control": "çeşitli-2", "title": "Kötü insanların, Tor kullanırken kötü şeyler yapmasını neden engellemiyorsunuz?", - "description": "Tor is designed to defend human rights and privacy by preventing anyone from censoring things, even us. We hate that there are some people who use Tor to do terrible things, but we can't do anything to get rid of them without also undermining the human rights activists, journalists, abuse survivors, and other people who use Tor for good things. If we wanted to block certain people from using Tor, we'd basically be adding a backdoor to the software, which would open up our vulnerable users to attacks from bad regimes and other adversaries." + "description": "Tor, insan haklarını ve gizliliği, herhangi birinin bir şeyleri, bizim bile, sansürlemesini engellemesi için tasarlanmıştır. Bazı insanların Tor'u kötü şeyler yapmak için kullanmasıdan nefret ediyoruz, fakat onlardan kurtlumak için bir şey yapamıyoruz, bu insan hakları aktivistlerinin, gazetecilerin, şiddet mağdurlarının ve Tor'u iyi amaçlar için kullanan diğer kişilerin de dışlanması anlamına geliyor. Belli insanların Tor'u kullanmasını engellemek isteseydik, yazılıma arka kapı bırakmış olacaktık, ki bu savunmasız kullanıcıları kötü rejimlerin ve diğer hasımların saldırılarına açmak demek." }, "misc-3": { - "id": "#misc-3", - "control": "misc-3", - "title": "Who funds Tor?", + "id": "#çeşitli-3", + "control": "çeşitli-3", + "title": "Tor'a kim kaynak sağlıyor?", "description": "Tor is funded by a number of different sponsors including US federal agencies, private foundations, and individual donors. Check out a list of all <a href=\"https://www.torproject.org/about/sponsors.html.en\">our sponsors</a> and a series of <a href=\"https://blog.torproject.org/category/tags/form-990\">blog posts</a> on our financial reports.We feel that talking openly about our funders and funding model is the best way to maintain trust with our community. We are always seeking more diversity in our funding sources, especially from foundations and individuals." }, "misc-4": {

1 0

[translation/tor-browser-manual] Update translations for tor-browser-manual
by translation＠torproject.org 19 Jun '18

19 Jun '18

commit 937613317afc8e8fce07b8a7e5d2a6d32c3800f0 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jun 19 09:48:43 2018 +0000 Update translations for tor-browser-manual --- ar/ar.po | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ar/ar.po b/ar/ar.po index 165e9c071..fcbfa50a6 100644 --- a/ar/ar.po +++ b/ar/ar.po @@ -742,10 +742,10 @@ msgid "" " Browser includes some additional features that help you control what " "information can be tied to your identity." msgstr "" -"استخدام شبكة Tor يمنع المتطفّلين من اكتشاف موقعك المحدد وعنوان شبكبتك الخاص," -" ولكن حتى بدون هذه المعلومات يمكنهم ربط اماكن مختلفة من نشاطك معا, لهذا " -"السبب, يشمل متصفّح Tor بعض الخاصيّات التي تساعدك على التحكّم بالمعلومات التي" -" يمكن ربطها بك." +"يمنع استخدام شبكة تور المتطفّلين من معرفة مكانك وعنوان الشبكة (IP)، ولكن حتى" +" بدون هذه المعلومات يمكنهم الربط بين أماكن نشاطك المختلفة. لهذا السبب يشمل " +"متصفّح تور بعض الخاصيّات التي تساعدك على التحكّم بالمعلومات التي يمكن ربطها " +"بك." #: managing-identities.page:29 msgid "The URL bar"

1 0

[translation/support-miscellaneous] Update translations for support-miscellaneous
by translation＠torproject.org 19 Jun '18

19 Jun '18

commit 980216f8d5abff903f5d0c546071c305c7da89ca Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jun 19 09:19:39 2018 +0000 Update translations for support-miscellaneous --- tr.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tr.json b/tr.json index 504eaea38..17f6be438 100644 --- a/tr.json +++ b/tr.json @@ -3,12 +3,12 @@ "id": "#çeşitli-1", "control": "çeşitli-1", "title": "Zorunlu bir sebepten dolayı bir Tor kullanıcısını bulmalıyım. Yardım edebilir misiniz?", - "description": "There is nothing the Tor developers can do to trace Tor users. The same protections that keep bad people from breaking Tor's anonymity also prevent us from tracking users." + "description": "Tor geliştiricilerinin, Tor kullanıcılarını bulmak için yapabileceği hiçbir şey yok. Kötü insanların, Tor'un anonimliğini kırmasını engellemek için alınmış önlemler bizi kullanıcıların takibinden de alıkoymaktadır." }, "misc-2": { - "id": "#misc-2", - "control": "misc-2", - "title": "Why don't you prevent bad people from doing bad things when using Tor?", + "id": "#çeşitli-2", + "control": "çeşitli-2", + "title": "Kötü insanların, Tor kullanırken kötü şeyler yapmasını neden engellemiyorsunuz?", "description": "Tor is designed to defend human rights and privacy by preventing anyone from censoring things, even us. We hate that there are some people who use Tor to do terrible things, but we can't do anything to get rid of them without also undermining the human rights activists, journalists, abuse survivors, and other people who use Tor for good things. If we wanted to block certain people from using Tor, we'd basically be adding a backdoor to the software, which would open up our vulnerable users to attacks from bad regimes and other adversaries." }, "misc-3": {

1 0

[translation/support-miscellaneous] Update translations for support-miscellaneous
by translation＠torproject.org 19 Jun '18

19 Jun '18

commit 569e70732976e5dd361567f2f9d846dd5c51c46a Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jun 19 08:49:27 2018 +0000 Update translations for support-miscellaneous --- tr.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tr.json b/tr.json index c29993d09..504eaea38 100644 --- a/tr.json +++ b/tr.json @@ -1,8 +1,8 @@ { "misc-1": { - "id": "#misc-1", - "control": "misc-1", - "title": "I have a compelling reason to trace a Tor user. Can you help?", + "id": "#çeşitli-1", + "control": "çeşitli-1", + "title": "Zorunlu bir sebepten dolayı bir Tor kullanıcısını bulmalıyım. Yardım edebilir misiniz?", "description": "There is nothing the Tor developers can do to trace Tor users. The same protections that keep bad people from breaking Tor's anonymity also prevent us from tracking users." }, "misc-2": {

1 0

[torbutton/master] Bug 26128: Adapt security slider to WebExtensions version of NoScript
by gk＠torproject.org 19 Jun '18

19 Jun '18

commit 3e1c144a729f373b3ee70fd8d2a16646b2b6ad12 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed Jun 6 21:54:58 2018 -0700 Bug 26128: Adapt security slider to WebExtensions version of NoScript We try to maintain the same security slider behavior as for the legacy version of NoScript. This patch uses a few tricks: 1. Using a LegacyExtensionContext (defined in LegacyExtensionsUtils.jsm) to send JSON objects to NoScript via sendMessage. 2. Taking advantage of an existing invocation of browser.runtime.onMessage.addListener(...) in NoScript's code that accepts a JSON object for updating NoScript's settings. 3. Providing NoScript with settings for a "site" whose "domain" is "http:", which causes NoScript to match non-https sites. (Thanks to Sukhbir Singh for help.) --- src/chrome/content/torbutton.js | 2 + src/modules/noscript-control.js | 126 ++++++++++++++++++++++++++++++++++++++++ src/modules/security-prefs.js | 8 +-- 3 files changed, 131 insertions(+), 5 deletions(-) diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 7f750bc..11548d4 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -11,6 +11,7 @@ let { Services } = Cu.import("resource://gre/modules/Services.jsm", {}); let { showDialog } = Cu.import("resource://torbutton/modules/utils.js", {}); let { getLocale, unescapeTorString } = Cu.import("resource://torbutton/modules/utils.js", {}); let SecurityPrefs = Cu.import("resource://torbutton/modules/security-prefs.js", {}); +let NoScriptControl = Cu.import("resource://torbutton/modules/noscript-control.js", {}); let { bindPrefAndInit, observe } = Cu.import("resource://torbutton/modules/utils.js", {}); Cu.importGlobalProperties(["XMLHttpRequest"]); @@ -242,6 +243,7 @@ function torbutton_init() { torbutton_log(3, 'called init()'); SecurityPrefs.initialize(); + NoScriptControl.initialize(); if (m_tb_wasinited) { return; diff --git a/src/modules/noscript-control.js b/src/modules/noscript-control.js new file mode 100644 index 0000000..6270efe --- /dev/null +++ b/src/modules/noscript-control.js @@ -0,0 +1,126 @@ +// # NoScript settings control (for binding to Security Slider) + +/* jshint esversion:6 */ + +// ## Utilities + +const { utils: Cu } = Components; +const { LegacyExtensionContext } = + Cu.import("resource://gre/modules/LegacyExtensionsUtils.jsm", {}); +const { bindPrefAndInit } = + Cu.import("resource://torbutton/modules/utils.js", {}); + +// ## NoScript settings + +// Minimum and maximum capability states as controlled by NoScript. +const max_caps = ["fetch", "font", "frame", "media", "other", "script", "webgl"]; +const min_caps = ["frame", "other"]; + +// Untrusted capabilities for [Standard, Safer, Safest] safety levels. +const untrusted_caps = [ + max_caps, // standard safety: neither http nor https + ["frame", "font", "other"], // safer: http + min_caps, // safest: neither http nor https +]; + +// Default capabilities for [Standard, Safer, Safest] safety levels. +const default_caps = [ + max_caps, // standard: both http and https + ["fetch", "font", "frame", "other", "script", "webgl"], // safer: https only + min_caps, // safest: both http and https +]; + +// __noscriptSettings(safetyLevel)__. +// Produces NoScript settings with policy according to +// the safetyLevel which can be: +// 0 = Standard, 1 = Safer, 2 = Safest +// +// At the "Standard" safety level, we leave all sites at +// default with maximal capabilities. Essentially no content +// is blocked. +// +// At "Safer", we set all http sites to untrusted, +// and all https sites to default. Scripts are only permitted +// on https sites. Neither type of site is supposed to allow +// media, but both allow fonts (as we used in legacy NoScript). +// +// At "Safest", all sites are at default with minimal +// capabilities. Most things are blocked. +let noscriptSettings = safetyLevel => ( + { + "type": "NoScript.updateSettings", + "policy": { + "DEFAULT": { + "capabilities": default_caps[safetyLevel], + "temp": false + }, + "TRUSTED": { + "capabilities": max_caps, + "temp": false + }, + "UNTRUSTED": { + "capabilities": untrusted_caps[safetyLevel], + "temp": false + }, + "sites": { + "trusted": [], + "untrusted": [[], ["http:"], []][safetyLevel], + "custom": {}, + "temp": [] + }, + "enforced": true, + "autoAllowTop": false + }, + "tabId": -1 + }); + +// ## Communications + +// The extension ID for NoScript (WebExtension) +const noscriptID = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + +// A mock extension object that can communicate with another extension +// via the WebExtensions sendMessage/onMessage mechanism. +let extensionContext = new LegacyExtensionContext({ id : noscriptID }); + +// The component that handles WebExtensions' sendMessage. +let messageManager = extensionContext.messenger.messageManagers[0]; + +// __setNoScriptSettings(settings)__. +// NoScript listens for internal settings with onMessage. We can send +// a new settings JSON object according to NoScript's +// protocol and these are accepted! See the use of +// `browser.runtime.onMessage.addListener(...)` in NoScript's bg/main.js. +let sendNoScriptSettings = settings => + extensionContext.messenger.sendMessage(messageManager, settings, noscriptID); + +// __setNoScriptSafetyLevel(safetyLevel)__. +// Set NoScript settings according to a particular safety level +// (security slider level): 0 = Standard, 1 = Safer, 2 = Safest +let setNoScriptSafetyLevel = safetyLevel => + sendNoScriptSettings(noscriptSettings(safetyLevel)); + +// ## Slider binding + +// __securitySliderToSafetyLevel(sliderState)__. +// Converts the "extensions.torbutton.security_slider" pref value +// to a "safety level" value: 0 = Standard, 1 = Safer, 2 = Safest +let securitySliderToSafetyLevel = sliderState => [undefined, 2, 1, 1, 0][sliderState]; + +// Ensure binding only occurs once. +let initialized = false; + +// __initialize()__. +// The main function that binds the NoScript settings to the security +// slider pref state. +var initialize = () => { + if (initialized) { + return; + } + bindPrefAndInit( + "extensions.torbutton.security_slider", + sliderState => setNoScriptSafetyLevel(securitySliderToSafetyLevel(sliderState))); +}; + +// Export initialize() function for external use. +let EXPORTED_SYMBOLS = ["initialize"]; diff --git a/src/modules/security-prefs.js b/src/modules/security-prefs.js index 3d3630b..d269a1f 100644 --- a/src/modules/security-prefs.js +++ b/src/modules/security-prefs.js @@ -16,19 +16,17 @@ let log = (level, msg) => logger.log(level, msg); // __kSecuritySettings__. // A table of all prefs bound to the security slider, and the value // for each security setting. Note that 2-m and 3-m are identical, -// corresponding to the old 2-medium-high setting. +// corresponding to the old 2-medium-high setting. We also separately +// bind NoScript settings to the extensions.torbutton.security_slider +// (see noscript-control.js). const kSecuritySettings = { // Preference name : [0, 1-high 2-m 3-m 4-low] "javascript.options.ion" : [, false, false, false, true ], "javascript.options.baselinejit" : [, false, false, false, true ], "javascript.options.native_regexp" : [, false, false, false, true ], - "noscript.forbidMedia" : [, true, true, true, false], "media.webaudio.enabled" : [, false, false, false, true ], "mathml.disabled" : [, true, true, true, false], "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], - "noscript.global" : [, false, false, false, true ], - "noscript.globalHttpsWhitelist" : [, false, true, true, false], - "noscript.forbidFonts" : [, true, false, false, false], "svg.in-content.enabled" : [, false, true, true, true ], };

1 0

[torbutton/master] Merge remote-tracking branch 'arthur/26128+1'
by gk＠torproject.org 19 Jun '18

19 Jun '18

commit 1e43e9c6ed448d9ca91235c38f5ea0b4d43c71cb Merge: 65b5371 3e1c144 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Jun 19 08:17:29 2018 +0000 Merge remote-tracking branch 'arthur/26128+1' src/chrome/content/torbutton.js | 2 + src/modules/noscript-control.js | 126 ++++++++++++++++++++++++++++++++++++++++ src/modules/security-prefs.js | 8 +-- 3 files changed, 131 insertions(+), 5 deletions(-)

1 0