GitLab

at 2025-08-18T13:29:21+02:00

Bug 672618 - Don't execute javascript: URLs on CTRL+click, middle-click etc. r=dao

Differential Revision: https://phabricator.services.mozilla.com/D256648

Bug 1701974 - Use x-kde-passwordManagerHint when copying private data to the clipboard. r=stransky

Differential Revision: https://phabricator.services.mozilla.com/D256781

Bug 1973900 - Remove support for the codebase attribute from <object>. r=farre,dom-core

Differential Revision: https://phabricator.services.mozilla.com/D254958

   E10SUtils: "resource://gre/modules/E10SUtils.sys.mjs",

 });

+XPCOMUtils.defineLazyPreferenceGetter(

+  lazy,

+  "autoscrollEnabled",

+  "general.autoScroll",

+  true

+);

+

+XPCOMUtils.defineLazyPreferenceGetter(

+  lazy,

+  "blockJavascript",

+  "browser.link.alternative_click.block_javascript",

+  true

+);

+

 export class MiddleMousePasteHandlerChild extends JSWindowActorChild {

   handleEvent(clickEvent) {

     if (

       clickEvent.defaultPrevented ||

       clickEvent.button != 1 ||

-      MiddleMousePasteHandlerChild.autoscrollEnabled

+      lazy.autoscrollEnabled

     ) {

       return;

     }

   }

 }

-XPCOMUtils.defineLazyPreferenceGetter(

-  MiddleMousePasteHandlerChild,

-  "autoscrollEnabled",

-  "general.autoScroll",

-  true

-);

-

 export class ClickHandlerChild extends JSWindowActorChild {

   handleEvent(wrapperEvent) {

     this.handleClickEvent(wrapperEvent.sourceEvent);

     };

     if (href && !isFromMiddleMousePasteHandler) {

+      if (

+        lazy.blockJavascript &&

+        Services.io.extractScheme(href) == "javascript"

+      ) {

+        // We don't want to open new tabs or windows for javascript: links.

+        return;

+      }

+

       try {

         Services.scriptSecurityManager.checkLoadURIStrWithPrincipal(

           principal,

   pref("browser.link.open_newwindow.disabled_in_fullscreen", false);

 #endif

+// If true, opening javscript: URLs using middle-click, CTRL+click etc. are blocked.

+pref("browser.link.alternative_click.block_javascript", true);

+

 // Tabbed browser

 pref("browser.tabs.closeTabByDblclick", false);

 pref("browser.tabs.closeWindowWithLastTab", true);

  * we use the correct principal, and we don't clear the URL bar.

  */

 add_task(async function () {

+  await SpecialPowers.pushPrefEnv({

+    set: [["browser.link.alternative_click.block_javascript", false]],

+  });

+

   await BrowserTestUtils.withNewTab(kURL, async function (browser) {

     let newTabPromise = BrowserTestUtils.waitForNewTab(gBrowser);

     await SpecialPowers.spawn(browser, [], async function () {

 support-files = [

   "file_contentAreaClick_subframe_javascript.html"

 ]

+

+["browser_javascript_links.js"]

+support-files = [

+  "file_javascript_links_subframe.html"

+]
 const IFRAME_FILE = "file_contentAreaClick_subframe_javascript.html";

 add_task(async function () {

+  await SpecialPowers.pushPrefEnv({

+    set: [["browser.link.alternative_click.block_javascript", false]],

+  });

+

   await BrowserTestUtils.withNewTab(

     `data:text/html,<iframe src="${gExampleComRoot + IFRAME_FILE}"></iframe>`,

     async browser => {

+/* Any copyright is dedicated to the Public Domain.

+ * http://creativecommons.org/publicdomain/zero/1.0/ */

+

+"use strict";

+

+const TEST_PATH = getRootDirectory(gTestPath).replace(

+  "chrome://mochitests/content/",

+  "https://example.com/"

+);

+const IFRAME_PATH = TEST_PATH + "file_javascript_links_subframe.html";

+

+add_setup(async function () {

+  await SpecialPowers.pushPrefEnv({

+    set: [

+      ["browser.link.alternative_click.block_javascript", true],

+      ["browser.tabs.opentabfor.middleclick", true],

+      ["middlemouse.paste", false],

+      ["middlemouse.contentLoadURL", false],

+      ["general.autoScroll", false],

+    ],

+  });

+});

+

+add_task(async function () {

+  await BrowserTestUtils.withNewTab(

+    `data:text/html,<a href="javascript:alert(1);">click me`,

+    async browser => {

+      await BrowserTestUtils.synthesizeMouseAtCenter(

+        "a",

+        { button: 0, ctrlKey: true, metaKey: true },

+        browser

+      );

+      is(

+        gBrowser.tabs.length,

+        2,

+        "Accel+click on javascript: link shouldn't open a new tab"

+      );

+

+      await BrowserTestUtils.synthesizeMouseAtCenter(

+        "a",

+        { button: 1 },

+        browser

+      );

+      is(

+        gBrowser.tabs.length,

+        2,

+        "Middle click on javascript: link shouldn't open a new tab"

+      );

+

+      await BrowserTestUtils.synthesizeMouseAtCenter(

+        "a",

+        { button: 0, shiftKey: true },

+        browser

+      );

+      // This is fragile and might miss the new window, but the test will fail

+      // anyway when finishing with an extra window left behind.

+      // eslint-disable-next-line mozilla/no-arbitrary-setTimeout

+      await new Promise(resolve => setTimeout(resolve, 200));

+      is(

+        BrowserWindowTracker.windowCount,

+        1,

+        "Shift+click on javascript: link shouldn't open a new window"

+      );

+    }

+  );

+});

+

+add_task(async function iframe_link() {

+  await BrowserTestUtils.withNewTab(

+    `data:text/html,<iframe src="${IFRAME_PATH}"></iframe>`,

+    async browser => {

+      // ctrl/cmd-click the link in the subframe.

+      await BrowserTestUtils.synthesizeMouseAtCenter(

+        "a",

+        { ctrlKey: true, metaKey: true },

+        browser.browsingContext.children[0]

+      );

+

+      // eslint-disable-next-line mozilla/no-arbitrary-setTimeout

+      await new Promise(resolve => setTimeout(resolve, 200));

+      is(

+        gBrowser.tabs.length,

+        2,

+        "Click on javascript: link in iframe shouldn't open a new tab"

+      );

+    }

+  );

+});
+<!DOCTYPE html>

+<a href="javascript:alert(1)">click me
 #include "mozilla/PresShell.h"

 #include "mozilla/ProfilerLabels.h"

 #include "mozilla/StaticPrefs_browser.h"

+#include "mozilla/StaticPrefs_dom.h"

 #include "nsChannelClassifier.h"

 #include "nsFocusManager.h"

 #include "ReferrerInfo.h"

   /// Codebase

   ///

-  nsAutoString codebaseStr;

   nsIURI* docBaseURI = el->GetBaseURI();

-  el->GetAttr(nsGkAtoms::codebase, codebaseStr);

-  if (!codebaseStr.IsEmpty()) {

+  nsAutoString codebaseStr;

+  el->GetAttr(nsGkAtoms::codebase, codebaseStr);

+  if (StaticPrefs::dom_object_embed_codebase_enabled() &&

+      !codebaseStr.IsEmpty()) {

     rv = nsContentUtils::NewURIWithDocumentCharset(

         getter_AddRefs(newBaseURI), codebaseStr, el->OwnerDoc(), docBaseURI);

     if (NS_FAILED(rv)) {

   value: true

   mirror: always

+# Whether the codebase attribute in an <object> is used as the base URI.

+- name: dom.object_embed.codebase.enabled

+  type: bool

+  value: false

+  mirror: always

+

 # Whether origin trials are enabled.

 - name: dom.origin-trials.enabled

   type: bool

   obj.onerror = t.unreached_func();

   document.body.appendChild(obj);

 }, "object's typemustmatch content attribute should not be supported");

+

+async_test(t => {

+  const obj = document.createElement("object");

+  t.add_cleanup(() => obj.remove());

+  obj.setAttribute("data", "/common/blank.html");

+  obj.setAttribute("codebase", "https://test.invalid/");

+  obj.onload = t.step_func_done(() => {

+    assert_not_equals(obj.contentDocument, null, "/common/blank.html should be loaded");

+    assert_equals(obj.contentDocument.location.origin, location.origin, "document should be loaded with current origin as base");

+  });

+  obj.onerror = t.unreached_func();

+  document.body.appendChild(obj);

+}, "object's codebase content attribute should not be supported");

 </script>

 static const char kURIListMime[] = "text/uri-list";

+// MIME to exclude sensitive data (password) from the clipboard history on not

+// just KDE.

+static const char kKDEPasswordManagerHintMime[] = "x-kde-passwordManagerHint";

+

 MOZ_CONSTINIT ClipboardTargets nsRetrievalContext::sClipboardTargets;

 MOZ_CONSTINIT ClipboardTargets nsRetrievalContext::sPrimaryTargets;

     gtk_target_list_add(list, atom, 0, 0);

   }

+  // Try to exclude private data from clipboard history.

+  if (aTransferable->GetIsPrivateData()) {

+    GdkAtom atom = gdk_atom_intern(kKDEPasswordManagerHintMime, FALSE);

+    gtk_target_list_add(list, atom, 0, 0);

+  }

+

   // Get GTK clipboard (CLIPBOARD or PRIMARY)

   GtkClipboard* gtkClipboard =

       gtk_clipboard_get(GetSelectionAtom(aWhichClipboard));

     return;

   }

+  if (selectionTarget == gdk_atom_intern(kKDEPasswordManagerHintMime, FALSE)) {

+    if (!trans->GetIsPrivateData()) {

+      MOZ_CLIPBOARD_LOG(

+          "  requested %s, but the data isn't actually private!\n",

+          kKDEPasswordManagerHintMime);

+      return;

+    }

+

+    static const char* kSecret = "secret";

+    MOZ_CLIPBOARD_LOG("  Setting data to '%s' for %s\n", kSecret,

+                      kKDEPasswordManagerHintMime);

+    gtk_selection_data_set(aSelectionData, selectionTarget, 8,

+                           (const guchar*)kSecret, strlen(kSecret));

+    return;

+  }

+

   MOZ_CLIPBOARD_LOG("  Try if we have anything at GetTransferData() for %s\n",

                     GUniquePtr<gchar>(gdk_atom_name(selectionTarget)).get());

ma1 pushed to branch base-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser

Commits:

11 changed files:

Changes: