GitLab

at 2025-08-18T13:27:42+02:00

Bug 672618 - Don't execute javascript: URLs on CTRL+click, middle-click etc. r=dao

Differential Revision: https://phabricator.services.mozilla.com/D256648

BB 44100: cherry-picked except tests

Bug 1701974 - Use x-kde-passwordManagerHint when copying private data to the clipboard. r=stransky

Differential Revision: https://phabricator.services.mozilla.com/D256781

Bug 1973900 - Remove support for the codebase attribute from <object>. r=farre,dom-core

Differential Revision: https://phabricator.services.mozilla.com/D254958

Bug 1979955 - ensure transaction is alive (for ESR140),  a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D260484

   E10SUtils: "resource://gre/modules/E10SUtils.sys.mjs",

 });

+XPCOMUtils.defineLazyPreferenceGetter(

+  lazy,

+  "autoscrollEnabled",

+  "general.autoScroll",

+  true

+);

+

+XPCOMUtils.defineLazyPreferenceGetter(

+  lazy,

+  "blockJavascript",

+  "browser.link.alternative_click.block_javascript",

+  true

+);

+

 export class MiddleMousePasteHandlerChild extends JSWindowActorChild {

   handleEvent(clickEvent) {

     if (

       clickEvent.defaultPrevented ||

       clickEvent.button != 1 ||

-      MiddleMousePasteHandlerChild.autoscrollEnabled

+      lazy.autoscrollEnabled

     ) {

       return;

     }

   }

 }

-XPCOMUtils.defineLazyPreferenceGetter(

-  MiddleMousePasteHandlerChild,

-  "autoscrollEnabled",

-  "general.autoScroll",

-  true

-);

-

 export class ClickHandlerChild extends JSWindowActorChild {

   handleEvent(wrapperEvent) {

     this.handleClickEvent(wrapperEvent.sourceEvent);

     };

     if (href && !isFromMiddleMousePasteHandler) {

+      if (

+        lazy.blockJavascript &&

+        Services.io.extractScheme(href) == "javascript"

+      ) {

+        // We don't want to open new tabs or windows for javascript: links.

+        return;

+      }

+

       try {

         Services.scriptSecurityManager.checkLoadURIStrWithPrincipal(

           principal,

   pref("browser.link.open_newwindow.disabled_in_fullscreen", false);

 #endif

+// If true, opening javscript: URLs using middle-click, CTRL+click etc. are blocked.

+pref("browser.link.alternative_click.block_javascript", true);

+

 // Tabbed browser

 pref("browser.tabs.closeTabByDblclick", false);

 pref("browser.tabs.closeWindowWithLastTab", true);

 #include "mozilla/PresShell.h"

 #include "mozilla/ProfilerLabels.h"

 #include "mozilla/StaticPrefs_browser.h"

+#include "mozilla/StaticPrefs_dom.h"

 #include "nsChannelClassifier.h"

 #include "nsFocusManager.h"

 #include "ReferrerInfo.h"

   /// Codebase

   ///

-  nsAutoString codebaseStr;

   nsIURI* docBaseURI = el->GetBaseURI();

-  el->GetAttr(nsGkAtoms::codebase, codebaseStr);

-  if (!codebaseStr.IsEmpty()) {

+  nsAutoString codebaseStr;

+  el->GetAttr(nsGkAtoms::codebase, codebaseStr);

+  if (StaticPrefs::dom_object_embed_codebase_enabled() &&

+      !codebaseStr.IsEmpty()) {

     rv = nsContentUtils::NewURIWithDocumentCharset(

         getter_AddRefs(newBaseURI), codebaseStr, el->OwnerDoc(), docBaseURI);

     if (NS_FAILED(rv)) {

   value: true

   mirror: always

+# Whether the codebase attribute in an <object> is used as the base URI.

+- name: dom.object_embed.codebase.enabled

+  type: bool

+  value: false

+  mirror: always

+

 # Whether origin trials are enabled.

 - name: dom.origin-trials.enabled

   type: bool

           }

           LOG(("  writing transaction request stream\n"));

-          rv = mTransaction->ReadSegmentsAgain(this,

-                                               nsIOService::gDefaultSegmentSize,

-                                               &transactionBytes, &again);

+          RefPtr<nsAHttpTransaction> transaction = mTransaction;

+          rv = transaction->ReadSegmentsAgain(this,

+                                              nsIOService::gDefaultSegmentSize,

+                                              &transactionBytes, &again);

           if (mTlsHandshaker->EarlyDataUsed()) {

             mContentBytesWritten0RTT += transactionBytes;

             if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) {

          static_cast<uint32_t>(mSocketOutCondition), again));

     // XXX some streams return NS_BASE_STREAM_CLOSED to indicate EOF.

-    if (rv == NS_BASE_STREAM_CLOSED && !mTransaction->IsDone()) {

+    if (rv == NS_BASE_STREAM_CLOSED &&

+        (mTransaction && !mTransaction->IsDone())) {

       rv = NS_OK;

       transactionBytes = 0;

     }

       // When Spdy tunnel is used we need to explicitly set when a request is

       // done.

       if ((mState != HttpConnectionState::SETTING_UP_TUNNEL) && !mSpdySession) {

-        nsHttpTransaction* trans = mTransaction->QueryHttpTransaction();

+        nsHttpTransaction* trans =

+            mTransaction ? mTransaction->QueryHttpTransaction() : nullptr;

         // needed for websocket over h2 (direct)

         if (!trans || !trans->IsWebsocketUpgrade()) {

           mRequestDone = true;

       rv = NS_ERROR_FAILURE;

       LOG(("  No Transaction In OnSocketWritable\n"));

     } else {

-      rv = mTransaction->WriteSegmentsAgain(

+      RefPtr<nsAHttpTransaction> transaction = mTransaction;

+      rv = transaction->WriteSegmentsAgain(

           this, nsIOService::gDefaultSegmentSize, &n, &again);

     }

     LOG(("nsHttpConnection::OnSocketReadable %p trans->ws rv=%" PRIx32

   obj.onerror = t.unreached_func();

   document.body.appendChild(obj);

 }, "object's typemustmatch content attribute should not be supported");

+

+async_test(t => {

+  const obj = document.createElement("object");

+  t.add_cleanup(() => obj.remove());

+  obj.setAttribute("data", "/common/blank.html");

+  obj.setAttribute("codebase", "https://test.invalid/");

+  obj.onload = t.step_func_done(() => {

+    assert_not_equals(obj.contentDocument, null, "/common/blank.html should be loaded");

+    assert_equals(obj.contentDocument.location.origin, location.origin, "document should be loaded with current origin as base");

+  });

+  obj.onerror = t.unreached_func();

+  document.body.appendChild(obj);

+}, "object's codebase content attribute should not be supported");

 </script>

 static const char kURIListMime[] = "text/uri-list";

+// MIME to exclude sensitive data (password) from the clipboard history on not

+// just KDE.

+static const char kKDEPasswordManagerHintMime[] = "x-kde-passwordManagerHint";

+

 ClipboardTargets nsRetrievalContext::sClipboardTargets;

 ClipboardTargets nsRetrievalContext::sPrimaryTargets;

     gtk_target_list_add(list, atom, 0, 0);

   }

+  // Try to exclude private data from clipboard history.

+  if (aTransferable->GetIsPrivateData()) {

+    GdkAtom atom = gdk_atom_intern(kKDEPasswordManagerHintMime, FALSE);

+    gtk_target_list_add(list, atom, 0, 0);

+  }

+

   // Get GTK clipboard (CLIPBOARD or PRIMARY)

   GtkClipboard* gtkClipboard =

       gtk_clipboard_get(GetSelectionAtom(aWhichClipboard));

     return;

   }

+  if (selectionTarget == gdk_atom_intern(kKDEPasswordManagerHintMime, FALSE)) {

+    if (!trans->GetIsPrivateData()) {

+      MOZ_CLIPBOARD_LOG(

+          "  requested %s, but the data isn't actually private!\n",

+          kKDEPasswordManagerHintMime);

+      return;

+    }

+

+    static const char* kSecret = "secret";

+    MOZ_CLIPBOARD_LOG("  Setting data to '%s' for %s\n", kSecret,

+                      kKDEPasswordManagerHintMime);

+    gtk_selection_data_set(aSelectionData, selectionTarget, 8,

+                           (const guchar*)kSecret, strlen(kSecret));

+    return;

+  }

+

   MOZ_CLIPBOARD_LOG("  Try if we have anything at GetTransferData() for %s\n",

                     GUniquePtr<gchar>(gdk_atom_name(selectionTarget)).get());

ma1 pushed to branch base-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser

Commits:

7 changed files:

Changes: