ma1 pushed to branch tor-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 7eff61f4 by Tom Schuster at 2025-08-17T23:15:21+02:00 Bug 672618 - Don't execute javascript: URLs on CTRL+click, middle-click etc. r=dao Differential Revision: https://phabricator.services.mozilla.com/D256648 BB 44100: cherry-picked except tests - - - - - 68a8c0b1 by Tom Schuster at 2025-08-17T23:44:16+02:00 Bug 1701974 - Use x-kde-passwordManagerHint when copying private data to the clipboard. r=stransky Differential Revision: https://phabricator.services.mozilla.com/D256781 - - - - - c97ea93d by Tom Schuster at 2025-08-18T10:06:51+02:00 Bug 1973900 - Remove support for the codebase attribute from <object>. r=farre,dom-core Differential Revision: https://phabricator.services.mozilla.com/D254958 - - - - - c5a292c1 by Kershaw Chang at 2025-08-18T10:30:17+02:00 Bug 1979955 - ensure transaction is alive (for ESR140), a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260484 - - - - - 7 changed files: - browser/actors/ClickHandlerChild.sys.mjs - browser/app/profile/firefox.js - dom/base/nsObjectLoadingContent.cpp - modules/libpref/init/StaticPrefList.yaml - netwerk/protocol/http/nsHttpConnection.cpp - testing/web-platform/tests/html/semantics/embedded-content/the-object-element/historical.html - widget/gtk/nsClipboard.cpp Changes: ===================================== browser/actors/ClickHandlerChild.sys.mjs ===================================== @@ -12,12 +12,26 @@ ChromeUtils.defineESModuleGetters(lazy, { E10SUtils: "resource://gre/modules/E10SUtils.sys.mjs", }); +XPCOMUtils.defineLazyPreferenceGetter( + lazy, + "autoscrollEnabled", + "general.autoScroll", + true +); + +XPCOMUtils.defineLazyPreferenceGetter( + lazy, + "blockJavascript", + "browser.link.alternative_click.block_javascript", + true +); + export class MiddleMousePasteHandlerChild extends JSWindowActorChild { handleEvent(clickEvent) { if ( clickEvent.defaultPrevented || clickEvent.button != 1 || - MiddleMousePasteHandlerChild.autoscrollEnabled + lazy.autoscrollEnabled ) { return; } @@ -34,13 +48,6 @@ export class MiddleMousePasteHandlerChild extends JSWindowActorChild { } } -XPCOMUtils.defineLazyPreferenceGetter( - MiddleMousePasteHandlerChild, - "autoscrollEnabled", - "general.autoScroll", - true -); - export class ClickHandlerChild extends JSWindowActorChild { handleEvent(wrapperEvent) { this.handleClickEvent(wrapperEvent.sourceEvent); @@ -112,6 +119,14 @@ export class ClickHandlerChild extends JSWindowActorChild { }; if (href && !isFromMiddleMousePasteHandler) { + if ( + lazy.blockJavascript && + Services.io.extractScheme(href) == "javascript" + ) { + // We don't want to open new tabs or windows for javascript: links. + return; + } + try { Services.scriptSecurityManager.checkLoadURIStrWithPrincipal( principal, ===================================== browser/app/profile/firefox.js ===================================== @@ -880,6 +880,9 @@ pref("browser.link.open_newwindow.restriction", 2); pref("browser.link.open_newwindow.disabled_in_fullscreen", false); #endif +// If true, opening javscript: URLs using middle-click, CTRL+click etc. are blocked. +pref("browser.link.alternative_click.block_javascript", true); + // Tabbed browser pref("browser.tabs.closeTabByDblclick", false); pref("browser.tabs.closeWindowWithLastTab", true); ===================================== dom/base/nsObjectLoadingContent.cpp ===================================== @@ -73,6 +73,7 @@ #include "mozilla/PresShell.h" #include "mozilla/ProfilerLabels.h" #include "mozilla/StaticPrefs_browser.h" +#include "mozilla/StaticPrefs_dom.h" #include "nsChannelClassifier.h" #include "nsFocusManager.h" #include "ReferrerInfo.h" @@ -720,11 +721,12 @@ nsObjectLoadingContent::UpdateObjectParameters() { /// Codebase /// - nsAutoString codebaseStr; nsIURI* docBaseURI = el->GetBaseURI(); - el->GetAttr(nsGkAtoms::codebase, codebaseStr); - if (!codebaseStr.IsEmpty()) { + nsAutoString codebaseStr; + el->GetAttr(nsGkAtoms::codebase, codebaseStr); + if (StaticPrefs::dom_object_embed_codebase_enabled() && + !codebaseStr.IsEmpty()) { rv = nsContentUtils::NewURIWithDocumentCharset( getter_AddRefs(newBaseURI), codebaseStr, el->OwnerDoc(), docBaseURI); if (NS_FAILED(rv)) { ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -3214,6 +3214,12 @@ value: true mirror: always +# Whether the codebase attribute in an <object> is used as the base URI. +- name: dom.object_embed.codebase.enabled + type: bool + value: false + mirror: always + # Whether origin trials are enabled. - name: dom.origin-trials.enabled type: bool ===================================== netwerk/protocol/http/nsHttpConnection.cpp ===================================== @@ -1663,9 +1663,10 @@ nsresult nsHttpConnection::OnSocketWritable() { } LOG((" writing transaction request stream\n")); - rv = mTransaction->ReadSegmentsAgain(this, - nsIOService::gDefaultSegmentSize, - &transactionBytes, &again); + RefPtr<nsAHttpTransaction> transaction = mTransaction; + rv = transaction->ReadSegmentsAgain(this, + nsIOService::gDefaultSegmentSize, + &transactionBytes, &again); if (mTlsHandshaker->EarlyDataUsed()) { mContentBytesWritten0RTT += transactionBytes; if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) { @@ -1688,7 +1689,8 @@ nsresult nsHttpConnection::OnSocketWritable() { static_cast<uint32_t>(mSocketOutCondition), again)); // XXX some streams return NS_BASE_STREAM_CLOSED to indicate EOF. - if (rv == NS_BASE_STREAM_CLOSED && !mTransaction->IsDone()) { + if (rv == NS_BASE_STREAM_CLOSED && + (mTransaction && !mTransaction->IsDone())) { rv = NS_OK; transactionBytes = 0; } @@ -1731,7 +1733,8 @@ nsresult nsHttpConnection::OnSocketWritable() { // When Spdy tunnel is used we need to explicitly set when a request is // done. if ((mState != HttpConnectionState::SETTING_UP_TUNNEL) && !mSpdySession) { - nsHttpTransaction* trans = mTransaction->QueryHttpTransaction(); + nsHttpTransaction* trans = + mTransaction ? mTransaction->QueryHttpTransaction() : nullptr; // needed for websocket over h2 (direct) if (!trans || !trans->IsWebsocketUpgrade()) { mRequestDone = true; @@ -1835,7 +1838,8 @@ nsresult nsHttpConnection::OnSocketReadable() { rv = NS_ERROR_FAILURE; LOG((" No Transaction In OnSocketWritable\n")); } else { - rv = mTransaction->WriteSegmentsAgain( + RefPtr<nsAHttpTransaction> transaction = mTransaction; + rv = transaction->WriteSegmentsAgain( this, nsIOService::gDefaultSegmentSize, &n, &again); } LOG(("nsHttpConnection::OnSocketReadable %p trans->ws rv=%" PRIx32 ===================================== testing/web-platform/tests/html/semantics/embedded-content/the-object-element/historical.html ===================================== @@ -30,4 +30,17 @@ async_test(t => { obj.onerror = t.unreached_func(); document.body.appendChild(obj); }, "object's typemustmatch content attribute should not be supported"); + +async_test(t => { + const obj = document.createElement("object"); + t.add_cleanup(() => obj.remove()); + obj.setAttribute("data", "/common/blank.html"); + obj.setAttribute("codebase", "https://test.invalid/"); + obj.onload = t.step_func_done(() => { + assert_not_equals(obj.contentDocument, null, "/common/blank.html should be loaded"); + assert_equals(obj.contentDocument.location.origin, location.origin, "document should be loaded with current origin as base"); + }); + obj.onerror = t.unreached_func(); + document.body.appendChild(obj); +}, "object's codebase content attribute should not be supported"); </script> ===================================== widget/gtk/nsClipboard.cpp ===================================== @@ -66,6 +66,10 @@ static const char kHTMLMarkupPrefix[] = static const char kURIListMime[] = "text/uri-list"; +// MIME to exclude sensitive data (password) from the clipboard history on not +// just KDE. +static const char kKDEPasswordManagerHintMime[] = "x-kde-passwordManagerHint"; + ClipboardTargets nsRetrievalContext::sClipboardTargets; ClipboardTargets nsRetrievalContext::sPrimaryTargets; @@ -323,6 +327,12 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, gtk_target_list_add(list, atom, 0, 0); } + // Try to exclude private data from clipboard history. + if (aTransferable->GetIsPrivateData()) { + GdkAtom atom = gdk_atom_intern(kKDEPasswordManagerHintMime, FALSE); + gtk_target_list_add(list, atom, 0, 0); + } + // Get GTK clipboard (CLIPBOARD or PRIMARY) GtkClipboard* gtkClipboard = gtk_clipboard_get(GetSelectionAtom(aWhichClipboard)); @@ -1313,6 +1323,22 @@ void nsClipboard::SelectionGetEvent(GtkClipboard* aClipboard, return; } + if (selectionTarget == gdk_atom_intern(kKDEPasswordManagerHintMime, FALSE)) { + if (!trans->GetIsPrivateData()) { + MOZ_CLIPBOARD_LOG( + " requested %s, but the data isn't actually private!\n", + kKDEPasswordManagerHintMime); + return; + } + + static const char* kSecret = "secret"; + MOZ_CLIPBOARD_LOG(" Setting data to '%s' for %s\n", kSecret, + kKDEPasswordManagerHintMime); + gtk_selection_data_set(aSelectionData, selectionTarget, 8, + (const guchar*)kSecret, strlen(kSecret)); + return; + } + MOZ_CLIPBOARD_LOG(" Try if we have anything at GetTransferData() for %s\n", GUniquePtr<gchar>(gdk_atom_name(selectionTarget)).get()); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/44c35e6... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/44c35e6... You're receiving this email because of your account on gitlab.torproject.org.