commit 2f7c7fe8561b34da7107f0e5774bc91748dc6953 Author: Mike Perry <mikeperry-git@fscked.org> Date: Tue Mar 1 01:57:19 2011 -0800 Fix bug #1999: Disable tor urls by default Fixing these will be too problematic for 1.4.x. We'll block on this bug forever otherwise. We throw an unknown protocol exception if this pref is set to prevent fingerprinting with this technique: http://pseudo-flaw.net/tor/torbutton/scan-protocol-handlers.html --- src/components/tor-protocol.js | 8 ++++++-- src/components/tors-protocol.js | 8 ++++++-- src/defaults/preferences/preferences.js | 1 + 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/components/tor-protocol.js b/src/components/tor-protocol.js index e8bb68e..5bd27e3 100644 --- a/src/components/tor-protocol.js +++ b/src/components/tor-protocol.js @@ -48,12 +48,16 @@ Protocol.prototype = newChannel: function(aURI) { + var prefs = Components.classes["@mozilla.org/preferences-service;1"] + .getService(Components.interfaces.nsIPrefBranch); + if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) { + throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL; + } + /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of http.*/ var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService); var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"] .getService(Components.interfaces.nsIPromptService); - var prefs = Components.classes["@mozilla.org/preferences-service;1"] - .getService(Components.interfaces.nsIPrefBranch); var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled"); var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] .getService(Components.interfaces.nsIWindowMediator); diff --git a/src/components/tors-protocol.js b/src/components/tors-protocol.js index ca82b47..8f02da8 100644 --- a/src/components/tors-protocol.js +++ b/src/components/tors-protocol.js @@ -48,12 +48,16 @@ Protocol.prototype = newChannel: function(aURI) { + var prefs = Components.classes["@mozilla.org/preferences-service;1"] + .getService(Components.interfaces.nsIPrefBranch); + if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) { + throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL; + } + /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of https.*/ var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService); var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"] .getService(Components.interfaces.nsIPromptService); - var prefs = Components.classes["@mozilla.org/preferences-service;1"] - .getService(Components.interfaces.nsIPrefBranch); var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled"); var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] .getService(Components.interfaces.nsIWindowMediator); diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js index 3d4eac7..f12e849 100644 --- a/src/defaults/preferences/preferences.js +++ b/src/defaults/preferences/preferences.js @@ -164,6 +164,7 @@ pref("extensions.torbutton.fakerefresh", false); pref("extensions.torbutton.customeref",""); pref("extensions.torbutton.disable_livemarks",true); pref("extensions.torbutton.update_torbutton_via_tor",true); +pref("extensions.torbutton.tor_urls",false); // Opt out of Firefox addon pings: // https://developer.mozilla.org/en/Addons/Working_with_AMO pref("extensions.e0204bd5-9d31-402b-a99d-a6aa8ffebdca.getAddons.cache.enabled", false);