Pier Angelo Vendrame pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 20e6bcfa by Pier Angelo Vendrame at 2023-11-14T22:14:32+00:00 Bug 1849186 - Add a preference not to expose the content title in the window title. r=Gijs,tabbrowser-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D190496 - - - - - 7d7f8a1f by Pier Angelo Vendrame at 2023-11-14T22:14:32+00:00 fixup! Firefox preference overrides. Bug 41988: Do not expose page titles in winow title - - - - - 4 changed files: - browser/app/profile/001-base-profile.js - browser/app/profile/firefox.js - browser/base/content/tabbrowser.js - browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -86,6 +86,12 @@ pref("browser.sessionstore.resume_from_crash", false); // Disable capturing thumbnails (tor-browser#41595) // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// tor-browser#41988: Remove page titles from window titles to prevent possible +// disk leaks, e.g., in system logs. +// For example, it happened that GNOME shell logged the window name that caused +// JS errors/unexpected conditions for unrelated issues. +pref("privacy.exposeContentTitleInWindow", false); +pref("privacy.exposeContentTitleInWindow.pbm", false); // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); ===================================== browser/app/profile/firefox.js ===================================== @@ -968,7 +968,7 @@ pref("privacy.panicButton.enabled", true); // Time until temporary permissions expire, in ms pref("privacy.temporary_permission_expire_time_ms", 3600000); -// Enables protection mechanism against password spoofing for cross domain auh requests +// Enables protection mechanism against password spoofing for cross domain auth requests // See bug 791594 pref("privacy.authPromptSpoofingProtection", true); @@ -2104,6 +2104,12 @@ pref("privacy.webrtc.sharedTabWarning", false); // before navigating to the actual meeting room page. Doesn't survive tab close. pref("privacy.webrtc.deviceGracePeriodTimeoutMs", 3600000); +// Enable including the content in the window title. +// PBM users might want to disable this to avoid a possible source of disk +// leaks. +pref("privacy.exposeContentTitleInWindow", true); +pref("privacy.exposeContentTitleInWindow.pbm", true); + // Start the browser in e10s mode pref("browser.tabs.remote.autostart", true); pref("browser.tabs.remote.desktopbehavior", true); ===================================== browser/base/content/tabbrowser.js ===================================== @@ -102,6 +102,18 @@ true ); }); + XPCOMUtils.defineLazyPreferenceGetter( + this, + "_shouldExposeContentTitle", + "privacy.exposeContentTitleInWindow", + true + ); + XPCOMUtils.defineLazyPreferenceGetter( + this, + "_shouldExposeContentTitlePbm", + "privacy.exposeContentTitleInWindow.pbm", + true + ); if (AppConstants.MOZ_CRASHREPORTER) { ChromeUtils.defineModuleGetter( @@ -1072,6 +1084,19 @@ getWindowTitleForBrowser(aBrowser) { let docElement = document.documentElement; let title = ""; + let dataSuffix = + docElement.getAttribute("privatebrowsingmode") == "temporary" + ? "Private" + : "Default"; + let defaultTitle = docElement.dataset["title" + dataSuffix]; + + if ( + !this._shouldExposeContentTitle || + (PrivateBrowsingUtils.isWindowPrivate(window) && + !this._shouldExposeContentTitlePbm) + ) { + return defaultTitle; + } // If location bar is hidden and the URL type supports a host, // add the scheme and host to the title to prevent spoofing. @@ -1109,10 +1134,6 @@ title += tab.getAttribute("label").replace(/\0/g, ""); } - let dataSuffix = - docElement.getAttribute("privatebrowsingmode") == "temporary" - ? "Private" - : "Default"; if (title) { // We're using a function rather than just using `title` as the // new substring to avoid `$$`, `$'` etc. having a special @@ -1125,7 +1146,7 @@ ); } - return docElement.dataset["title" + dataSuffix]; + return defaultTitle; }, updateTitlebar() { ===================================== browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js ===================================== @@ -107,4 +107,34 @@ add_task(async function test() { true, pb_about_pb_title ); + + await SpecialPowers.pushPrefEnv({ + set: [["privacy.exposeContentTitleInWindow.pbm", false]], + }); + await testTabTitle(await openWin(false), testPageURL, false, page_with_title); + await testTabTitle( + await openWin(true), + testPageURL, + true, + pb_page_without_title + ); + await SpecialPowers.pushPrefEnv({ + set: [ + ["privacy.exposeContentTitleInWindow", false], + ["privacy.exposeContentTitleInWindow.pbm", true], + ], + }); + await testTabTitle( + await openWin(false), + testPageURL, + false, + page_without_title + ); + // The generic preference set to false is intended to override the PBM one + await testTabTitle( + await openWin(true), + testPageURL, + true, + pb_page_without_title + ); }); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7853ced... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7853ced... You're receiving this email because of your account on gitlab.torproject.org.