[torbutton/master] Bug #8313: Display confirmation dialog when plugins are enabled. - tor-commits

2 Mar 2013

commit 3e60662212bb2e08c986fb7e31eed9c6f95864e0
Author: Mike Perry mikeperry-git@fscked.org
Date:   Fri Mar 1 20:45:25 2013 -0800
Bug #8313: Display confirmation dialog when plugins are enabled.
We made them way easier to enable with #3100. We should at least warn people
    before we let them do it.
---
 src/chrome/content/torbutton.js           |   71 ++++++++++++++++++++++++++++-
 src/chrome/locale/en/torbutton.properties |    3 +
 src/defaults/preferences/preferences.js   |    1 +
 3 files changed, 74 insertions(+), 1 deletions(-)

diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index 8dd8256..96e2a7b 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -95,6 +95,11 @@ var torbutton_unique_pref_observer =
         this._branch.addObserver("network.proxy", this, false);
         this._branch.addObserver("network.cookie", this, false);
         this._branch.addObserver("browser.privatebrowsing.autostart", this, false);
+
+        // We observe xpcom-category-entry-added for plugins w/ Gecko-Content-Viewers
+        var observerService = Cc["@mozilla.org/observer-service;1"].
+            getService(Ci.nsIObserverService);
+        observerService.addObserver(this, "xpcom-category-entry-added", false);
     },
unregister: function()
@@ -104,6 +109,10 @@ var torbutton_unique_pref_observer =
         this._branch.removeObserver("network.proxy", this);
         this._branch.removeObserver("network.cookie", this);
         this._branch.removeObserver("browser.privatebrowsing.autostart", this);
+
+        var observerService = Cc["@mozilla.org/observer-service;1"].
+            getService(Ci.nsIObserverService);
+        observerService.removeObserver(this, "xpcom-category-entry-added");
     },
// topic:   what event occurred
@@ -111,7 +120,18 @@ var torbutton_unique_pref_observer =
     // data:    which pref has been changed (relative to subject)
     observe: function(subject, topic, data)
     {
+        if (topic == "xpcom-category-entry-added") {
+          // Hrmm. should we inspect subject too? it's just mime type..
+          subject.QueryInterface(Ci.nsISupportsCString);
+          if (data == "Gecko-Content-Viewers" &&
+              m_tb_prefs.getBoolPref("extensions.torbutton.confirm_plugins")) {
+             torbutton_confirm_plugins();
+          }
+          return;
+        }
+ 
         if (topic != "nsPref:changed") return;
+
         switch (data) {
             case "network.proxy.http":
             case "network.proxy.http_port":
@@ -477,6 +497,54 @@ function torbutton_prompt_for_language_preference() {
   m_tb_prefs.setBoolPref("extensions.torbutton.prompted_language", true);
 }
+function torbutton_confirm_plugins() {
+  var prompts = Cc["@mozilla.org/embedcomp/prompt-service;1"]
+      .getService(Components.interfaces.nsIPromptService);
+
+  // Display two buttons, both with string titles.
+  var flags = prompts.STD_YES_NO_BUTTONS + prompts.BUTTON_DELAY_ENABLE;
+      
+  var strings = torbutton_get_stringbundle();
+  var message = strings.GetStringFromName("torbutton.popup.confirm_plugins");
+  var askAgainText = strings.GetStringFromName("torbutton.popup.never_ask_again");
+  var askAgain = {value: false};
+
+  var no_plugins = (prompts.confirmEx(null, "", message, flags, null, null, null,
+      askAgainText, askAgain) == 1);
+
+  m_tb_prefs.setBoolPref("extensions.torbutton.confirm_plugins", !askAgain.value);
+
+  // The pref observer for no_tor_plugins will set the appropriate plugin state.
+  // So, we only touch the pref if it has changed.
+  if (no_plugins != 
+      m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins"))
+    m_tb_prefs.setBoolPref("extensions.torbutton.no_tor_plugins", no_plugins);
+  else
+    torbutton_toggle_plugins(no_plugins);
+
+  // Now, if any tabs were open to about:addons, reload them. Our popup
+  // messed up that page.
+  var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+                     .getService(Components.interfaces.nsIWindowMediator);
+  var browserEnumerator = wm.getEnumerator("navigator:browser");
+ 
+  // Check each browser instance for our URL
+  while (browserEnumerator.hasMoreElements()) {
+    var browserWin = browserEnumerator.getNext();
+    var tabbrowser = browserWin.gBrowser;
+ 
+    // Check each tab of this browser instance
+    var numTabs = tabbrowser.browsers.length;
+    for (var index = 0; index < numTabs; index++) {
+      var currentBrowser = tabbrowser.getBrowserAtIndex(index);
+      if ("about:addons" == currentBrowser.currentURI.spec) {
+        torbutton_log(5, "Got browser: "+currentBrowser.currentURI.spec);
+        currentBrowser.reload();
+      }
+    }
+  }
+}
+
 function torbutton_inform_about_tbb() {
   var prompts = Cc["@mozilla.org/embedcomp/prompt-service;1"]
       .getService(Components.interfaces.nsIPromptService);
@@ -1399,7 +1467,8 @@ function torbutton_toggle_plugins(disable_plugins) {
     var PH=Cc["@mozilla.org/plugin/host;1"].getService(Ci.nsIPluginHost);
     var P=PH.getPluginTags({});
     for(var i=0; i<P.length; i++) {
-        P[i].disabled=disable_plugins;
+        if (P[i].disabled != disable_plugins)
+          P[i].disabled=disable_plugins;
     }
   }
 }
diff --git a/src/chrome/locale/en/torbutton.properties b/src/chrome/locale/en/torbutton.properties
index f4a8036..e7ade8e 100644
--- a/src/chrome/locale/en/torbutton.properties
+++ b/src/chrome/locale/en/torbutton.properties
@@ -44,6 +44,9 @@ torbutton.title.prompt_torbrowser = Important Torbutton Information
 torbutton.popup.prompt_torbrowser = Torbutton works differently now: you can't turn it off any more.\n\nWe made this change because it isn't safe to use Torbutton in a browser that's also used for non-Tor browsing. There were too many bugs there that we couldn't fix any other way.\n\nIf you want to keep using Firefox normally, you should uninstall Torbutton and download Tor Browser Bundle. The privacy properties of Tor Browser are also superior to those of normal Firefox, even when Firefox is used with Torbutton.\n\nTo remove Torbutton, go to Tools->Addons->Extensions and then click the Remove button next to Torbutton.
 torbutton.popup.short_torbrowser = Important Torbutton Information!\n\nTorbutton is now always enabled.\n\nClick on the Torbutton for more information.
+torbutton.popup.confirm_plugins = Plugins such as Flash can harm your privacy and can bypass Tor to reveal your current IP address.\n\nAre you sure you want to enable plugins?\n\n
+torbutton.popup.never_ask_again = Never ask me again
+
 # Canvas permission prompt. Strings are kept here for ease of translation.
 canvas.siteprompt=This website (%S) attempted to access image data on a canvas. Since canvas image data can be used to discover information about your computer, blank image data was returned this time.
 canvas.allow=Allow in the Future
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index 4f81acc..c5cf4d4 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -217,3 +217,4 @@ pref("extensions.torbutton.safecache",1); // 0=always, 1=during tor, 2=never
 pref("extensions.torbutton.dual_key_cookies",false);
 pref("extensions.torbutton.cookie_js_allow", true);
 pref("extensions.torbutton.prompt_torbrowser", true);
+pref("extensions.torbutton.confirm_plugins", true);

    