[tor-bugs] #3547 [Tor Browser]: Disable all plugins but flash
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Aug 23 19:35:54 UTC 2011
#3547: Disable all plugins but flash
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor Browser | Version:
Keywords: | Parent: #2871
Points: 8 | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by mikeperry):
In terms of creating a diff with the minimum possibility for conflicts,
the place to hack is nsPluginFile::GetPluginInfo(). This function is the
function that assembles info about the plugin *and* loads it.
In a sane world, we could safely refactor this function into two pieces:
one that gets all the basic info before actually loading the library into
the process space, and one that loads the plugin to get the rest of the
info. We could then call the blocklist service in between these two calls.
However, this is likely to hit conflicts in future Firefox versions unless
it is merged immediately.
The dirty hack then is create a function that we call from
nsPluginFile::GetPluginInfo(). This function would then just do something
dumb, like strstr each fName and/or fDescription for something that looks
like flash or gnash. If it finds that substring in those fields, it can
return ok.
Otherwise, we can just make nsPluginFile::GetPluginInfo() return
NS_ERROR_FAILURE and the plugin will not load.
The simplicity of this dirty hack appeals to me. I think we should do it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3547#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list