[or-cvs] r13707: Clean up comments in the content policy. Add jar to hostfree (torbutton/trunk/src/components)

mikeperry at seul.org mikeperry at seul.org
Sun Feb 24 23:50:37 UTC 2008 

Author: mikeperry
Date: 2008-02-24 18:50:37 -0500 (Sun, 24 Feb 2008)
New Revision: 13707

Modified:
   torbutton/trunk/src/components/cssblocker.js
Log:

Clean up comments in the content policy. Add jar to hostfree
schemes for good measure.



Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js	2008-02-24 23:39:53 UTC (rev 13706)
+++ torbutton/trunk/src/components/cssblocker.js	2008-02-24 23:50:37 UTC (rev 13707)
@@ -69,7 +69,8 @@
 }
 
 // Unwraps jar:, view-source: and wyciwyg: URLs, returns the contained URL
-// XXX: what about %encoding and null characters?
+// This is no longer needed. These urls are now blocked by mozilla,
+// or treated as normal network urls
 function unwrapURL(url) {
 	if (!url)
 		return url;
@@ -86,14 +87,13 @@
 
 var localSchemes = {"about" : true, "chrome" : true, "file" : true, 
     "resource" : true, "x-jsd" : true, "addbook" : true, 
-    //    "cid" : true, "data" : true, "javascript" : true,
     "mailbox" : true};
 
 var browserSources = { "browser":true, "mozapps":true, "global":true, 
      "pippki":true};
 
 var hostFreeSchemes = { "resource":true, "data":true, "cid":true, 
-     "javascript":true, "file":true};
+     "javascript":true, "file":true, "jar":true};
 
 var safeOriginSchemes = { "about":true, "chrome":true, "file":true};
 
@@ -156,7 +156,7 @@
                 this.logger.eclog(4, "Blocking local: "+contentLocation.spec+" from: "+requestOrigin.spec);
                 return block;
             }
-        } else if(contentLocation.schemeIs("chrome")) { // XXX: components, defaults??
+        } else if(contentLocation.schemeIs("chrome")) { 
             if(!requestOrigin) {
                 if(contentLocation.host != "pippki") {
                     this.logger.eclog(5, "NO ORIGIN! Chrome: "+contentLocation.spec);
@@ -165,7 +165,7 @@
 
             if((!requestOrigin || !requestOrigin.schemeIs("chrome")) 
                     && !(contentLocation.host in browserSources)) {
-                // Prevent access to all but the browser source chrome
+                // Prevent access to all but the browser source chrome from websites
                 this.logger.eclog(2, "Source: "+ contentLocation.host + ". Chrome: "+contentLocation.spec+" from: "+requestOrigin.spec);
                 if(contentLocation.host  == "torbutton" || this.tor_enabled) {
                     // Always conceal torbutton's presence. Conceal

More information about the tor-commits mailing list