[tor-commits] [torbutton/master] Fix bug #1999: Disable tor urls by default
mikeperry at torproject.org
mikeperry at torproject.org
Tue Mar 1 10:04:16 UTC 2011
commit 2f7c7fe8561b34da7107f0e5774bc91748dc6953
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Tue Mar 1 01:57:19 2011 -0800
Fix bug #1999: Disable tor urls by default
Fixing these will be too problematic for 1.4.x. We'll block on this bug
forever otherwise. We throw an unknown protocol exception if this pref is set
to prevent fingerprinting with this technique:
http://pseudo-flaw.net/tor/torbutton/scan-protocol-handlers.html
---
src/components/tor-protocol.js | 8 ++++++--
src/components/tors-protocol.js | 8 ++++++--
src/defaults/preferences/preferences.js | 1 +
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/components/tor-protocol.js b/src/components/tor-protocol.js
index e8bb68e..5bd27e3 100644
--- a/src/components/tor-protocol.js
+++ b/src/components/tor-protocol.js
@@ -48,12 +48,16 @@ Protocol.prototype =
newChannel: function(aURI)
{
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefBranch);
+ if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
+ throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
+ }
+
/*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of http.*/
var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
.getService(Components.interfaces.nsIPromptService);
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
.getService(Components.interfaces.nsIWindowMediator);
diff --git a/src/components/tors-protocol.js b/src/components/tors-protocol.js
index ca82b47..8f02da8 100644
--- a/src/components/tors-protocol.js
+++ b/src/components/tors-protocol.js
@@ -48,12 +48,16 @@ Protocol.prototype =
newChannel: function(aURI)
{
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefBranch);
+ if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
+ throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
+ }
+
/*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of https.*/
var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
.getService(Components.interfaces.nsIPromptService);
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
.getService(Components.interfaces.nsIWindowMediator);
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index 3d4eac7..f12e849 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -164,6 +164,7 @@ pref("extensions.torbutton.fakerefresh", false);
pref("extensions.torbutton.customeref","");
pref("extensions.torbutton.disable_livemarks",true);
pref("extensions.torbutton.update_torbutton_via_tor",true);
+pref("extensions.torbutton.tor_urls",false);
// Opt out of Firefox addon pings:
// https://developer.mozilla.org/en/Addons/Working_with_AMO
pref("extensions.e0204bd5-9d31-402b-a99d-a6aa8ffebdca.getAddons.cache.enabled", false);
More information about the tor-commits
mailing list