[tor-commits] [torbutton/master] Bug 9387: Version 0.2 of the Security Slider.
mikeperry at torproject.org
mikeperry at torproject.org
Thu Oct 30 22:18:20 UTC 2014
commit cda1d6cd71a5c5b84dfd45bcf042b5ada8ee58b4
Author: Georg Koppen <gk at torproject.org>
Date: Thu Oct 30 22:54:32 2014 +0000
Bug 9387: Version 0.2 of the Security Slider.
Version 0.2 contains the slider and the option to choose a mode which
results in preferences enabled/disabled depending on the respective
security level chosen. The UI is in Torbutton's preferences dialog only
for now. If the user manipluates preferences governed by the slider the
custom checkbox is checked and unhidden indicating that the user is
currently in a non-standard user group.
Missing pieces:
-tooltips/help buttons explaining the security levels
-preferences for disabling SVG and MathML (#12827 and #13548)
---
src/chrome/content/preferences.js | 37 +++++++
src/chrome/content/preferences.xul | 62 +++++++++--
src/chrome/content/torbutton.js | 177 +++++++++++++++++++++++++++++++
src/chrome/locale/en/torbutton.dtd | 9 +-
src/defaults/preferences/preferences.js | 3 +
5 files changed, 276 insertions(+), 12 deletions(-)
diff --git a/src/chrome/content/preferences.js b/src/chrome/content/preferences.js
index 4c3c74d..20a6c9f 100644
--- a/src/chrome/content/preferences.js
+++ b/src/chrome/content/preferences.js
@@ -180,10 +180,21 @@ function torbutton_prefs_init(doc) {
doc.getElementById('torbutton_settingsMethod').selectedItem = doc.getElementById('torbutton_transparentTor');
}
+ // Privacy and security settings
doc.getElementById('torbutton_blockDisk').checked = o_torprefs.getBoolPref('block_disk');
doc.getElementById('torbutton_resistFingerprinting').checked = o_torprefs.getBoolPref('resist_fingerprinting');
doc.getElementById('torbutton_blockPlugins').checked = o_torprefs.getBoolPref('no_tor_plugins');
doc.getElementById('torbutton_restrictThirdParty').checked = o_torprefs.getBoolPref('restrict_thirdparty');
+ let sec_slider = doc.getElementById('torbutton_sec_slider');
+ let sec_custom = doc.getElementById('torbutton_sec_custom');
+ let custom_values = o_torprefs.getBoolPref('security_custom');
+ sec_slider.value = o_torprefs.getIntPref('security_slider');
+ sec_slider.disabled = custom_values;
+ // Setting |disabled| to |false| is not enough to have the element
+ // non-responding. We need to handle |movetoclick| as well.
+ sec_slider.setAttribute("movetoclick", !custom_values);
+ sec_custom.checked = custom_values;
+ sec_custom.collapsed = !custom_values;
torbutton_prefs_set_field_attributes(doc);
}
@@ -273,13 +284,22 @@ function torbutton_prefs_save(doc) {
}
}
+ // Privacy and Security Settings
o_torprefs.setBoolPref('block_disk', doc.getElementById('torbutton_blockDisk').checked);
o_torprefs.setBoolPref('resist_fingerprinting', doc.getElementById('torbutton_resistFingerprinting').checked);
o_torprefs.setBoolPref('no_tor_plugins', doc.getElementById('torbutton_blockPlugins').checked);
o_torprefs.setBoolPref('restrict_thirdparty', doc.getElementById('torbutton_restrictThirdParty').checked);
+ o_torprefs.setBoolPref('security_custom',
+ doc.getElementById('torbutton_sec_custom').checked);
+ o_torprefs.setIntPref('security_slider',
+ doc.getElementById('torbutton_sec_slider').value);
// if tor settings were initially active, update the active settings to reflect any changes
if (tor_enabled) torbutton_activate_tor_settings();
+ // If we have non-custom Security Slider settings update them now.
+ if (!o_torprefs.getBoolPref('security_custom')) {
+ win.torbutton_update_security_slider();
+ }
}
function torbutton_prefs_test_settings() {
@@ -413,6 +433,11 @@ function torbutton_prefs_reset_defaults() {
}
}
+ // Resetting the Security Slider preferences
+ o_torprefs.setBoolPref('security_custom', false);
+ o_torprefs.setIntPref('security_slider', 1);
+ chrome.torbutton_update_security_slider();
+
torbutton_log(4, "Preferences reset to defaults");
torbutton_prefs_init(window.document);
@@ -421,3 +446,15 @@ function torbutton_prefs_reset_defaults() {
.getService(Components.interfaces.nsIPrefService);
prefService.savePrefFile(null);
}
+
+function torbutton_toggle_slider(doc) {
+ let slider = doc.getElementById("torbutton_sec_slider");
+ if (doc.getElementById("torbutton_sec_custom").checked) {
+ slider.disabled = true;
+ slider.setAttribute("movetoclick", false);
+ } else {
+ slider.disabled = false;
+ slider.setAttribute("movetoclick", true);
+ }
+}
+
diff --git a/src/chrome/content/preferences.xul b/src/chrome/content/preferences.xul
index 5198565..7c5633b 100644
--- a/src/chrome/content/preferences.xul
+++ b/src/chrome/content/preferences.xul
@@ -19,7 +19,7 @@
<tabbox>
<tabs>
<tab label="&torbutton.prefs.tor_settings;"/>
- <tab label="&torbutton.prefs.sec_settings;"/>
+ <tab label="&torbutton.prefs.privacy_security_settings;"/>
</tabs>
<tabpanels>
<tabpanel>
@@ -140,16 +140,56 @@
</vbox>
</tabpanel>
<tabpanel>
- <vbox>
- <checkbox id="torbutton_blockDisk"
- label="&torbutton.prefs.block_disk;"/>
- <checkbox id="torbutton_blockPlugins"
- label="&torbutton.prefs.block_plugins;"/>
- <checkbox id="torbutton_restrictThirdParty"
- label="&torbutton.prefs.restrict_thirdparty;"/>
- <checkbox id="torbutton_resistFingerprinting"
- label="&torbutton.prefs.resist_fingerprinting;"/>
- </vbox>
+ <vbox>
+ <groupbox>
+ <caption label="&torbutton.prefs.priv_caption;"/>
+ <checkbox id="torbutton_blockDisk"
+ label="&torbutton.prefs.block_disk;"/>
+ <checkbox id="torbutton_blockPlugins"
+ label="&torbutton.prefs.block_plugins;"/>
+ <checkbox id="torbutton_restrictThirdParty"
+ label="&torbutton.prefs.restrict_thirdparty;"/>
+ <checkbox id="torbutton_resistFingerprinting"
+ label="&torbutton.prefs.resist_fingerprinting;"/>
+ </groupbox>
+ <spacer flex="1"/>
+ <groupbox>
+ <caption label="&torbutton.prefs.sec_caption;"/>
+ <hbox>
+ <vbox>
+ <scale id="torbutton_sec_slider" height="200" min="1" max="4"
+ movetoclick="true" orient="vertical"/>
+ </vbox>
+ <vbox height="200">
+ <hbox flex="1" align="center">
+ <description id="torbutton_sec_low">
+ &torbutton.prefs.sec_low;
+ </description>
+ </hbox>
+ <hbox flex="1" align="center">
+ <description id="torbutton_sec_med_low">
+ &torbutton.prefs.sec_med_low;
+ </description>
+ </hbox>
+ <hbox flex="1" align="center">
+ <description id="torbutton_sec_med_high">
+ &torbutton.prefs.sec_med_high;
+ </description>
+ </hbox>
+ <hbox flex="1" align="center">
+ <description id="torbutton_sec_high">
+ &torbutton.prefs.sec_high;
+ </description>
+ </hbox>
+ </vbox>
+ </hbox>
+ <hbox>
+ <checkbox id="torbutton_sec_custom" flex="1"
+ oncommand="torbutton_toggle_slider(document);"
+ label="&torbutton.prefs.sec_custom;"/>
+ </hbox>
+ </groupbox>
+ </vbox>
</tabpanel>
</tabpanels>
diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index 44020ec..6995197 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -52,6 +52,8 @@ var m_tb_orig_BrowserOnAboutPageLoad = null;
var m_tb_domWindowUtils = window.QueryInterface(Ci.nsIInterfaceRequestor).
getInterface(Ci.nsIDOMWindowUtils);
+var m_tb_sliderUpdate = false;
+
// Bug 1506 P1: This object is only for updating the UI for toggling and style
var torbutton_window_pref_observer =
{
@@ -118,6 +120,12 @@ var torbutton_unique_pref_observer =
this._branch.addObserver("network.proxy", this, false);
this._branch.addObserver("network.cookie", this, false);
this._branch.addObserver("browser.privatebrowsing.autostart", this, false);
+ this._branch.addObserver("javascript", this, false);
+ this._branch.addObserver("gfx", this, false);
+ this._branch.addObserver("noscript", this, false);
+ this._branch.addObserver("media", this, false);
+ this._branch.addObserver("capability.policy.maonoscript.sites", this,
+ false);
// We observe xpcom-category-entry-added for plugins w/ Gecko-Content-Viewers
var observerService = Cc["@mozilla.org/observer-service;1"].
@@ -132,6 +140,11 @@ var torbutton_unique_pref_observer =
this._branch.removeObserver("network.proxy", this);
this._branch.removeObserver("network.cookie", this);
this._branch.removeObserver("browser.privatebrowsing.autostart", this);
+ this._branch.removeObserver("javascript", this);
+ this._branch.removeObserver("gfx", this);
+ this._branch.removeObserver("noscript", this);
+ this._branch.removeObserver("media", this);
+ this._branch.removeObserver("capability.policy.maonoscript.sites", this);
var observerService = Cc["@mozilla.org/observer-service;1"].
getService(Ci.nsIObserverService);
@@ -218,6 +231,32 @@ var torbutton_unique_pref_observer =
case "extensions.torbutton.restrict_thirdparty":
torbutton_update_thirdparty_prefs();
break;
+ case "gfx.font_rendering.opentype_svg.enabled":
+ case "javascript.options.ion.content":
+ case "javascript.options.typeinference":
+ case "javascript.options.asmjs":
+ case "noscript.forbidMedia":
+ case "media.webaudio.enabled":
+ case "javascript.options.baselinejit.content":
+ case "noscript.forbidFonts":
+ case "gfx.font_rendering.graphite.enabled":
+ case "noscript.globalHttpsWhitelist":
+ case "noscript.global":
+ case "media.ogg.enabled":
+ case "media.opus.enabled":
+ case "media.wave.enabled":
+ case "media.apple.mp3.enabled":
+ case "capability.policy.maonoscript.sites":
+ if (!m_tb_sliderUpdate) {
+ // Do we already have custom settings?
+ let customSlider = m_tb_prefs.
+ getBoolPref("extensions.torbutton.security_custom");
+ if (!customSlider) {
+ m_tb_prefs.
+ setBoolPref("extensions.torbutton.security_custom", true);
+ }
+ }
+ break;
}
}
}
@@ -513,6 +552,8 @@ function torbutton_init() {
// initialize preferences before we start our prefs observer
torbutton_init_prefs();
+ // set some important security prefs according to the chosen security level
+ torbutton_update_security_slider();
// set panel style from preferences
torbutton_set_panel_style();
@@ -2092,6 +2133,142 @@ function torbutton_update_thirdparty_prefs() {
prefService.savePrefFile(null);
}
+var torbutton_sec_l_bool_prefs = {
+ "gfx.font_rendering.opentype_svg.enabled" : false,
+};
+
+var torbutton_sec_ml_bool_prefs = {
+ "javascript.options.ion.content" : false,
+ "javascript.options.typeinference" : false,
+ "javascript.options.asmjs" : false,
+ "noscript.forbidMedia" : true,
+ "media.webaudio.enabled" : false,
+ // XXX: pref for disabling MathML is missing
+};
+
+var torbutton_sec_mh_bool_prefs = {
+ "javascript.options.baselinejit.content" : false,
+ "noscript.globalHttpsWhitelist" : true,
+ // XXX: pref for disableing SVG is missing
+};
+
+var torbutton_sec_h_bool_prefs = {
+ "noscript.forbidFonts" : true,
+ "noscript.global" : false,
+ "media.ogg.enabled" : false,
+ "media.opus.enabled" : false,
+ "media.wave.enabled" : false,
+ "media.apple.mp3.enabled" : false
+};
+
+function torbutton_update_security_slider() {
+ // Avoid checking the custom settings checkbox.
+ m_tb_sliderUpdate = true;
+ let mode = m_tb_prefs.getIntPref("extensions.torbutton.security_slider");
+ let capValue = m_tb_prefs.getCharPref("capability.policy.maonoscript.sites");
+ switch (mode) {
+ case 1:
+ for (p in torbutton_sec_l_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_l_bool_prefs[p]);
+ }
+ for (p in torbutton_sec_ml_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, !torbutton_sec_ml_bool_prefs[p])
+ }
+ for (p in torbutton_sec_mh_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, !torbutton_sec_mh_bool_prefs[p])
+ }
+ for (p in torbutton_sec_h_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
+ }
+ // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+ if (capValue.indexOf(" https:") >= 0) {
+ m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
+ capValue.replace(" https:", ""));
+ }
+ if (m_tb_prefs.getCharPref("general.useragent.locale") !== "ko" ||
+ m_tb_prefs.getCharPref("general.useragent.locale") !== "vi" ||
+ m_tb_prefs.getCharPref("general.useragent.locale") !== "zh-CN") {
+ m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", false);
+ } else {
+ m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", true);
+ }
+ break;
+ case 2:
+ for (p in torbutton_sec_l_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_l_bool_prefs[p]);
+ }
+ for (p in torbutton_sec_ml_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_ml_bool_prefs[p])
+ }
+ for (p in torbutton_sec_mh_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, !torbutton_sec_mh_bool_prefs[p])
+ }
+ for (p in torbutton_sec_h_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
+ }
+ // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+ if (capValue.indexOf(" https:") >= 0) {
+ m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
+ capValue.replace(" https:", ""));
+ }
+ if (m_tb_prefs.getCharPref("general.useragent.locale") !== "ko" ||
+ m_tb_prefs.getCharPref("general.useragent.locale") !== "vi" ||
+ m_tb_prefs.getCharPref("general.useragent.locale") !== "zh-CN") {
+ m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", false);
+ } else {
+ m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", true);
+ }
+ break;
+ case 3:
+ for (p in torbutton_sec_l_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_l_bool_prefs[p]);
+ }
+ for (p in torbutton_sec_ml_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_ml_bool_prefs[p])
+ }
+ for (p in torbutton_sec_mh_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p])
+ }
+ for (p in torbutton_sec_h_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
+ }
+ // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+ // missing.
+ if (capValue.indexOf(" https:") < 0) {
+ m_tb_prefs.setCharPref("capability.policy.maonoscript.sites", capValue +
+ " https:");
+ }
+ m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", false);
+ break;
+ case 4:
+ for (p in torbutton_sec_l_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_l_bool_prefs[p]);
+ }
+ for (p in torbutton_sec_ml_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_ml_bool_prefs[p])
+ }
+ for (p in torbutton_sec_mh_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p])
+ // noscript.globalHttpsWhitelist is special: We don't want it in this
+ // mode.
+ if (p == "noscript.globalHttpsWhitelist") {
+ m_tb_prefs.setBoolPref(p, !torbutton_sec_mh_bool_prefs[p])
+ }
+ }
+ for (p in torbutton_sec_h_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_h_bool_prefs[p])
+ }
+ // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+ if (capValue.indexOf(" https:") >= 0) {
+ m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
+ capValue.replace(" https:", ""));
+ }
+ m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", true);
+ break;
+ }
+ m_tb_sliderUpdate = false;
+}
+
// Bug 1506 P0: This code is a toggle-relic.
//
// It basically just enforces the three Torbutton prefs
diff --git a/src/chrome/locale/en/torbutton.dtd b/src/chrome/locale/en/torbutton.dtd
index 1457b20..283032b 100644
--- a/src/chrome/locale/en/torbutton.dtd
+++ b/src/chrome/locale/en/torbutton.dtd
@@ -44,7 +44,7 @@
<!ENTITY torbutton.context_menu.openTorWindow.key "d">
<!ENTITY torbutton.button.label "Torbutton">
<!ENTITY torbutton.button.tooltip "Click to initialize Torbutton">
-<!ENTITY torbutton.prefs.sec_settings "Security Settings">
+<!ENTITY torbutton.prefs.privacy_security_settings "Privacy and Security Settings">
<!ENTITY torbutton.prefs.block_thread "Block history reads during Tor (crucial)">
<!ENTITY torbutton.prefs.block_thwrite "Block history writes during Tor (recommended)">
<!ENTITY torbutton.prefs.block_nthread "Block history reads during Non-Tor (optional)">
@@ -144,7 +144,14 @@
<!ENTITY torbutton.prefs.engine5 "duckduckgo.com">
<!ENTITY torbutton.prefs.fix_google_srch "Strip platform and language off of Google Search Box queries">
<!ENTITY torbutton.prefs.transparentTor "Transparent Torification (Requires custom transproxy or Tor router)">
+<!ENTITY torbutton.prefs.priv_caption "Privacy Settings">
<!ENTITY torbutton.prefs.block_disk "Don't record browsing history or website data (enables Private Browsing Mode)">
<!ENTITY torbutton.prefs.restrict_thirdparty "Restrict third party cookies and other tracking data">
<!ENTITY torbutton.prefs.block_plugins "Disable browser plugins (such as Flash)">
<!ENTITY torbutton.prefs.resist_fingerprinting "Change details that distinguish you from other Tor Browser users">
+<!ENTITY torbutton.prefs.sec_caption "Security Level">
+<!ENTITY torbutton.prefs.sec_low "Low (default)">
+<!ENTITY torbutton.prefs.sec_med_low "Medium-Low">
+<!ENTITY torbutton.prefs.sec_med_high "Medium-High">
+<!ENTITY torbutton.prefs.sec_high "High">
+<!ENTITY torbutton.prefs.sec_custom "Custom Values">
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index af9838a..d527d7e 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -173,6 +173,9 @@ pref("extensions.torbutton at torproject.org.getAddons.cache.enabled", false);
pref("extensions.torbutton.block_disk", true);
pref("extensions.torbutton.resist_fingerprinting", true);
pref("extensions.torbutton.restrict_thirdparty", true);
+// Security Slider
+pref("extensions.torbutton.security_slider", 1);
+pref("extensions.torbutton.security_custom", false);
// Google Captcha prefs
// FIXME: NID cookie?
More information about the tor-commits
mailing list