[tor-commits] [torbutton/master] Bug 40043: Delete all plugin-related protections

sysrqb at torproject.org sysrqb at torproject.org
Fri Aug 27 20:52:54 UTC 2021


commit 0197c6fec132dd0d672fb1f13b5cdb3ad58c57b7
Author: Matthew Finkel <sysrqb at torproject.org>
Date:   Wed Aug 25 18:57:34 2021 +0000

    Bug 40043: Delete all plugin-related protections
---
 chrome/content/torbutton.js | 138 ++------------------------------------------
 1 file changed, 5 insertions(+), 133 deletions(-)

diff --git a/chrome/content/torbutton.js b/chrome/content/torbutton.js
index 8c016b39..c05dd605 100644
--- a/chrome/content/torbutton.js
+++ b/chrome/content/torbutton.js
@@ -38,8 +38,6 @@ var m_tb_prefs = Services.prefs;
 var m_tb_wasinited = false;
 var m_tb_is_main_window = false;
 
-var m_tb_confirming_plugins = false;
-
 var m_tb_control_ipc_file = null;    // Set if using IPC (UNIX domain socket).
 var m_tb_control_port = null;        // Set if using TCP.
 var m_tb_control_host = null;        // Set if using TCP.
@@ -73,13 +71,8 @@ var torbutton_unique_pref_observer =
         m_tb_prefs.addObserver("extensions.torbutton", this, false);
         m_tb_prefs.addObserver("browser.privatebrowsing.autostart", this, false);
         m_tb_prefs.addObserver("javascript", this, false);
-        m_tb_prefs.addObserver("plugin.disable", this, false);
         m_tb_prefs.addObserver("privacy.resistFingerprinting", this, false);
         m_tb_prefs.addObserver("privacy.resistFingerprinting.letterboxing", this, false);
-
-        // We observe xpcom-category-entry-added for plugins w/ Gecko-Content-Viewers
-        var observerService = Services.obs;
-        observerService.addObserver(this, "xpcom-category-entry-added");
     },
 
     unregister: function()
@@ -87,12 +80,8 @@ var torbutton_unique_pref_observer =
         m_tb_prefs.removeObserver("extensions.torbutton", this);
         m_tb_prefs.removeObserver("browser.privatebrowsing.autostart", this);
         m_tb_prefs.removeObserver("javascript", this);
-        m_tb_prefs.removeObserver("plugin.disable", this);
         m_tb_prefs.removeObserver("privacy.resistFingerprinting", this);
         m_tb_prefs.removeObserver("privacy.resistFingerprinting.letterboxing", this);
-
-        var observerService = Services.obs;
-        observerService.removeObserver(this, "xpcom-category-entry-added");
     },
 
     // topic:   what event occurred
@@ -100,38 +89,9 @@ var torbutton_unique_pref_observer =
     // data:    which pref has been changed (relative to subject)
     observe: function(subject, topic, data)
     {
-        if (topic == "xpcom-category-entry-added") {
-          // Hrmm. should we inspect subject too? it's just mime type..
-          subject.QueryInterface(Ci.nsISupportsCString);
-          if (data == "Gecko-Content-Viewers" &&
-              !m_tb_prefs.getBoolPref("extensions.torbutton.startup") &&
-              m_tb_prefs.getBoolPref("extensions.torbutton.confirm_plugins")) {
-             torbutton_log(3, "Got plugin enabled notification: "+subject);
-
-             /* We need to protect this call with a flag becuase we can
-              * get multiple observer events for each mime type a plugin
-              * registers. Thankfully, these notifications arrive only on
-              * the main thread, *however*, our confirmation dialog suspends
-              * execution and allows more events to arrive until it is answered
-              */
-             if (!m_tb_confirming_plugins) {
-               m_tb_confirming_plugins = true;
-               torbutton_confirm_plugins();
-               m_tb_confirming_plugins = false;
-             } else {
-               torbutton_log(3, "Skipping notification for mime type: "+subject);
-             }
-          }
-          return;
-        }
-
         if (topic != "nsPref:changed") return;
 
         switch (data) {
-            case "plugin.disable":
-                torbutton_toggle_plugins(
-                        m_tb_prefs.getBoolPref("plugin.disable"));
-                break;
             case "browser.privatebrowsing.autostart":
                 torbutton_update_disk_prefs();
                 break;
@@ -348,67 +308,6 @@ var torbutton_abouttor_message_handler = {
   }
 };
 
-function torbutton_confirm_plugins() {
-  var any_plugins_enabled = false;
-  var PH=Cc["@mozilla.org/plugin/host;1"].getService(Ci.nsIPluginHost);
-  var P=PH.getPluginTags({});
-  for(var i=0; i<P.length; i++) {
-      if (!P[i].disabled)
-        any_plugins_enabled = true;
-  }
-
-  if (!any_plugins_enabled) {
-    torbutton_log(3, "False positive on plugin notification. Ignoring");
-    return;
-  }
-
-  torbutton_log(3, "Confirming plugin usage.");
-
-  var prompts = Services.prompt;
-
-  // Display two buttons, both with string titles.
-  var flags = prompts.STD_YES_NO_BUTTONS + prompts.BUTTON_DELAY_ENABLE;
-
-  var message = torbutton_get_property_string("torbutton.popup.confirm_plugins");
-  var askAgainText = torbutton_get_property_string("torbutton.popup.never_ask_again");
-  var askAgain = {value: false};
-
-  var wm = Services.wm;
-  var win = wm.getMostRecentWindow("navigator:browser");
-  var no_plugins = (prompts.confirmEx(win, "", message, flags, null, null, null,
-      askAgainText, askAgain) == 1);
-
-  m_tb_prefs.setBoolPref("extensions.torbutton.confirm_plugins", !askAgain.value);
-
-  // The pref observer for "plugin.disable" will set the appropriate plugin state.
-  // So, we only touch the pref if it has changed.
-  if (no_plugins !=
-      m_tb_prefs.getBoolPref("plugin.disable"))
-    m_tb_prefs.setBoolPref("plugin.disable", no_plugins);
-  else
-    torbutton_toggle_plugins(no_plugins);
-
-  // Now, if any tabs were open to about:addons, reload them. Our popup
-  // messed up that page.
-  var browserEnumerator = wm.getEnumerator("navigator:browser");
-
-  // Check each browser instance for our URL
-  while (browserEnumerator.hasMoreElements()) {
-    var browserWin = browserEnumerator.getNext();
-    var tabbrowser = browserWin.gBrowser;
-
-    // Check each tab of this browser instance
-    var numTabs = tabbrowser.browsers.length;
-    for (var index = 0; index < numTabs; index++) {
-      var currentBrowser = tabbrowser.getBrowserAtIndex(index);
-      if ("about:addons" == currentBrowser.currentURI.spec) {
-        torbutton_log(3, "Got browser: "+currentBrowser.currentURI.spec);
-        currentBrowser.reload();
-      }
-    }
-  }
-}
-
 // Bug 1506 P4: Control port interaction. Needed for New Identity.
 function torbutton_socket_readline(input) {
   var str = "";
@@ -530,7 +429,7 @@ torbutton_new_identity = async function() {
 }
 
 /* The "New Identity" implementation does the following:
- *   1. Disables Javascript and plugins on all tabs
+ *   1. Disables Javascript
  *   2. Clears state:
  *      a. OCSP
  *      b. Cache + image cache
@@ -544,9 +443,8 @@ torbutton_new_identity = async function() {
  *      j. permissions
  *      k. site security settings (e.g. HSTS)
  *      l. IndexedDB and other DOM storage
- *      m. plugin data
- *      n. media devices
- *      o. predictor network data
+ *      m. media devices
+ *      n. predictor network data
  *   3. Sends tor the NEWNYM signal to get a new circuit
  *   4. Opens a new window with the default homepage
  *   5. Closes this window
@@ -696,14 +594,12 @@ async function torbutton_do_new_identity() {
   }
 
   torbutton_log(3, "New Identity: Clearing storage");
-  torbutton_log(3, "New Identity: Clearing plugin data");
   torbutton_log(3, "New Identity: Clearing media devices");
   torbutton_log(3, "New Identity: Clearing predictor network data");
 
   try {
     await clearData(
       Services.clearData.CLEAR_DOM_STORAGES |
-      Services.clearData.CLEAR_PLUGIN_DATA |
       Services.clearData.CLEAR_MEDIA_DEVICES |
       Services.clearData.CLEAR_PREDICTOR_NETWORK_DATA
     );
@@ -1081,27 +977,6 @@ async function torbutton_tor_check_ok()
   return (checkSvc.kCheckFailed != checkSvc.statusOfTorCheck);
 }
 
-// Bug 1506 P5: Despite the name, this is the way we disable
-// plugins for Tor Browser, too.
-//
-// toggles plugins: true for disabled, false for enabled
-function torbutton_toggle_plugins(disable_plugins) {
-  var PH=Cc["@mozilla.org/plugin/host;1"].getService(Ci.nsIPluginHost);
-  var P=PH.getPluginTags({});
-  for(var i=0; i<P.length; i++) {
-      if ("enabledState" in P[i]) { // FF24
-        // FIXME: DOCDOC the reasoning for the isDisabled check, or remove it.
-        var isDisabled = (P[i].enabledState == Ci.nsIPluginTag.STATE_DISABLED);
-        if (!isDisabled && disable_plugins)
-          P[i].enabledState = Ci.nsIPluginTag.STATE_DISABLED;
-        else if (isDisabled && !disable_plugins)
-          P[i].enabledState = Ci.nsIPluginTag.STATE_CLICKTOPLAY;
-      } else if (P[i].disabled != disable_plugins) { // FF17
-        P[i].disabled=disable_plugins;
-      }
-  }
-}
-
 function torbutton_update_disk_prefs() {
     var mode = m_tb_prefs.getBoolPref("browser.privatebrowsing.autostart");
 
@@ -1194,7 +1069,7 @@ function torbutton_clear_cookies() {
     cm.removeAll();
 }
 
-// -------------- JS/PLUGIN HANDLING CODE ---------------------
+// -------------- JS HANDLING CODE ---------------------
 // Bug 1506 P3: Defense in depth. Disables JS and events for New Identity.
 function torbutton_disable_browser_js(browser) {
     var eventSuppressor = null;
@@ -1233,6 +1108,7 @@ function torbutton_disable_browser_js(browser) {
 function torbutton_disable_window_js(win) {
     var browser = win.gBrowser;
     if (!browser) {
+      // TODO is this still needed?
       torbutton_log(5, "No browser for plugin window...");
       return;
     }
@@ -1328,10 +1204,6 @@ function torbutton_do_main_window_startup()
 function torbutton_do_startup()
 {
     if(m_tb_prefs.getBoolPref("extensions.torbutton.startup")) {
-        // Bug 1506: Still want to do this
-        torbutton_toggle_plugins(
-                m_tb_prefs.getBoolPref("plugin.disable"));
-
         // Bug 1506: Should probably be moved to an XPCOM component
         torbutton_do_main_window_startup();
 



More information about the tor-commits mailing list