[tor-commits] [Git][tpo/applications/tor-browser][base-browser-128.1.0esr-14.0-1] fixup! Bug 42835: Create an actor to filter file data transfers

ma1 (@ma1) git at gitlab.torproject.org
Wed Aug 21 22:37:09 UTC 2024 


ma1 pushed to branch base-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser


Commits:
6abbbf97 by hackademix at 2024-08-22T00:37:03+02:00
fixup! Bug 42835: Create an actor to filter file data transfers

Bug 43064: Make file filtering more specific

- - - - -


1 changed file:

- toolkit/actors/FilesFilterChild.sys.mjs


Changes:

=====================================
toolkit/actors/FilesFilterChild.sys.mjs
=====================================
@@ -12,11 +12,14 @@ ChromeUtils.defineLazyGetter(lazy, "console", () => {
 
 export class FilesFilterChild extends JSWindowActorChild {
   handleEvent(event) {
+    if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) {
+      return;
+    }
     // drop or paste
     const { composedTarget } = event;
     const dt = event.clipboardData || event.dataTransfer;
 
-    if (dt.files.length) {
+    if ([...dt.files].some(f => f.mozFullPath)) {
       if (
         ["HTMLInputElement", "HTMLTextAreaElement"].includes(
           ChromeUtils.getClassName(composedTarget)
@@ -25,7 +28,7 @@ export class FilesFilterChild extends JSWindowActorChild {
         event.preventDefault();
         lazy.console.log(
           `Preventing path leak on ${event.type} for ${[...dt.files]
-            .map(f => f.name)
+            .map(f => `${f.name} (${f.mozFullPath})`)
             .join(", ")}.`
         );
       }
@@ -33,7 +36,7 @@ export class FilesFilterChild extends JSWindowActorChild {
     }
 
     // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths
-    if (!(event.clipboardData && dt.getData("text"))) {
+    if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) {
       return;
     }
 



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6abbbf97000d8392e8f84b90611f76a1146ed32b

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6abbbf97000d8392e8f84b90611f76a1146ed32b
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240821/cdf8f43c/attachment-0001.htm>

More information about the tor-commits mailing list