[tbb-commits] [torbutton/master] Bug 13998: Adapt code to fixed globalHttpsWhitelist
mikeperry at torproject.org
mikeperry at torproject.org
Tue Jan 13 16:36:39 UTC 2015
commit 915ec73bb2b556aa937a827fbe746b21dacec1f3
Author: Georg Koppen <gk at torproject.org>
Date: Mon Jan 12 13:03:34 2015 +0000
Bug 13998: Adapt code to fixed globalHttpsWhitelist
---
src/chrome/content/torbutton.js | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index 4715fb6..8adef28 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -2166,6 +2166,7 @@ var torbutton_sec_ml_bool_prefs = {
var torbutton_sec_mh_bool_prefs = {
"javascript.options.baselinejit.content" : false,
+ "noscript.global" : false,
"noscript.globalHttpsWhitelist" : true,
// XXX: pref for disableing SVG is missing
};
@@ -2198,7 +2199,10 @@ function torbutton_update_security_slider() {
for (p in torbutton_sec_h_bool_prefs) {
m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
}
- // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+ // Removing "https:" is needed due to a bug in older Noscript versions.
+ // We leave that in for a while as there may be users that were affected
+ // by this bug. Removing it immediately and having the auto-updater might
+ // leave users exposed to the problem.
if (capValue.indexOf(" https:") >= 0) {
m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
capValue.replace(" https:", ""));
@@ -2224,7 +2228,10 @@ function torbutton_update_security_slider() {
for (p in torbutton_sec_h_bool_prefs) {
m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
}
- // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+ // Removing "https:" is needed due to a bug in older Noscript versions.
+ // We leave that in for a while as there may be users that were affected
+ // by this bug. Removing it immediately and having the auto-updater might
+ // leave users exposed to the problem.
if (capValue.indexOf(" https:") >= 0) {
m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
capValue.replace(" https:", ""));
@@ -2244,17 +2251,14 @@ function torbutton_update_security_slider() {
for (p in torbutton_sec_ml_bool_prefs) {
m_tb_prefs.setBoolPref(p, torbutton_sec_ml_bool_prefs[p])
}
- for (p in torbutton_sec_mh_bool_prefs) {
- m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p])
- }
+ // Order matters here as both the high mode and the medium-high mode
+ // share some preferences/values. So, let's revert the high mode
+ // preferences first and set the medium-high mode ones afterwards.
for (p in torbutton_sec_h_bool_prefs) {
m_tb_prefs.setBoolPref(p, !torbutton_sec_h_bool_prefs[p])
}
- // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
- // missing.
- if (capValue.indexOf(" https:") < 0) {
- m_tb_prefs.setCharPref("capability.policy.maonoscript.sites", capValue +
- " https:");
+ for (p in torbutton_sec_mh_bool_prefs) {
+ m_tb_prefs.setBoolPref(p, torbutton_sec_mh_bool_prefs[p])
}
m_tb_prefs.setBoolPref("gfx.font_rendering.graphite.enabled", false);
break;
@@ -2276,7 +2280,10 @@ function torbutton_update_security_slider() {
for (p in torbutton_sec_h_bool_prefs) {
m_tb_prefs.setBoolPref(p, torbutton_sec_h_bool_prefs[p])
}
- // XXX: Adding and removing "https:" is needed due to a bug in Noscript.
+ // Removing "https:" is needed due to a bug in older Noscript versions.
+ // We leave that in for a while as there may be users that were affected
+ // by this bug. Removing it immediately and having the auto-updater might
+ // leave users exposed to the problem.
if (capValue.indexOf(" https:") >= 0) {
m_tb_prefs.setCharPref("capability.policy.maonoscript.sites",
capValue.replace(" https:", ""));
More information about the tbb-commits
mailing list