[tbb-commits] [tor-browser-build/master] Bug 22501: Requests via javascript: violate FPI

gk at torproject.org gk at torproject.org
Fri Sep 29 06:29:57 UTC 2017


commit ee2f06091d76272c7b629265d8c0a67c3d3b07e1
Author: Richard Pospesel <richard at torproject.org>
Date:   Thu Sep 28 12:32:58 2017 -0700

    Bug 22501: Requests via javascript: violate FPI
    
    By default NoScript attempts to find URLs in "javascript:.*" strings
    found in <a> element href atributes and in <option> element value
    attributes.  When such links (or options) are clicked/selected,
    NoScript attempts to navigate the page to said URL.  These navigations
    are treated as intternal requests, and get pacced onto the catch-all
    circuit.
    
    This behaviour can be turned off by disabling the 'noscript.fixLinks'
    flag, so we do so for each Tor Browser build target's
    extension-overrides.js.
---
 .../Data/Browser/profile.default/preferences/extension-overrides.js      | 1 +
 .../Data/Browser/profile.default/preferences/extension-overrides.js      | 1 +
 .../Data/Browser/profile.default/preferences/extension-overrides.js      | 1 +
 3 files changed, 3 insertions(+)

diff --git a/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js
index ded3d5b..c610aff 100644
--- a/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js
+++ b/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js
@@ -38,6 +38,7 @@ pref("noscript.temp", "");
 pref("noscript.untrusted", "");
 pref("noscript.forbidMedia", false);
 pref("noscript.allowWhitelistUpdates", false);
+pref("noscript.fixLinks", false);
 // Now handled by plugins.click_to_play
 pref("noscript.forbidFlash", false);
 pref("noscript.forbidSilverlight", false);
diff --git a/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js
index ded3d5b..c610aff 100644
--- a/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js
+++ b/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js
@@ -38,6 +38,7 @@ pref("noscript.temp", "");
 pref("noscript.untrusted", "");
 pref("noscript.forbidMedia", false);
 pref("noscript.allowWhitelistUpdates", false);
+pref("noscript.fixLinks", false);
 // Now handled by plugins.click_to_play
 pref("noscript.forbidFlash", false);
 pref("noscript.forbidSilverlight", false);
diff --git a/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js
index ded3d5b..c610aff 100644
--- a/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js
+++ b/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js
@@ -38,6 +38,7 @@ pref("noscript.temp", "");
 pref("noscript.untrusted", "");
 pref("noscript.forbidMedia", false);
 pref("noscript.allowWhitelistUpdates", false);
+pref("noscript.fixLinks", false);
 // Now handled by plugins.click_to_play
 pref("noscript.forbidFlash", false);
 pref("noscript.forbidSilverlight", false);



More information about the tbb-commits mailing list