[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-115.14.0esr-13.5-1] fixup! Bug 42835: Create an actor to filter file data transfers
ma1 (@ma1)
git at gitlab.torproject.org
Wed Aug 21 22:37:34 UTC 2024
ma1 pushed to branch tor-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
6f5ad1e3 by hackademix at 2024-08-22T00:37:28+02:00
fixup! Bug 42835: Create an actor to filter file data transfers
Bug 43064: Make file filtering more specific
- - - - -
1 changed file:
- toolkit/actors/FilesFilterChild.sys.mjs
Changes:
=====================================
toolkit/actors/FilesFilterChild.sys.mjs
=====================================
@@ -12,11 +12,14 @@ ChromeUtils.defineLazyGetter(lazy, "console", () => {
export class FilesFilterChild extends JSWindowActorChild {
handleEvent(event) {
+ if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) {
+ return;
+ }
// drop or paste
const { composedTarget } = event;
const dt = event.clipboardData || event.dataTransfer;
- if (dt.files.length) {
+ if ([...dt.files].some(f => f.mozFullPath)) {
if (
["HTMLInputElement", "HTMLTextAreaElement"].includes(
ChromeUtils.getClassName(composedTarget)
@@ -25,7 +28,7 @@ export class FilesFilterChild extends JSWindowActorChild {
event.preventDefault();
lazy.console.log(
`Preventing path leak on ${event.type} for ${[...dt.files]
- .map(f => f.name)
+ .map(f => `${f.name} (${f.mozFullPath})`)
.join(", ")}.`
);
}
@@ -33,7 +36,7 @@ export class FilesFilterChild extends JSWindowActorChild {
}
// "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths
- if (!(event.clipboardData && dt.getData("text"))) {
+ if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) {
return;
}
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6f5ad1e3c3aa50a236f1a73e68533af017d49a7c
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6f5ad1e3c3aa50a236f1a73e68533af017d49a7c
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20240821/f68b92ad/attachment-0001.htm>
More information about the tbb-commits
mailing list