Package: xul-ext-https-everywhere
Version: 4.0.2-1
Severity: important
Tags: patch upstream

The first time the browser is started after installing 
xul-ext-https-everywhere, a notification bar is shown, informing of 
the fact that some https enforcement is active and pointing to the 
toolbar button for options.

What is bad about that is that when the notification is dismissed, the 
browser is forced to open https://www.eff.org/https-everywhere/faq

This is a privacy breach, as it informs the authors (and user's ISP) 
that there is a new installation of https-everywhere.

The attached patch adds a dedicated button to the notification bar. 
Pressing that button loads the FAQ page as before, and just dismissing 
the notification bar does nothing. In other words, it makes the user 
*request* the FAQ before loading it.

-- dam

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xul-ext-https-everywhere depends on:
ii  icedove    31.2.0-1
ii  iceweasel  33.1-1

xul-ext-https-everywhere recommends no packages.

xul-ext-https-everywhere suggests no packages.

-- no debconf information
Description: load FAQ after install only if requested
 The first time the browser is started after installing 
 xul-ext-https-everywhere, a notification bar is shown, informing of 
 the fact that some https enforcement is active and pointing to the 
 toolbar button for options.
 .
 What is bad about that is that when the notification is dismissed, the 
 browser is forced to open https://www.eff.org/https-everywhere/faq
 .
 This is a privacy breach, as it informs the authors (and user's ISP) 
 that there is a new installation of https-everywhere.
 .
 The attached patch adds a dedicated button to the notification bar. 
 Pressing that button loads the FAQ page as before, and just dismissing 
 the notification bar does nothing. In other words, it makes the user 
 *request* the FAQ before loading it.
Author: Damyan Ivanov <d...@debian.org>

--- a/src/chrome/content/toolbar_button.js
+++ b/src/chrome/content/toolbar_button.js
@@ -122,11 +122,15 @@ httpsEverywhere.toolbarButton = {
         'https-everywhere', 
         'chrome://https-everywhere/skin/https-everywhere-24.png', 
         nBox.PRIORITY_WARNING_MEDIUM,
-	[],
-	function(action) {
-	  // see https://developer.mozilla.org/en-US/docs/XUL/Method/appendNotification#Notification_box_events
-	  gBrowser.selectedTab = gBrowser.addTab(faqURL);
-	}
+        [
+            {   accessKey: 'F',
+                callback: function(ntf, btn) {
+                    // see https://developer.mozilla.org/en-US/docs/XUL/Method/appendNotification#Notification_box_events
+                    gBrowser.selectedTab = gBrowser.addTab(faqURL);
+                },
+                label: 'FAQ…',
+            }
+        ]
       );
     }
     gBrowser.removeEventListener("DOMContentLoaded", tb.handleShowHint, true);
_______________________________________________
Pkg-mozext-maintainers mailing list
Pkg-mozext-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers

Reply via email to