ma1 pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project /
Applications / Tor Browser
Commits:
373460c6 by hackademix at 2025-10-15T12:36:16+02:00
fixup! BB 40925: Implemented the Security Level component
BB 44242: Hand over Security Level's WebAssembly controls to NoScript
- - - - -
1 changed file:
- toolkit/components/securitylevel/SecurityLevel.sys.mjs
Changes:
=====================================
toolkit/components/securitylevel/SecurityLevel.sys.mjs
=====================================
@@ -79,6 +79,7 @@ const max_caps = [
"object",
"other",
"script",
+ "wasm",
"webgl",
"noscript",
];
@@ -247,7 +248,6 @@ var initializeNoScriptControl = () => {
// for each security setting. Note that 2-m and 3-m are identical,
// corresponding to the old 2-medium-high setting. We also separately
// bind NoScript settings to the browser.security_level.security_slider
-// (see noscript-control.js).
/* eslint-disable */
// prettier-ignore
const kSecuritySettings = {
@@ -260,7 +260,9 @@ const kSecuritySettings = {
"gfx.font_rendering.opentype_svg.enabled": [, false, false, false, true ],
"svg.disabled": [, true, false, false, false],
"javascript.options.asmjs": [, false, false, false, true ],
- "javascript.options.wasm": [, false, false, false, true ],
+ // tor-browser#44234, tor-browser#44242: this interferes with the correct
+ // functioning of the browser. So, WASM is also handled by NoScript now.
+ "javascript.options.wasm": [, true, true, true, true ],
};
/* eslint-enable */
@@ -327,16 +329,19 @@ var write_setting_to_prefs = function (settingIndex) {
// security settings matches. Otherwise return null.
var read_setting_from_prefs = function (prefNames) {
prefNames = prefNames || Object.keys(kSecuritySettings);
- for (let settingIndex of [1, 2, 3, 4]) {
+ for (const settingIndex of [1, 2, 3, 4]) {
let possibleSetting = true;
// For the given settingIndex, check if all current pref values
// match the setting.
- for (let prefName of prefNames) {
- if (
- kSecuritySettings[prefName][settingIndex] !==
- Services.prefs.getBoolPref(prefName)
- ) {
+ for (const prefName of prefNames) {
+ const wanted = kSecuritySettings[prefName][settingIndex];
+ const actual = Services.prefs.getBoolPref(prefName);
+ if (wanted !== actual) {
possibleSetting = false;
+ logger.info(
+ `${prefName} does not match level ${settingIndex}: ${actual}, should
be ${wanted}!`
+ );
+ break;
}
}
if (possibleSetting) {
@@ -361,7 +366,7 @@ var initializeSecurityPrefs = function () {
if (initializedSecPrefs) {
return;
}
- logger.info("Initializing security-prefs.js");
+ logger.info("Initializing security level");
initializedSecPrefs = true;
const wasCustom = Services.prefs.getBoolPref(kCustomPref, false);
@@ -369,6 +374,21 @@ var initializeSecurityPrefs = function () {
// and it should not be custom.
let desiredIndex = Services.prefs.getIntPref(kSliderPref, 4);
desiredIndex = fixupIndex(desiredIndex);
+
+ if (!(wasCustom && desiredIndex == 4)) {
+ // The current level is non-customized Standard, or
+ // Safer / Safest (either customized or not): the global
+ // javascript.options.wasm pref interferes with the correct
+ // functioning of the browser, so instead we rely on NoScript
+ // to disable WebAssembly now (tor-browser#44234, tor-browser#44242).
+ // We skip flipping in customized Standard, because if its value was
+ // found false under such as circumstance, that would suggest
+ // an intentional user choice we don't want to interfere with.
+ // Unlike other javascript.options.* preferences, this one is safe
+ // to flip without a browser restart because it's checked whenever a
+ // context is created.
+ Services.prefs.setBoolPref("javascript.options.wasm", true);
+ }
// Make sure the user has a set preference user value.
Services.prefs.setIntPref(kSliderPref, desiredIndex);
Services.prefs.setBoolPref(kCustomPref, wasCustom);
@@ -448,7 +468,7 @@ var initializeSecurityPrefs = function () {
});
}
- logger.info("security-prefs.js initialization complete");
+ logger.info("Security level initialization complete");
};
// tor-browser#41460: we changed preference names in 12.0.
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/373460c6f07fbcdc0e480e942514fa5b99f291a3
--
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/373460c6f07fbcdc0e480e942514fa5b99f291a3
You're receiving this email because of your account on gitlab.torproject.org.
_______________________________________________
tbb-commits mailing list -- [email protected]
To unsubscribe send an email to [email protected]
