commit 2f7c7fe8561b34da7107f0e5774bc91748dc6953
Author: Mike Perry <[email protected]>
Date: Tue Mar 1 01:57:19 2011 -0800
Fix bug #1999: Disable tor urls by default
Fixing these will be too problematic for 1.4.x. We'll block on this bug
forever otherwise. We throw an unknown protocol exception if this pref is
set
to prevent fingerprinting with this technique:
http://pseudo-flaw.net/tor/torbutton/scan-protocol-handlers.html
---
src/components/tor-protocol.js | 8 ++++++--
src/components/tors-protocol.js | 8 ++++++--
src/defaults/preferences/preferences.js | 1 +
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/components/tor-protocol.js b/src/components/tor-protocol.js
index e8bb68e..5bd27e3 100644
--- a/src/components/tor-protocol.js
+++ b/src/components/tor-protocol.js
@@ -48,12 +48,16 @@ Protocol.prototype =
newChannel: function(aURI)
{
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefBranch);
+ if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
+ throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
+ }
+
/*The protocol has been called, therefore we want to enable tor, wait for
it to activate return the new channel with the scheme of http.*/
var ios =
Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
.getService(Components.interfaces.nsIPromptService);
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
.getService(Components.interfaces.nsIWindowMediator);
diff --git a/src/components/tors-protocol.js b/src/components/tors-protocol.js
index ca82b47..8f02da8 100644
--- a/src/components/tors-protocol.js
+++ b/src/components/tors-protocol.js
@@ -48,12 +48,16 @@ Protocol.prototype =
newChannel: function(aURI)
{
+ var prefs = Components.classes["@mozilla.org/preferences-service;1"]
+ .getService(Components.interfaces.nsIPrefBranch);
+ if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) {
+ throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL;
+ }
+
/*The protocol has been called, therefore we want to enable tor, wait for
it to activate return the new channel with the scheme of https.*/
var ios =
Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService);
var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
.getService(Components.interfaces.nsIPromptService);
- var prefs = Components.classes["@mozilla.org/preferences-service;1"]
- .getService(Components.interfaces.nsIPrefBranch);
var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled");
var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
.getService(Components.interfaces.nsIWindowMediator);
diff --git a/src/defaults/preferences/preferences.js
b/src/defaults/preferences/preferences.js
index 3d4eac7..f12e849 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -164,6 +164,7 @@ pref("extensions.torbutton.fakerefresh", false);
pref("extensions.torbutton.customeref","");
pref("extensions.torbutton.disable_livemarks",true);
pref("extensions.torbutton.update_torbutton_via_tor",true);
+pref("extensions.torbutton.tor_urls",false);
// Opt out of Firefox addon pings:
// https://developer.mozilla.org/en/Addons/Working_with_AMO
pref("extensions.e0204bd5-9d31-402b-a99d-a6aa8ffebdca.getAddons.cache.enabled",
false);
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
