Commit ee2f0609 authored by Richard Pospesel's avatar Richard Pospesel Committed by Georg Koppen
Browse files

Bug 22501: Requests via javascript: violate FPI

By default NoScript attempts to find URLs in "javascript:.*" strings
found in <a> element href atributes and in <option> element value
attributes.  When such links (or options) are clicked/selected,
NoScript attempts to navigate the page to said URL.  These navigations
are treated as intternal requests, and get pacced onto the catch-all
circuit.

This behaviour can be turned off by disabling the 'noscript.fixLinks'
flag, so we do so for each Tor Browser build target's
extension-overrides.js.
parent 2d5b42b7
......@@ -38,6 +38,7 @@ pref("noscript.temp", "");
pref("noscript.untrusted", "");
pref("noscript.forbidMedia", false);
pref("noscript.allowWhitelistUpdates", false);
pref("noscript.fixLinks", false);
// Now handled by plugins.click_to_play
pref("noscript.forbidFlash", false);
pref("noscript.forbidSilverlight", false);
......
......@@ -38,6 +38,7 @@ pref("noscript.temp", "");
pref("noscript.untrusted", "");
pref("noscript.forbidMedia", false);
pref("noscript.allowWhitelistUpdates", false);
pref("noscript.fixLinks", false);
// Now handled by plugins.click_to_play
pref("noscript.forbidFlash", false);
pref("noscript.forbidSilverlight", false);
......
......@@ -38,6 +38,7 @@ pref("noscript.temp", "");
pref("noscript.untrusted", "");
pref("noscript.forbidMedia", false);
pref("noscript.allowWhitelistUpdates", false);
pref("noscript.fixLinks", false);
// Now handled by plugins.click_to_play
pref("noscript.forbidFlash", false);
pref("noscript.forbidSilverlight", false);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment