Loading toolkit/actors/FilesFilterChild.sys.mjs 0 → 100644 +64 −0 Original line number Diff line number Diff line /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ const lazy = {}; ChromeUtils.defineLazyGetter(lazy, "console", () => { return console.createInstance({ prefix: "FilesFilter", }); }); export class FilesFilterChild extends JSWindowActorChild { handleEvent(event) { if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) { return; } // drop or paste const { composedTarget } = event; const dt = event.clipboardData || event.dataTransfer; if ([...dt.files].some(f => f.mozFullPath)) { if ( ["HTMLInputElement", "HTMLTextAreaElement"].includes( ChromeUtils.getClassName(composedTarget) ) ) { event.preventDefault(); lazy.console.log( `Preventing path leak on ${event.type} for ${[...dt.files] .map(f => `${f.name} (${f.mozFullPath})`) .join(", ")}.` ); } return; } // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) { return; } // check wether the clipboard contains a file const { clipboard } = Services; if ( [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( clipboardType => clipboard.isClipboardTypeSupported(clipboardType) && clipboard.hasDataMatchingFlavors( ["application/x-moz-file"], clipboardType ) ) ) { event.preventDefault(); event.stopPropagation(); lazy.console.log( `Preventing path leak on "Paste Without Formatting" for ${dt.getData( "text" )}.` ); } } } toolkit/actors/FilesFilterParent.sys.mjs 0 → 100644 +7 −0 Original line number Diff line number Diff line /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ export class FilesFilterParent extends JSWindowActorParent { // just a stub for now } toolkit/actors/moz.build +2 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", "FilesFilterChild.sys.mjs", "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", Loading toolkit/modules/ActorManagerParent.sys.mjs +16 −0 Original line number Diff line number Diff line Loading @@ -354,6 +354,22 @@ let JSWINDOWACTORS = { allFrames: true, }, FilesFilter: { parent: { esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", }, child: { esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", events: { drop: {}, paste: { capture: true }, }, }, allFrames: true, }, FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", Loading Loading
toolkit/actors/FilesFilterChild.sys.mjs 0 → 100644 +64 −0 Original line number Diff line number Diff line /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ const lazy = {}; ChromeUtils.defineLazyGetter(lazy, "console", () => { return console.createInstance({ prefix: "FilesFilter", }); }); export class FilesFilterChild extends JSWindowActorChild { handleEvent(event) { if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) { return; } // drop or paste const { composedTarget } = event; const dt = event.clipboardData || event.dataTransfer; if ([...dt.files].some(f => f.mozFullPath)) { if ( ["HTMLInputElement", "HTMLTextAreaElement"].includes( ChromeUtils.getClassName(composedTarget) ) ) { event.preventDefault(); lazy.console.log( `Preventing path leak on ${event.type} for ${[...dt.files] .map(f => `${f.name} (${f.mozFullPath})`) .join(", ")}.` ); } return; } // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) { return; } // check wether the clipboard contains a file const { clipboard } = Services; if ( [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( clipboardType => clipboard.isClipboardTypeSupported(clipboardType) && clipboard.hasDataMatchingFlavors( ["application/x-moz-file"], clipboardType ) ) ) { event.preventDefault(); event.stopPropagation(); lazy.console.log( `Preventing path leak on "Paste Without Formatting" for ${dt.getData( "text" )}.` ); } } }
toolkit/actors/FilesFilterParent.sys.mjs 0 → 100644 +7 −0 Original line number Diff line number Diff line /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ export class FilesFilterParent extends JSWindowActorParent { // just a stub for now }
toolkit/actors/moz.build +2 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", "FilesFilterChild.sys.mjs", "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", Loading
toolkit/modules/ActorManagerParent.sys.mjs +16 −0 Original line number Diff line number Diff line Loading @@ -354,6 +354,22 @@ let JSWINDOWACTORS = { allFrames: true, }, FilesFilter: { parent: { esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", }, child: { esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", events: { drop: {}, paste: { capture: true }, }, }, allFrames: true, }, FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", Loading
