TB 8324: Prevent DNS proxy bypasses caused by Drag&Drop (8c468798) · Commits · The Tor Project / Applications / Tor Browser

browser/app/profile/000-tor-browser.js

+1 −0

Original line number	Diff line number	Diff line
		@@ -140,3 +140,4 @@ pref("browser.torMoat.loglevel", "Warn");
		pref("browser.tordomainisolator.loglevel", "Warn");
		pref("browser.torcircuitpanel.loglevel", "Log");
		pref("browser.tor_android.log_level", "Info");
		pref("browser.dragdropfilter.log_level", "Warn");

+1 −0

Original line number	Diff line number	Diff line
		@@ -58,6 +58,7 @@ category browser-first-window-ready resource://gre/modules/SandboxUtils.sys.mjs
		#endif
		category browser-first-window-ready moz-src:///browser/modules/ClipboardPrivacy.sys.mjs ClipboardPrivacy.init
		category browser-first-window-ready moz-src:///browser/modules/SecurityLevelNotification.sys.mjs SecurityLevelNotification.ready
		category browser-first-window-ready moz-src:///toolkit/modules/DragDropFilter.sys.mjs DragDropFilter.init

		category browser-idle-startup moz-src:///browser/components/places/PlacesUIUtils.sys.mjs PlacesUIUtils.unblockToolbars
		category browser-idle-startup resource:///modules/BuiltInThemes.sys.mjs BuiltInThemes.ensureBuiltInThemes

+5 −1

Original line number	Diff line number	Diff line
		@@ -1774,7 +1774,11 @@ ChromeUtils.defineLazyGetter(PlacesUIUtils, "URI_FLAVORS", () => {
		];
		});
		ChromeUtils.defineLazyGetter(PlacesUIUtils, "SUPPORTED_FLAVORS", () => {
		return [...PlacesUIUtils.PLACES_FLAVORS, ...PlacesUIUtils.URI_FLAVORS];
		return [
		...PlacesUIUtils.PLACES_FLAVORS,
		...PlacesUIUtils.URI_FLAVORS,
		"application/x-torbrowser-opaque",
		];
		});

		ChromeUtils.defineLazyGetter(PlacesUIUtils, "promptLocalization", () => {

+1 −0

Original line number	Diff line number	Diff line
		@@ -1277,6 +1277,7 @@ PlacesController.prototype = {
		[
		PlacesUtils.TYPE_X_MOZ_PLACE,
		PlacesUtils.TYPE_X_MOZ_URL,
		"application/x-torbrowser-opaque",
		PlacesUtils.TYPE_PLAINTEXT,
		].forEach(type => xferable.addDataFlavor(type));

+14 −2

Original line number	Diff line number	Diff line
		@@ -2,6 +2,12 @@
		* License, v. 2.0. If a copy of the MPL was not distributed with this
		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

		const lazy = {};

		ChromeUtils.defineESModuleGetters(lazy, {
		OpaqueDrag: "moz-src:///toolkit/modules/DragDropFilter.sys.mjs",
		});

		// This component is used for handling dragover and drop of urls.
		//
		// It checks to see whether a drop of a url is allowed. For instance, a url
		@@ -40,10 +46,15 @@ ContentAreaDropListener.prototype = {
		}
		}

		type = "text/x-moz-url";
		if (types.contains(type)) {
		for (let type of ["text/x-moz-url", "application/x-torbrowser-opaque"]) {
		if (!types.contains(type)) {
		continue;
		}
		data = dt.mozGetDataAt(type, i);
		if (data) {
		if (type === "application/x-torbrowser-opaque") {
		({ type, value: data = "" } = lazy.OpaqueDrag.retrieve(data));
		}
		let lines = data.split("\n");
		for (let i = 0, length = lines.length; i < length; i += 2) {
		this._addLink(links, lines[i], lines[i + 1], type);
		@@ -236,6 +247,7 @@ ContentAreaDropListener.prototype = {
		if (
		!types.includes("application/x-moz-file") &&
		!types.includes("text/x-moz-url") &&
		!types.includes("application/x-torbrowser-opaque") &&
		!types.includes("text/uri-list") &&
		!types.includes("text/x-moz-text-internal") &&
		!types.includes("text/plain")