1. 17 Mar, 2021 1 commit
    • Richard Pospesel's avatar
      Bug 23247: Communicating security expectations for .onion · 3b0641f3
      Richard Pospesel authored and Matthew Finkel's avatar Matthew Finkel committed
      Encrypting pages hosted on Onion Services with SSL/TLS is redundant
      (in terms of hiding content) as all traffic within the Tor network is
      already fully encrypted.  Therefore, serving HTTP pages from an Onion
      Service is more or less fine.
      
      Prior to this patch, Tor Browser would mostly treat pages delivered
      via Onion Services as well as pages delivered in the ordinary fashion
      over the internet in the same way.  This created some inconsistencies
      in behaviour and misinformation presented to the user relating to the
      security of pages delivered via Onion Services:
      
       - HTTP Onion Service pages did not have any 'lock' icon indicating
         the site was secure
       - HTTP Onion Service pages would be marked as unencrypted in the Page
         Info screen
       - Mixed-mode content restrictions did not apply to HTTP Onion Service
         pages embedding Non-Onion HTTP content
      
      This patch fixes the above issues, and also adds several new 'Onion'
      icons to the mix to indicate all of the various permutations of Onion
      Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
      
      Strings for Onion Service Page Info page are pulled from Torbutton's
      localization strings.
      3b0641f3
  2. 18 Jan, 2021 1 commit
  3. 12 Nov, 2020 1 commit
  4. 30 Oct, 2020 1 commit
  5. 23 Oct, 2020 2 commits
  6. 17 Jul, 2020 1 commit
  7. 27 May, 2020 1 commit
  8. 25 May, 2020 1 commit
  9. 20 May, 2020 1 commit
  10. 12 May, 2020 2 commits
  11. 11 May, 2020 3 commits
  12. 12 May, 2020 2 commits
  13. 07 May, 2020 3 commits
  14. 06 May, 2020 3 commits
  15. 05 May, 2020 2 commits
  16. 29 Apr, 2020 1 commit
  17. 28 Apr, 2020 3 commits
  18. 24 Apr, 2020 1 commit
  19. 23 Apr, 2020 1 commit
  20. 22 Apr, 2020 6 commits
  21. 24 Apr, 2020 1 commit
  22. 20 Apr, 2020 1 commit
  23. 14 Apr, 2020 1 commit
    • Tooru Fujisawa's avatar
      Bug 1432749 - Part 2: Introduce WindowFeature class with spec-compliant... · 44806f8c
      Tooru Fujisawa authored
      Bug 1432749 - Part 2: Introduce WindowFeature class with spec-compliant tokenization, and use it both in nsGlobalWindowOuter and nsWindowWatcher. r=smaug
      
      WindowFeature provides the tokenization and access to the map.
      This changes the following behavior:
        * "*" value is removed, given it's unused.
          * Default width and default height handling is removed,
            given there's no callsites
        * Some chrome-priv feature handling becomes stricter:
          * All substring match is removed and directly checks the item in the map
      
      Also, fixed noopener=0 and noreferrer=0 options to be handled properly.
      
      Differential Revision: https://phabricator.services.mozilla.com/D67725
      
      --HG--
      extra : moz-landing-system : lando
      44806f8c