browser/components/search/SearchSERPTelemetry.jsm

@@ -96,13 +96,7 @@ class TelemetryHandler {
       return;
     }
 
-    this._telemetrySettings = RemoteSettings(TELEMETRY_SETTINGS_KEY);
     let rawProviderInfo = [];
-    try {
-      rawProviderInfo = await this._telemetrySettings.get();
-    } catch (ex) {
-      logConsole.error("Could not get settings:", ex);
-    }
 
     // Send the provider info to the child handler.
     this._contentHandler.init(rawProviderInfo);

browser/components/securitylevel/content/securityLevel.js

+"use strict";
+
+/* global AppConstants, Services, openPreferences, XPCOMUtils */
+
+XPCOMUtils.defineLazyGetter(this, "SecurityLevelStrings", () => {
+  let strings = {
+    // Generic terms
+    security_level: "Security Level",
+    security_level_standard: "Standard",
+    security_level_safer: "Safer",
+    security_level_safest: "Safest",
+    security_level_tooltip_standard: "Security Level: Standard",
+    security_level_tooltip_safer: "Security Level: Safer",
+    security_level_tooltip_safest: "Security Level: Safest",
+    // Shown only for custom level
+    security_level_custom: "Custom",
+    security_level_restore: "Restore Defaults",
+    security_level_learn_more: "Learn more",
+    // Panel
+    security_level_open_settings: "Settings…",
+    security_level_standard_summary:
+      "All browser and website features are enabled.",
+    security_level_safer_summary:
+      "Disables website features that are often dangerous, causing some sites to lose functionality.",
+    security_level_safest_summary:
+      "Only allows website features required for static sites and basic services. These changes affect images, media, and scripts.",
+    security_level_custom_heading: "Custom security level configured",
+    security_level_custom_summary:
+      "Your custom browser preferences have resulted in unusual security settings. For security and privacy reasons, we recommend you choose one of the default security levels.",
+    // Security level section in about:preferences#privacy
+    security_level_overview:
+      "Disable certain web features that can be used to attack your security and anonymity.",
+    security_level_list_safer: "At the safer setting:",
+    security_level_list_safest: "At the safest setting:",
+    // Strings for descriptions
+    security_level_js_https_only: "JavaScript is disabled on non-HTTPS sites.",
+    security_level_js_disabled:
+      "JavaScript is disabled by default on all sites.",
+    security_level_limit_typography:
+      "Some fonts and math symbols are disabled.",
+    security_level_limit_typography_svg:
+      "Some fonts, icons, math symbols, and images are disabled.",
+    security_level_limit_media:
+      "Audio and video (HTML5 media), and WebGL are click-to-play.",
+  };
+  let bundle = null;
+  try {
+    bundle = Services.strings.createBundle(
+      "chrome://browser/locale/securityLevel.properties"
+    );
+  } catch (e) {
+    console.warn("Could not load the Security Level strings");
+  }
+  if (bundle) {
+    for (const key of Object.keys(strings)) {
+      try {
+        strings[key] = bundle.GetStringFromName(key);
+      } catch (e) {}
+    }
+  }
+  return strings;
+});
+
+/*
+  Security Level Prefs
+
+  Getters and Setters for relevant torbutton prefs
+*/
+var SecurityLevelPrefs = {
+  SecurityLevels: Object.freeze({
+    safest: 1,
+    safer: 2,
+    standard: 4,
+  }),
+  security_slider_pref: "browser.security_level.security_slider",
+  security_custom_pref: "browser.security_level.security_custom",
+
+  get securityLevel() {
+    // Set the default return value to 0, which won't match anything in
+    // SecurityLevels.
+    const val = Services.prefs.getIntPref(this.security_slider_pref, 0);
+    return Object.entries(this.SecurityLevels).find(
+      entry => entry[1] === val
+    )?.[0];
+  },
+
+  set securityLevel(level) {
+    const val = this.SecurityLevels[level];
+    if (val !== undefined) {
+      Services.prefs.setIntPref(this.security_slider_pref, val);
+    }
+  },
+
+  get securityCustom() {
+    return Services.prefs.getBoolPref(this.security_custom_pref);
+  },
+
+  set securityCustom(val) {
+    Services.prefs.setBoolPref(this.security_custom_pref, val);
+  },
+}; /* Security Level Prefs */
+
+/*
+  Security Level Button Code
+
+  Controls init and update of the security level toolbar button
+*/
+
+var SecurityLevelButton = {
+  _securityPrefsBranch: null,
+  /**
+   * Whether we have added popup listeners to the panel.
+   *
+   * @type {boolean}
+   */
+  _panelPopupListenersSetup: false,
+  /**
+   * The toolbar button element.
+   *
+   * @type {Element}
+   */
+  _button: null,
+  /**
+   * The button that the panel should point to. Either the toolbar button or the
+   * overflow button.
+   *
+   * @type {Element}
+   */
+  _anchorButton: null,
+
+  _configUIFromPrefs() {
+    const level = SecurityLevelPrefs.securityLevel;
+    if (!level) {
+      return;
+    }
+    const customStr = SecurityLevelPrefs.securityCustom ? "_custom" : "";
+    this._button.setAttribute("level", `${level}${customStr}`);
+    this._button.setAttribute(
+      "tooltiptext",
+      SecurityLevelStrings[`security_level_tooltip_${level}`]
+    );
+  },
+
+  /**
+   * Open the panel popup for the button.
+   */
+  openPopup() {
+    let anchorNode;
+    const overflowPanel = document.getElementById("widget-overflow");
+    if (overflowPanel.contains(this._button)) {
+      // We are in the overflow panel.
+      // We first close the overflow panel, otherwise focus will not return to
+      // the nav-bar-overflow-button if the security level panel is closed with
+      // "Escape" (the navigation toolbar does not track focus when a panel is
+      // opened whilst another is already open).
+      // NOTE: In principle, using PanelMultiView would allow us to open panels
+      // from within another panel. However, when using panelmultiview for the
+      // security level panel, tab navigation was broken within the security
+      // level panel. PanelMultiView may be set up to work with a menu-like
+      // panel rather than our dialog-like panel.
+      overflowPanel.hidePopup();
+      this._anchorButton = document.getElementById("nav-bar-overflow-button");
+      anchorNode = this._anchorButton.icon;
+    } else {
+      this._anchorButton = this._button;
+      anchorNode = this._button.badgeStack;
+    }
+
+    const panel = SecurityLevelPanel.panel;
+    if (!this._panelPopupListenersSetup) {
+      this._panelPopupListenersSetup = true;
+      // NOTE: We expect the _anchorButton to not change whilst the popup is
+      // open.
+      panel.addEventListener("popupshown", () => {
+        this._anchorButton.setAttribute("open", "true");
+      });
+      panel.addEventListener("popuphidden", () => {
+        this._anchorButton.removeAttribute("open");
+      });
+    }
+
+    panel.openPopup(anchorNode, "bottomcenter topright", 0, 0, false);
+  },
+
+  init() {
+    // We first search in the DOM for the security level button. If it does not
+    // exist it may be in the toolbox palette. We still want to return the
+    // button in the latter case to allow it to be initialized or adjusted in
+    // case it is added back through customization.
+    this._button =
+      document.getElementById("security-level-button") ||
+      window.gNavToolbox.palette.querySelector("#security-level-button");
+    // Set a label to be be used as the accessible name, and to be shown in the
+    // overflow menu and during customization.
+    this._button.setAttribute("label", SecurityLevelStrings.security_level);
+    this._button.addEventListener("command", () => this.openPopup());
+    // set the initial class based off of the current pref
+    this._configUIFromPrefs();
+
+    this._securityPrefsBranch = Services.prefs.getBranch(
+      "browser.security_level."
+    );
+    this._securityPrefsBranch.addObserver("", this);
+
+    SecurityLevelPanel.init();
+  },
+
+  uninit() {
+    this._securityPrefsBranch.removeObserver("", this);
+    this._securityPrefsBranch = null;
+
+    SecurityLevelPanel.uninit();
+  },
+
+  observe(subject, topic, data) {
+    switch (topic) {
+      case "nsPref:changed":
+        if (data === "security_slider" || data === "security_custom") {
+          this._configUIFromPrefs();
+        }
+        break;
+    }
+  },
+}; /* SecurityLevelButton */
+
+/*
+  Security Level Panel Code
+
+  Controls init and update of the panel in the security level hanger
+*/
+
+var SecurityLevelPanel = {
+  _securityPrefsBranch: null,
+  _populated: false,
+
+  _populateXUL() {
+    this._elements = {
+      panel: document.getElementById("securityLevel-panel"),
+      background: document.getElementById("securityLevel-background"),
+      levelName: document.getElementById("securityLevel-level"),
+      customName: document.getElementById("securityLevel-custom"),
+      summary: document.getElementById("securityLevel-summary"),
+      restoreDefaultsButton: document.getElementById(
+        "securityLevel-restoreDefaults"
+      ),
+      settingsButton: document.getElementById("securityLevel-settings"),
+    };
+
+    document.getElementById("securityLevel-header").textContent =
+      SecurityLevelStrings.security_level;
+    this._elements.customName.textContent =
+      SecurityLevelStrings.security_level_custom;
+    const learnMoreEl = document.getElementById("securityLevel-learnMore");
+    learnMoreEl.textContent = SecurityLevelStrings.security_level_learn_more;
+    learnMoreEl.addEventListener("click", event => {
+      window.openTrustedLinkIn(learnMoreEl.href, "tab");
+      this.hide();
+      event.preventDefault();
+    });
+    this._elements.restoreDefaultsButton.textContent =
+      SecurityLevelStrings.security_level_restore;
+    this._elements.settingsButton.textContent =
+      SecurityLevelStrings.security_level_open_settings;
+
+    this._elements.restoreDefaultsButton.addEventListener("command", () => {
+      this.restoreDefaults();
+    });
+    this._elements.settingsButton.addEventListener("command", () => {
+      this.openSecuritySettings();
+    });
+
+    this._elements.panel.addEventListener("popupshown", () => {
+      // Bring focus into the panel by focusing the default button.
+      this._elements.panel.querySelector('button[default="true"]').focus();
+    });
+
+    this._populated = true;
+    this._configUIFromPrefs();
+  },
+
+  _configUIFromPrefs() {
+    if (!this._populated) {
+      console.warn("_configUIFromPrefs before XUL was populated.");
+      return;
+    }
+
+    // get security prefs
+    const level = SecurityLevelPrefs.securityLevel;
+    const custom = SecurityLevelPrefs.securityCustom;
+
+    // only visible when user is using custom settings
+    this._elements.customName.hidden = !custom;
+    this._elements.restoreDefaultsButton.hidden = !custom;
+    if (custom) {
+      this._elements.settingsButton.removeAttribute("default");
+      this._elements.restoreDefaultsButton.setAttribute("default", "true");
+    } else {
+      this._elements.settingsButton.setAttribute("default", "true");
+      this._elements.restoreDefaultsButton.removeAttribute("default");
+    }
+
+    // Descriptions change based on security level
+    this._elements.background.setAttribute("level", level);
+    this._elements.levelName.textContent =
+      SecurityLevelStrings[`security_level_${level}`];
+    this._elements.summary.textContent = custom
+      ? SecurityLevelStrings.security_level_custom_summary
+      : SecurityLevelStrings[`security_level_${level}_summary`];
+  },
+
+  /**
+   * The popup element.
+   *
+   * @type {MozPanel}
+   */
+  get panel() {
+    if (!this._populated) {
+      this._populateXUL();
+    }
+    return this._elements.panel;
+  },
+
+  init() {
+    this._securityPrefsBranch = Services.prefs.getBranch(
+      "browser.security_level."
+    );
+    this._securityPrefsBranch.addObserver("", this);
+  },
+
+  uninit() {
+    this._securityPrefsBranch.removeObserver("", this);
+    this._securityPrefsBranch = null;
+  },
+
+  hide() {
+    this._elements.panel.hidePopup();
+  },
+
+  restoreDefaults() {
+    SecurityLevelPrefs.securityCustom = false;
+    // Move focus to the settings button since restore defaults button will
+    // become hidden.
+    this._elements.settingsButton.focus();
+  },
+
+  openSecuritySettings() {
+    openPreferences("privacy-securitylevel");
+    this.hide();
+  },
+
+  // callback when prefs change
+  observe(subject, topic, data) {
+    switch (topic) {
+      case "nsPref:changed":
+        if (data == "security_slider" || data == "security_custom") {
+          this._configUIFromPrefs();
+        }
+        break;
+    }
+  },
+}; /* SecurityLevelPanel */
+
+/*
+  Security Level Preferences Code
+
+  Code to handle init and update of security level section in about:preferences#privacy
+*/
+
+var SecurityLevelPreferences = {
+  _securityPrefsBranch: null,
+  /**
+   * The notification box shown when the user has a custom security setting.
+   *
+   * @type {Element}
+   */
+  _customNotification: null,
+  /**
+   * The radiogroup for this preference.
+   *
+   * @type {Element}
+   */
+  _radiogroup: null,
+  /**
+   * A list of radio options and their containers.
+   *
+   * @type {Array<Object>}
+   */
+  _radioOptions: null,
+
+  _populateXUL() {
+    this._customNotification = document.getElementById(
+      "securityLevel-customNotification"
+    );
+    this._radiogroup = document.getElementById("securityLevel-radiogroup");
+
+    document.querySelector("#securityLevel-groupbox h2").textContent =
+      SecurityLevelStrings.security_level;
+    document.getElementById("securityLevel-overview").textContent =
+      SecurityLevelStrings.security_level_overview;
+    document
+      .getElementById("securityLevel-learnMore")
+      .setAttribute("value", SecurityLevelStrings.security_level_learn_more);
+
+    document.getElementById("securityLevel-customHeading").textContent =
+      SecurityLevelStrings.security_level_custom_heading;
+    document.getElementById("securityLevel-customDescription").textContent =
+      SecurityLevelStrings.security_level_custom_summary;
+    const restoreDefaultsButton = document.getElementById(
+      "securityLevel-restoreDefaults"
+    );
+    restoreDefaultsButton.textContent =
+      SecurityLevelStrings.security_level_restore;
+
+    this._radioOptions = Array.from(
+      this._radiogroup.querySelectorAll(".securityLevel-radio-option"),
+      container => {
+        return { container, radio: container.querySelector("radio") };
+      }
+    );
+    const descListItemsMap = {
+      safer: [
+        SecurityLevelStrings.security_level_js_https_only,
+        SecurityLevelStrings.security_level_limit_typography,
+        SecurityLevelStrings.security_level_limit_media,
+      ],
+      safest: [
+        SecurityLevelStrings.security_level_js_disabled,
+        SecurityLevelStrings.security_level_limit_typography_svg,
+        SecurityLevelStrings.security_level_limit_media,
+      ],
+    };
+    for (const { container, radio } of this._radioOptions) {
+      const level = radio.value;
+      radio.setAttribute(
+        "label",
+        SecurityLevelStrings[`security_level_${level}`]
+      );
+      container.querySelector(".summary").textContent =
+        SecurityLevelStrings[`security_level_${level}_summary`];
+      const descListItems = descListItemsMap[level];
+      if (!descListItems) {
+        continue;
+      }
+      const descrList = container.querySelector(
+        ".securityLevel-descriptionList"
+      );
+      // TODO: Add the elements in securityLevelPreferences.inc.xhtml again
+      // when we switch to Fluent
+      for (const text of descListItems) {
+        let elem = document.createXULElement("description");
+        elem.textContent = text;
+        elem.className = "indent";
+        descrList.append(elem);
+      }
+    }
+
+    restoreDefaultsButton.addEventListener("command", () => {
+      SecurityLevelPrefs.securityCustom = false;
+    });
+    this._radiogroup.addEventListener("select", () => {
+      SecurityLevelPrefs.securityLevel = this._radiogroup.value;
+    });
+  },
+
+  _configUIFromPrefs() {
+    this._radiogroup.value = SecurityLevelPrefs.securityLevel;
+    const isCustom = SecurityLevelPrefs.securityCustom;
+    this._radiogroup.disabled = isCustom;
+    this._customNotification.hidden = !isCustom;
+    // Have the container's selection CSS class match the selection state of the
+    // radio elements.
+    for (const { container, radio } of this._radioOptions) {
+      container.classList.toggle(
+        "securityLevel-radio-option-selected",
+        radio.selected
+      );
+    }
+  },
+
+  init() {
+    // populate XUL with localized strings
+    this._populateXUL();
+
+    // read prefs and populate UI
+    this._configUIFromPrefs();
+
+    // register for pref chagnes
+    this._securityPrefsBranch = Services.prefs.getBranch(
+      "browser.security_level."
+    );
+    this._securityPrefsBranch.addObserver("", this);
+  },
+
+  uninit() {
+    // unregister for pref change events
+    this._securityPrefsBranch.removeObserver("", this);
+    this._securityPrefsBranch = null;
+  },
+
+  // callback for when prefs change
+  observe(subject, topic, data) {
+    switch (topic) {
+      case "nsPref:changed":
+        if (data == "security_slider" || data == "security_custom") {
+          this._configUIFromPrefs();
+        }
+        break;
+    }
+  },
+}; /* SecurityLevelPreferences */

browser/components/securitylevel/content/securityLevelButton.css

+toolbarbutton#security-level-button[level="standard"] {
+  list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#standard");
+}
+toolbarbutton#security-level-button[level="safer"] {
+  list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safer");
+}
+toolbarbutton#security-level-button[level="safest"] {
+  list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safest");
+}
+toolbarbutton#security-level-button[level="standard_custom"] {
+  list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#standard_custom");
+}
+toolbarbutton#security-level-button[level="safer_custom"] {
+  list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safer_custom");
+}
+toolbarbutton#security-level-button[level="safest_custom"] {
+  list-style-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safest_custom");
+}
\ No newline at end of file

browser/components/securitylevel/content/securityLevelButton.inc.xhtml

+<toolbarbutton id="security-level-button"
+               class="toolbarbutton-1 chromeclass-toolbar-additional"
+               badged="true"
+               removable="true"
+               cui-areatype="toolbar"/>

browser/components/securitylevel/content/securityLevelIcon.svg

+<svg width="16" height="16" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <style>
+    use:not(:target) {
+      display: none;
+    }
+  </style>
+  <defs>
+    <g id="standard_icon" stroke="none" stroke-width="1">
+      <path clip-rule="evenodd" d="m8.49614.283505c-.30743-.175675-.68485-.175675-.99228.000001l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 4.0133-.9164 7-6 7-10v-1.41968c0-.35886-.1923-.6902-.5039-.86824zm-.49614 1.216495-5.75 3.28571v1.2746c0 1.71749.65238 3.7522 1.78726 5.46629 1.07287 1.6204 2.47498 2.8062 3.96274 3.2425 1.48776-.4363 2.8899-1.6221 3.9627-3.2425 1.1349-1.71409 1.7873-3.7488 1.7873-5.46629v-1.2746z" fill-rule="evenodd" />
+    </g>
+    <g id="safer_icon" stroke="none" stroke-width="1">
+      <path clip-rule="evenodd" d="m8.49614.283505c-.30743-.175675-.68485-.175675-.99228.000001l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 4.0133-.9164 7-6 7-10v-1.41968c0-.35886-.1923-.6902-.5039-.86824zm-.49614 1.216495-5.75 3.28571v1.2746c0 1.71749.65238 3.7522 1.78726 5.46629 1.07287 1.6204 2.47498 2.8062 3.96274 3.2425 1.48776-.4363 2.8899-1.6221 3.9627-3.2425 1.1349-1.71409 1.7873-3.7488 1.7873-5.46629v-1.2746z" fill-rule="evenodd"/>
+      <path d="m3.5 6.12062v-.40411c0-.08972.04807-.17255.12597-.21706l4-2.28572c.16666-.09523.37403.02511.37403.21707v10.0766c-1.01204-.408-2.054-1.3018-2.92048-2.6105-1.02134-1.54265-1.57952-3.34117-1.57952-4.77628z"/>
+    </g>
+    <g id="safest_icon" stroke="none" stroke-width="1">
+      <path clip-rule="evenodd" d="m8.49614.283505c-.30743-.175675-.68485-.175675-.99228.000001l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 4.0133-.9164 7-6 7-10v-1.41968c0-.35886-.1923-.6902-.5039-.86824zm-.49614 1.216495-5.75 3.28571v1.2746c0 1.71749.65238 3.7522 1.78726 5.46629 1.07287 1.6204 2.47498 2.8062 3.96274 3.2425 1.48776-.4363 2.8899-1.6221 3.9627-3.2425 1.1349-1.71409 1.7873-3.7488 1.7873-5.46629v-1.2746z" fill-rule="evenodd"/>
+      <path d="m3.5 6.12062v-.40411c0-.08972.04807-.17255.12597-.21706l4.25-2.42857c.07685-.04392.17121-.04392.24806 0l4.24997 2.42857c.0779.04451.126.12734.126.21706v.40411c0 1.43511-.5582 3.23363-1.5795 4.77628-.8665 1.3087-1.90846 2.2025-2.9205 2.6105-1.01204-.408-2.054-1.3018-2.92048-2.6105-1.02134-1.54265-1.57952-3.34117-1.57952-4.77628z"/>
+    </g>
+    <g id="standard_custom_icon" stroke="none" stroke-width="1">
+      <path d="m9.37255.784312-.87641-.500806c-.30743-.175676-.68485-.175676-.99228 0l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 3.7599-.8585 6.6186-5.3745 6.9647-9.23043-.4008.20936-.8392.35666-1.3024.42914-.2132 1.43414-.8072 2.98009-1.6996 4.32789-1.0728 1.6204-2.47494 2.8062-3.9627 3.2425-1.48776-.4363-2.88987-1.6221-3.96274-3.2425-1.13488-1.71409-1.78726-3.7488-1.78726-5.46629v-1.2746l5.75-3.28571.86913.49664c.10502-.43392.27664-.84184.50342-1.212328z"/>
+      <circle cx="13" cy="3" fill="#ffbd2e" r="3"/>
+    </g>
+    <g id="safer_custom_icon" stroke="none" stroke-width="1">
+      <path d="m9.37255.784312-.87641-.500806c-.30743-.175676-.68485-.175676-.99228 0l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 3.7599-.8585 6.6186-5.3745 6.9647-9.23043-.4008.20936-.8392.35666-1.3024.42914-.2132 1.43414-.8072 2.98009-1.6996 4.32789-1.0728 1.6204-2.47494 2.8062-3.9627 3.2425-1.48776-.4363-2.88987-1.6221-3.96274-3.2425-1.13488-1.71409-1.78726-3.7488-1.78726-5.46629v-1.2746l5.75-3.28571.86913.49664c.10502-.43392.27664-.84184.50342-1.212328z"/>
+      <path d="m3.5 6.12062v-.40411c0-.08972.04807-.17255.12597-.21706l4-2.28572c.16666-.09523.37403.02511.37403.21707v10.0766c-1.01204-.408-2.054-1.3018-2.92048-2.6105-1.02134-1.54265-1.57952-3.34117-1.57952-4.77628z"/>
+      <circle cx="13" cy="3" fill="#ffbd2e" r="3"/>
+    </g>
+    <g id="safest_custom_icon" stroke="none" stroke-width="1">
+      <path d="m9.37255.784312-.87641-.500806c-.30743-.175676-.68485-.175676-.99228 0l-6 3.428574c-.31157.17804-.50386.50938-.50386.86824v1.41968c0 4 2.98667 9.0836 7 10 3.7599-.8585 6.6186-5.3745 6.9647-9.23043-.4008.20936-.8392.35666-1.3024.42914-.2132 1.43414-.8072 2.98009-1.6996 4.32789-1.0728 1.6204-2.47494 2.8062-3.9627 3.2425-1.48776-.4363-2.88987-1.6221-3.96274-3.2425-1.13488-1.71409-1.78726-3.7488-1.78726-5.46629v-1.2746l5.75-3.28571.86913.49664c.10502-.43392.27664-.84184.50342-1.212328z"/>
+      <path d="m8.77266 3.44151-.64863-.37064c-.07685-.04392-.17121-.04392-.24806 0l-4.25 2.42857c-.0779.04451-.12597.12735-.12597.21706v.40412c0 1.4351.55818 3.23362 1.57952 4.77618.86648 1.3087 1.90844 2.2026 2.92048 2.6106 1.01204-.408 2.054-1.3018 2.9205-2.6106.7761-1.17217 1.2847-2.49215 1.4843-3.68816-1.9219-.26934-3.43158-1.82403-3.63214-3.76713z"/>
+      <circle cx="13" cy="3" fill="#ffbd2e" r="3"/>
+    </g>
+  </defs>
+  <use id="standard" fill="context-fill" fill-opacity="context-fill-opacity" href="#standard_icon" />
+  <use id="safer" fill="context-fill" fill-opacity="context-fill-opacity" href="#safer_icon" />
+  <use id="safest" fill="context-fill" fill-opacity="context-fill-opacity" href="#safest_icon" />
+  <use id="standard_custom" fill="context-fill" fill-opacity="context-fill-opacity" href="#standard_custom_icon" />
+  <use id="safer_custom" fill="context-fill" fill-opacity="context-fill-opacity" href="#safer_custom_icon" />
+  <use id="safest_custom" fill="context-fill" fill-opacity="context-fill-opacity" href="#safest_custom_icon" />
+</svg>

browser/components/securitylevel/content/securityLevelPanel.css

+/* Security Level CSS */
+
+#securityLevel-background {
+  /* xul:vbox with display: block will be correctly measured in size by the
+   * parent xul:panel, with line-wrapping taken into account, and allocated the
+   * required space. */
+  display: block;
+  min-height: 10em;
+  padding-inline: 16px;
+  background-repeat: no-repeat;
+  background-position-y: top 0.4em;
+  /* Icon center should be in-line with end padding.
+   * We set the right-to-left position here, and the left-to-right position
+   * below. */
+  --background-inline-offset: calc(16px - 4.5em);
+  background-position-x: left var(--background-inline-offset);
+  background-size: 9em 9em;
+  -moz-context-properties: fill, fill-opacity;
+  fill-opacity: 1;
+  fill: var(--button-bgcolor);
+}
+
+/* NOTE: Use ":dir" instead of ":-moz-locale-dir" when panel switches to HTML. */
+#securityLevel-background:-moz-locale-dir(ltr) {
+  background-position-x: right var(--background-inline-offset);
+}
+
+#securityLevel-background[level="standard"] {
+  background-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#standard");
+}
+
+#securityLevel-background[level="safer"] {
+  background-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safer");
+}
+
+#securityLevel-background[level="safest"] {
+  background-image: url("chrome://browser/content/securitylevel/securityLevelIcon.svg#safest");
+}
+
+/* Override margin in panelUI-shared.css */
+#securityLevel-panel toolbarseparator#securityLevel-separator {
+  margin-inline: 16px;
+}
+
+#securityLevel-level {
+  font-size: 1.25em;
+  font-weight: 600;
+}
+
+#securityLevel-custom {
+  border-radius: 4px;
+  background-color: var(--warning-color);
+  color: black;
+  padding: 0.4em 0.5em;
+  margin-inline-start: 1em;
+}
+
+#securityLevel-summary {
+  padding-inline-end: 5em;
+  max-width: 20em;
+}

browser/components/securitylevel/content/securityLevelPanel.inc.xhtml

+<panel id="securityLevel-panel"
+       role="dialog"
+       aria-labelledby="securityLevel-header"
+       aria-describedby="securityLevel-subheading securityLevel-summary"
+       type="arrow"
+       orient="vertical"
+       level="top"
+       class="cui-widget-panel panel-no-padding">
+  <box class="panel-header">
+    <html:h1 id="securityLevel-header"></html:h1>
+  </box>
+  <toolbarseparator id="securityLevel-separator"></toolbarseparator>
+  <vbox id="securityLevel-background" class="panel-subview-body">
+    <html:p id="securityLevel-subheading">
+      <html:span id="securityLevel-level"></html:span>
+      <html:span id="securityLevel-custom"></html:span>
+    </html:p>
+    <html:p id="securityLevel-summary"></html:p>
+    <html:a id="securityLevel-learnMore" href="about:manual#security-settings">
+    </html:a>
+  </vbox>
+  <hbox class="panel-footer">
+    <button id="securityLevel-settings"/>
+    <button id="securityLevel-restoreDefaults"/>
+  </hbox>
+</panel>

browser/components/securitylevel/content/securityLevelPreferences.css

+#securityLevel-groupbox {
+  --section-highlight-background-color: color-mix(in srgb, var(--in-content-accent-color) 20%, transparent);
+}
+
+#securityLevel-customNotification {
+  /* Spacing similar to #fpiIncompatibilityWarning. */
+  margin-block: 16px;
+}
+
+.info-icon.securityLevel-custom-warning-icon {
+  list-style-image: url("chrome://global/skin/icons/warning.svg");
+}
+
+#securityLevel-customHeading {
+  font-weight: bold;
+}
+
+/* Overwrite indent rule from preferences.css */
+#securityLevel-radiogroup description.indent {
+  color: var(--in-content-page-color);
+}
+
+#securityLevel-radiogroup radio {
+  font-weight: bold;
+}
+
+#securityLevel-radiogroup[disabled] {
+  opacity: 0.5;
+}
+
+/* Overwrite the rule in common-shared.css so we don't get 0.25 opacity overall
+ * on the radio text. */
+#securityLevel-radiogroup[disabled] radio[disabled] {
+  opacity: 1.0;
+}
+
+.securityLevel-radio-option {
+  border: 1px solid var(--in-content-box-border-color);
+  border-radius: 4px;
+  margin: 3px 0;
+  padding: 9px;
+}
+
+.securityLevel-radio-option.securityLevel-radio-option-selected {
+  background-color: var(--section-highlight-background-color);
+  border: 1px solid var(--in-content-accent-color);
+
+}
+
+.securityLevel-radio-option:not(
+  .securityLevel-radio-option-selected
+) .securityLevel-descriptionList {
+  display: none;
+}
+
+.securityLevel-descriptionList description {
+  display: list-item;
+}

browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml

+<groupbox id="securityLevel-groupbox"
+          data-category="panePrivacy"
+          data-subcategory="securitylevel"
+          hidden="true">
+  <label><html:h2></html:h2></label>
+  <vbox flex="1">
+    <description flex="1">
+      <html:span id="securityLevel-overview" class="tail-with-learn-more">
+      </html:span>
+      <label id="securityLevel-learnMore"
+             class="learnMore text-link"
+             is="text-link"
+             href="about:manual#security-settings"
+             useoriginprincipal="true"/>
+    </description>
+    <hbox id="securityLevel-customNotification"
+          class="info-box-container"
+          flex="1">
+      <hbox class="info-icon-container">
+        <image class="info-icon securityLevel-custom-warning-icon"/>
+      </hbox>
+      <vbox flex="1">
+        <label id="securityLevel-customHeading"/>
+        <description id="securityLevel-customDescription" flex="1"/>
+      </vbox>
+      <hbox align="center">
+        <button id="securityLevel-restoreDefaults"/>
+      </hbox>
+    </hbox>
+    <radiogroup id="securityLevel-radiogroup">
+      <vbox class="securityLevel-radio-option">
+        <radio value="standard"
+               aria-describedby="securityLevelSummary-standard"/>
+        <vbox id="securityLevelSummary-standard">
+          <description class="summary indent" flex="1"/>
+        </vbox>
+      </vbox>
+      <vbox class="securityLevel-radio-option">
+        <!-- NOTE: We point the accessible description to the wrapping vbox
+          - rather than its first description element. This means that when the
+          - securityLevel-descriptionList is shown or hidden, its text content
+          - is included or excluded from the accessible description,
+          - respectively. -->
+        <radio value="safer"
+               aria-describedby="securityLevelSummary-safer"/>
+        <vbox id="securityLevelSummary-safer">
+          <description class="summary indent" flex="1"/>
+          <vbox class="securityLevel-descriptionList indent"/>
+        </vbox>
+      </vbox>
+      <vbox class="securityLevel-radio-option">
+        <radio value="safest"
+               aria-describedby="securityLevelSummary-safest"/>
+        <vbox id="securityLevelSummary-safest">
+          <description class="summary indent" flex="1"/>
+          <vbox class="securityLevel-descriptionList indent"/>
+        </vbox>
+      </vbox>
+    </radiogroup>
+  </vbox>
+</groupbox>

browser/components/securitylevel/jar.mn

+browser.jar:
+    content/browser/securitylevel/securityLevel.js             (content/securityLevel.js)
+    content/browser/securitylevel/securityLevelPanel.css       (content/securityLevelPanel.css)
+    content/browser/securitylevel/securityLevelButton.css      (content/securityLevelButton.css)
+    content/browser/securitylevel/securityLevelPreferences.css (content/securityLevelPreferences.css)
+    content/browser/securitylevel/securityLevelIcon.svg        (content/securityLevelIcon.svg)

browser/components/securitylevel/moz.build

+JAR_MANIFESTS += ["jar.mn"]

browser/config/mozconfigs/base-browser

+# Shared build settings and settings to enhance security and privacy.
+
+. $topsrcdir/browser/config/mozconfig
+
+if test -f "$topsrcdir/mozconfig-toolchain"; then
+    . $topsrcdir/mozconfig-toolchain
+fi
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
+
+ac_add_options --enable-official-branding
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+
+# Bug 13379: Sign our MAR files.
+ac_add_options --enable-verify-mar
+ac_add_options --enable-nss-mar
+ac_add_options --enable-base-browser-update
+
+ac_add_options --enable-bundled-fonts
+
+# See bug #41587
+ac_add_options --disable-updater
+
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+
+ac_add_options --disable-crashreporter
+# Before removing, please notice that WebRTC does not work on mingw (Bug 1393901)
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
+ac_add_options --enable-proxy-bypass-protection
+# See bugs #30575 and #32418: system policies are harmful either because they
+# could allow proxy bypass, and override a number of other preferences we set
+ac_add_options --disable-system-policies
+
+# See bug #41131
+ac_add_options --disable-backgroundtasks
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
+
+if test -z "$WASI_SYSROOT"; then
+    ac_add_options --without-wasm-sandboxed-libraries
+fi
+
+ac_add_options --with-relative-data-dir=BaseBrowser/Data/Browser

browser/config/mozconfigs/base-browser-android

+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+ac_add_options --enable-official-branding
+
+ac_add_options --enable-application=mobile/android
+
+CC="clang"
+CXX="clang++"
+ac_add_options --with-java-bin-path=$JAVA_HOME/bin
+ac_add_options --with-android-sdk=$ANDROID_HOME
+ac_add_options --with-android-ndk=$ANDROID_NDK_HOME
+ac_add_options --with-android-min-sdk=21
+ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle
+
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1758568
+ac_add_options --enable-minify=properties
+
+ac_add_options --enable-strip
+ac_add_options --enable-install-strip
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+ac_add_options --disable-rust-debug
+
+ac_add_options --disable-updater
+ac_add_options --disable-verify-mar
+ac_add_options --disable-crashreporter
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+
+ac_add_options --enable-proxy-bypass-protection
+ac_add_options --disable-system-policies
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
+
+if test -n "$LOCAL_DEV_BUILD"; then
+    # You must use the "default" bogus channel for dev builds
+    ac_add_options --enable-update-channel=default
+    ac_add_options --with-base-browser-version=dev-build
+else
+    # We only use beta GeckoView for now, for official builds
+    ac_add_options --enable-update-channel=beta
+fi
+
+if test -z "$WASI_SYSROOT"; then
+    ac_add_options --without-wasm-sandboxed-libraries
+fi

browser/confvars.sh

@@ -5,26 +5,6 @@
 
 MOZ_APP_VENDOR=Mozilla
 
-if test "$OS_ARCH" = "WINNT"; then
-  if ! test "$HAVE_64BIT_BUILD"; then
-    if test "$MOZ_UPDATE_CHANNEL" = "nightly" -o \
-            "$MOZ_UPDATE_CHANNEL" = "nightly-try" -o \
-            "$MOZ_UPDATE_CHANNEL" = "aurora" -o \
-            "$MOZ_UPDATE_CHANNEL" = "beta" -o \
-            "$MOZ_UPDATE_CHANNEL" = "release"; then
-      if ! test "$MOZ_DEBUG"; then
-        if ! test "$USE_STUB_INSTALLER"; then
-          # Expect USE_STUB_INSTALLER from taskcluster for downstream task consistency
-          echo "ERROR: STUB installer expected to be enabled but"
-          echo "ERROR: USE_STUB_INSTALLER is not specified in the environment"
-          exit 1
-        fi
-        MOZ_STUB_INSTALLER=1
-      fi
-    fi
-  fi
-fi
-
 BROWSER_CHROME_URL=chrome://browser/content/browser.xhtml
 
 # MOZ_APP_DISPLAYNAME will be set by branding/configure.sh
@@ -37,7 +17,23 @@ MOZ_BRANDING_DIRECTORY=browser/branding/unofficial
 MOZ_OFFICIAL_BRANDING_DIRECTORY=browser/branding/official
 MOZ_APP_ID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}
 
-MOZ_PROFILE_MIGRATOR=1
+# tor-browser#41577: Do not enable profile migration
+# MOZ_PROFILE_MIGRATOR=1
+
+# ACCEPTED_MAR_CHANNEL_IDS should usually be the same as the value MAR_CHANNEL_ID.
+# If more than one ID is needed, then you should use a comma separated list
+# of values.
+# The MAR_CHANNEL_ID must not contain the following 3 characters: ",\t "
+if test "$MOZ_UPDATE_CHANNEL" = "alpha"; then
+  ACCEPTED_MAR_CHANNEL_IDS=basebrowser-torproject-alpha
+  MAR_CHANNEL_ID=basebrowser-torproject-alpha
+elif test "$MOZ_UPDATE_CHANNEL" = "nightly"; then
+  ACCEPTED_MAR_CHANNEL_IDS=basebrowser-torproject-nightly
+  MAR_CHANNEL_ID=basebrowser-torproject-nightly
+else
+  ACCEPTED_MAR_CHANNEL_IDS=basebrowser-torproject-release
+  MAR_CHANNEL_ID=basebrowser-torproject-release
+fi
 
 # Include the DevTools client, not just the server (which is the default)
 MOZ_DEVTOOLS=all

browser/extensions/moz.build

@@ -5,11 +5,4 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 DIRS += [
-    "doh-rollout",
-    "formautofill",
-    "screenshots",
-    "webcompat",
-    "report-site-issue",
-    "pictureinpicture",
-    "search-detection",
 ]

browser/installer/Makefile.in

@@ -82,6 +82,10 @@ endif
 endif
 endif
 
+ifdef BASE_BROWSER_UPDATE
+DEFINES += -DBASE_BROWSER_UPDATE
+endif
+
 ifneq (,$(filter WINNT Darwin Android,$(OS_TARGET)))
 DEFINES += -DMOZ_SHARED_MOZGLUE=1
 endif

browser/installer/package-manifest.in

@@ -36,8 +36,10 @@
 ; Mac bundle stuff
 @APPNAME@/Contents/Info.plist
 #ifdef MOZ_UPDATER
+#ifndef BASE_BROWSER_UPDATE
 @APPNAME@/Contents/Library/LaunchServices
 #endif
+#endif
 @APPNAME@/Contents/PkgInfo
 @RESPATH@/firefox.icns
 @RESPATH@/document.icns
@@ -243,7 +245,9 @@
 @RESPATH@/browser/chrome/icons/default/default64.png
 @RESPATH@/browser/chrome/icons/default/default128.png
 #endif
-@RESPATH@/browser/features/*
+
+; Base Browser
+@RESPATH@/components/SecurityLevel.manifest
 
 ; [DevTools Startup Files]
 @RESPATH@/browser/chrome/devtools-startup@JAREXT@
@@ -276,6 +280,7 @@
 @RESPATH@/browser/defaults/settings/blocklists
 @RESPATH@/browser/defaults/settings/main
 @RESPATH@/browser/defaults/settings/security-state
+@RESPATH@/browser/@PREF_DIR@/001-base-profile.js
 
 ; Warning: changing the path to channel-prefs.js can cause bugs (Bug 756325)
 ; Technically this is an app pref file, but we are keeping it in the original
@@ -424,10 +429,6 @@ bin/libfreebl_64int_3.so
 @BINPATH@/minidump-analyzer@BIN_SUFFIX@
 #endif
 
-; [ Ping Sender ]
-;
-@BINPATH@/pingsender@BIN_SUFFIX@
-
 ; Shutdown Terminator
 @RESPATH@/components/terminator.manifest
 
@@ -440,8 +441,8 @@ bin/libfreebl_64int_3.so
 #endif
 
 ; media
-@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@
-@RESPATH@/gmp-clearkey/0.1/manifest.json
+;@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@
+;@RESPATH@/gmp-clearkey/0.1/manifest.json
 
 #ifdef MOZ_DMD
 ; DMD

browser/installer/windows/nsis/shared.nsh

@@ -1489,7 +1489,6 @@ ${RemoveDefaultBrowserAgentShortcut}
   Push "crashreporter.exe"
   Push "default-browser-agent.exe"
   Push "minidump-analyzer.exe"
-  Push "pingsender.exe"
   Push "updater.exe"
   Push "mozwer.dll"
   Push "${FileMainEXE}"

browser/locales/Makefile.in

@@ -52,10 +52,6 @@ l10n-%:
 	@$(MAKE) -C ../../toolkit/locales l10n-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
 	@$(MAKE) -C ../../services/sync/locales AB_CD=$* XPI_NAME=locale-$*
 	@$(MAKE) -C ../../extensions/spellcheck/locales AB_CD=$* XPI_NAME=locale-$*
-ifneq (,$(wildcard ../extensions/formautofill/locales))
-	@$(MAKE) -C ../extensions/formautofill/locales AB_CD=$* XPI_NAME=locale-$*
-endif
-	@$(MAKE) -C ../extensions/report-site-issue/locales AB_CD=$* XPI_NAME=locale-$*
 	@$(MAKE) -C ../../devtools/client/locales AB_CD=$* XPI_NAME=locale-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
 	@$(MAKE) -C ../../devtools/startup/locales AB_CD=$* XPI_NAME=locale-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
 	@$(MAKE) l10n AB_CD=$* XPI_NAME=locale-$* PREF_DIR=$(PREF_DIR)
@@ -69,14 +65,10 @@ chrome-%:
 	@$(MAKE) -C ../../toolkit/locales chrome-$*
 	@$(MAKE) -C ../../services/sync/locales chrome AB_CD=$*
 	@$(MAKE) -C ../../extensions/spellcheck/locales chrome AB_CD=$*
-ifneq (,$(wildcard ../extensions/formautofill/locales))
-	@$(MAKE) -C ../extensions/formautofill/locales chrome AB_CD=$*
-endif
 	@$(MAKE) -C ../../devtools/client/locales chrome AB_CD=$*
 	@$(MAKE) -C ../../devtools/startup/locales chrome AB_CD=$*
 	@$(MAKE) chrome AB_CD=$*
 	@$(MAKE) -C $(DEPTH)/$(MOZ_BRANDING_DIRECTORY)/locales chrome AB_CD=$*
-	@$(MAKE) -C ../extensions/report-site-issue/locales chrome AB_CD=$*
 
 package-win32-installer: $(SUBMAKEFILES)
 	$(MAKE) -C ../installer/windows CONFIG_DIR=l10ngen ZIP_IN='$(ZIP_OUT)' installer

browser/locales/en-US/browser/languageNotification.ftl

+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# These strings are used by the Base Browser part of the changeset, not only for
+# the language notification.
+# TODO: Rename this file to make this clearer
+
+
+## Language notification
+
+# $language is the language Tor Browser is displayed in (already translated)
+language-notification-label-system = { -brand-short-name } has set your display language to { $language } based on your system’s language.
+# This is shown when the system language is not supported, so we fall back to another language instead.
+# $language is the language Tor Browser is displayed in (already translated).
+language-notification-label = { -brand-short-name } has set your display language to { $language }.
+language-notification-button = Change Language…
+
+
+## Fullscreen/maximization notification shown when letterboxing is disabled
+
+basebrowser-rfp-maximize-warning-message = Maximizing the browser window can allow websites to determine your monitor size, which can be used to track you. We recommend that you leave browser windows in their original default size.
+basebrowser-rfp-restore-window-size-button-label = Restore
+basebrowser-rfp-restore-window-size-button-ak = R
+
+
+## Tooltip for the about:addons recommended badge
+
+basebrowser-addon-badge-recommended = Mozilla only recommends extensions that meet their standards for security and performance
+basebrowser-addon-badge-verified = Mozilla has reviewed this extension to meet their standards for security and performance