Bug 40432: Prevent probing installed applications

We replicate the same checks that exist in the LoadURI function, except now we check it earlier during the channel creation.

This allows selectively allowing specific applications, as well, by defining a network.protocol-handler.external.* pref (such as network.protocol-handler.external.spotify).

Closes #40432 (closed)

added 4 commits

• a43fc128...5ae4c953 - 3 commits from branch tpo/applications:tor-browser-78.10.0esr-10.5-1
• 6eceb111 - Bug 40432: Prevent probing installed applications

Compare with previous version

@HackerNCoder can you test this patch, too?

changed the description

@sysrqb I can't build 78.10.0esr-10.5-1 so I've applied the changes to 10.0-1.

Running it and schemeflood.com can't find any of my programs. Adding network.protocol-handler.external.steam set to true and it can find steam.

approved this merge request

Probably an uplift candidate to FF no?

My guess is no. They're reworking this part of FF in https://bugzilla.mozilla.org/show_bug.cgi?id=1626068, and our patch isn't really very usable - but that's a tradeoff we need to make right now. :/

merged

And forward-ported to tor-browser-88.0.1-10.5-1 as 3aa43567. We don't need this on Android, but we'll want it for desktop later.

Backported as a5a793d9 on tor-browser-78.10.0esr-10.0-1

mentioned in issue #41744