Skip to content
Snippets Groups Projects
Commit 09883246 authored by Mike Perry's avatar Mike Perry Committed by Georg Koppen
Browse files

Bug #3547: Block all plugins except flash. 

We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
actually want to stop plugins from ever entering the browser's process space
and/or executing code (for example, AV plugins that collect statistics/analyse
urls, magical toolbars that phone home or "help" the user, skype buttons that
ruin our day, and censorship filters). Hence we rolled our own.

See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
on a better way. Until then, it is delta-darwinism for us.
parent 0eb13f73
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
dom/plugins/base/nsPluginHost.cpp
+ 33
0
View file @ 09883246
......@@ -2064,6 +2064,35 @@ nsPluginHost::ShouldAddPlugin(nsPluginTag* aPluginTag)
#endif // defined(XP_WIN) && (defined(__x86_64__) || defined(_M_X64))
}
PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)
{
nsCString leaf;
const char *leafStr;
nsresult rv;
rv = pluginFile->GetNativeLeafName(leaf);
if (NS_FAILED(rv)) {
return PR_TRUE; // fuck 'em. blacklist.
}
leafStr = leaf.get();
if (!leafStr) {
return PR_TRUE; // fuck 'em. blacklist.
}
// libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin,
// NPSWF32.dll, NPSWF64.dll
if (strstr(leafStr, "libgnashplugin") == leafStr ||
strstr(leafStr, "libflashplayer") == leafStr ||
strstr(leafStr, "Flash Player") == leafStr ||
strstr(leafStr, "NPSWF") == leafStr) {
return PR_FALSE;
}
return PR_TRUE; // fuck 'em. blacklist.
}
void
nsPluginHost::AddPluginTag(nsPluginTag* aPluginTag)
{
......@@ -2194,6 +2223,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
continue;
}
if (GhettoBlacklist(localfile)) {
continue;
}
// if it is not found in cache info list or has been changed, create a new one
if (!pluginTag) {
nsPluginFile pluginFile(localfile);
......
......
dom/plugins/base/nsPluginHost.h
+ 2
0
View file @ 09883246
......@@ -334,6 +334,8 @@ private:
// Loads all cached plugins info into mCachedPlugins
nsresult ReadPluginInfo();
PRBool GhettoBlacklist(nsIFile *pluginFile);
// Given a file path, returns the plugins info from our cache
// and removes it from the cache.
void RemoveCachedPluginsInfo(const char *filePath,
......
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment