diff options
| author | Sukhbir Singh <sukhbir@torproject.org> | 2018-03-28 11:31:53 -0400 |
|---|---|---|
| committer | Sukhbir Singh <sukhbir@torproject.org> | 2018-03-28 11:31:53 -0400 |
| commit | 63fa6e508d5ed3218ca9f261a00347f0027b0913 (patch) | |
| tree | 3ee9792a193282075e2c8f3d1a6bcb2109e5967d | |
| parent | e8423363959d76dcc6e3579b517611bd9fce018c (diff) | |
Prevent leaking user's installed dictionary (Bug 22484)
Also set the Content-Language to "en-US" to prevent leaking the user's
default dictionary. Reported in https://bugs.torproject.org/22484 and
discussed in Section 4 of RFC 3282. Thunderbird bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1370217
| -rw-r--r-- | components/torbirdy.js | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/components/torbirdy.js b/components/torbirdy.js index bfe2427..e8d2cd2 100644 --- a/components/torbirdy.js +++ b/components/torbirdy.js @@ -391,12 +391,14 @@ var TorBirdyOldPrefs = [ "network.proxy.http", ] -// sanitizeDateHeaders() -// Run this function to make sure that the Date header in a new message -// is rounded down to the nearest minute. -function sanitizeDateHeaders() { +// sanitizeHeaders() +// Sanitize the "Date" and "Content-Language" headers. +function sanitizeHeaders() { // Import the jsmime module that is used to generate mail headers. let { jsmime } = Cu.import("resource:///modules/jsmime.jsm"); + // Date + // Run this function to make sure that the Date header in a new message + // is rounded down to the nearest minute. // Inject our own structured encoder to the default header emitter, // to override the default Date encoder with a rounded-down version. jsmime.headeremitter.addStructuredEncoder("Date", function (date) { @@ -410,6 +412,14 @@ function sanitizeDateHeaders() { // We replace the "GMT" symbol with "+0000" because it is preferred. this.addText(roundedDate.toUTCString().replace(/GMT$/, "+0000"), false); }); + // Content-Language + // Also set the Content-Language to "en-US" to prevent leaking the user's + // default dictionary. Reported in https://bugs.torproject.org/22484 and + // discussed in Section 4 of RFC 3282. + // Thunderbird bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1370217 + jsmime.headeremitter.addStructuredEncoder("Content-Language", function (locale) { + this.addText("en-US", false); + }); } function TorBirdy() { @@ -439,7 +449,7 @@ function TorBirdy() { this.setAccountPrefs(); this.setPrefs(); - sanitizeDateHeaders(); + sanitizeHeaders(); } |