| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
| |
torbutton_get_general_useragent_locale()
Otherwise, Firefox throws an uncatcheable NS_ERROR_UNEXPECTED exception.
At least in TBB. Strange, strange.
Fix issue introduced in 84e8dbc9.
|
| |
|
|
|
| |
Fix is to only clear window.name for top-level windows, and to ignore
frames/iframes.
|
| |
|
|
| |
It's really, really fixed and nothing can possibly ever go wrong again.
|
| |
|
|
| |
The previous patch threw an exception, and I was testing the wrong XPI..
|
| |
|
|
|
|
|
| |
The fix is to set the network.proxy prefs if this is TBB.
We also add the version check to the codepath that restores torbutton state,
just in case there is another regression.
|
| |
|
|
|
| |
Replace the custom dereferencing of the stringbundle by the proper usage of
nsIPrefLocalizedString.
|
| |
|
|
|
| |
On Debian and Tails, default homepage is more than just a string preference as
it is internationalized using nsIPrefLocalizedString.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Using environment variable TOR_CONTROL_COOKIE_AUTH_FILE, one can now specify
the path to the Tor CookieAuthFile. The password will be read from here
if the environment lacks TOR_CONTROL_PASSWD.
|
| |
|
|
| |
Found by Lunar.
|
| | |
|
| | |
|
| |
|
|
|
| |
Never write "this should never happen" in a comment. Doing so is apparently a
an ancient voodoo curse that ensures that it does.
|
| |
|
|
|
| |
The auto-scroll was broken because we were overzealously killing a scrollbar
offset, thinking it was a window offset. #sorryboutit.
|
| |
|
|
| |
Bug 3229's fix no longer requires us to disable this pref
|
| |
|
|
|
| |
TBB must not autoupdate via Mozilla. Regression was caused by the initial
toggle fix in #2338.
|
| | |
|
| | |
|
| |
|
|
|
| |
We added a new interface in #3666. This fix uses that string interface and
falls back to the old interface if it is not available.
|
| |
|
|
|
|
|
|
| |
Uses https://check.torproject.org/RecommendedTBBVersions as the version list.
If this url is 404, the feature is disabled. Otherwise, we check to see if
the current value of torbrowser.version is present in the returned JSON list.
If so, we fetch the normal check homepage. Otherwise, we fetch the upgrade
notice.
|
| |
|
|
|
| |
We were accidentally clearing the name attribute of framesets because we got
notification before the referrer could be set on the channel.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also, don't forget to set the version in install.rdf.
|
| | |
|
| |
|
|
|
| |
This commit just adds the string. I wanted to do this ASAP so we can get it
translated before deploying the actual dialog (#3838).
|
| |
|
|
|
|
|
| |
We do this by removing the Authenticate header. Users will now experience
dialogs informing them of incorrect authenticate attempts in the event of an
attack/attempted use of 3rd party auth. See #3837 for the bug to improve the
dialog.
|
| |
|
|
|
| |
It breaks navigation and other things that we cannot fix in the toggle model.
Also it is of questionable real privacy value.
|
| |
|
|
| |
See also #3229. These things are written to disk now..
|
| |
|
|
|
|
| |
The warning "No tab found for session store tag" can appear during "New
Identity" in TBB. This is due to a lack of proper context for the browser
object. It may also indicate a leak of sessionstore data to disk.
|
| |
|
|
|
|
|
| |
The cookie protections API I used in "New Identity" would do nothing if you
had no protected cookies.
I don't believe this issue affected 1.4.0, though.
|
| |
|
|
|
|
| |
Due to bug #3429, referer spoofing is breaking browser navigation. Since it is
unsafe to fix #3429 while people still insist on using the toggle model, I'm
just going to hide the referer spoofing option for now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hotmail appears to have an optimization strategy that involved pre-loading all
of the scripts involved in their site as object tags. When the user navigates
between pages, the appropriate object tags get converted into script tags and
executed.
The problem for us is that docSell.allowPlugins is implemented as a content
policy that blocks object tags for a given page. We use this API because the toggle
model requires the ability to do per-page plugin control.
Firefox 3.6 introduced a global plugin control API that allows us to
enable/disable indivual plugins, but this was unfit for use in the toggle
situation where tabs might sit around in the background.
However, we can use it for TBB. This patch switches us to using the plugin
manager API, in TBB only.
|
| |
|
|
|
|
| |
This keeps window.name reset when the user enters a new url by hand. It also
blocks window.name entirely if you have disabled referers (which I think is
what someone who disables referers probably wants).
|
| |
|
|
|
| |
We use the cookie permissions api to get the origin URI. It can do some magic
we can't do from XPCOM. Thanks to Georg Koppen for the tip!
|
| |
|
|
|
| |
We were blocking some of their javascript, which they apparently load in
object tags?
|
| |
|
|
| |
At long last, the witch is dead.
|
| |
|
|
|
|
|
|
| |
Add a fallback to use the referer host if we can't find the owner window
through either loadGroup or notificationCallbacks..
This might still leave https:// urls sourced from http:// frames
un-isolated, as well as the reverse...
|
| |
|
|
| |
Thanks to Georg Koppen for catching this oversight.
|
| |
|
|
|
| |
Documented in as close to script form as possible. In the bright bright
future, the whole release process will be automated.
|
| | |
|
| | |
|
| |
|
|
| |
But what the hell do I know...
|
| | |
|
| | |
|
| |
|
|
| |
Also make the links work, finally.
|
| | |
|
