Microsoft has acquired GitHub. Decentraleyes has left GitHub. Welcome to its new home!

To participate, please register, or sign in with an existing GitLab.com, Bitbucket, or GitHub account.

Past contributions on GitHub? Be sure to reclaim your Comments, Issues, and Pull Requests.

...
 
Commits (1)
......@@ -15,23 +15,59 @@ const kSecuritySettings = {
// Preference name : [0-low 1-m 2-high]
"javascript.options.ion.content" : [true, false, false],
"javascript.options.typeinference" : [true, false, false],
"noscript.forbidMedia" : [false, true, true ],
"media.webaudio.enabled" : [true, false, false],
"mathml.disabled" : [false, true, true ],
"javascript.options.baselinejit.content" : [true, false, false],
"gfx.font_rendering.opentype_svg.enabled" : [true, false, false],
"noscript.global" : [true, false, false],
"noscript.globalHttpsWhitelist" : [false, true, false],
"noscript.forbidFonts" : [false, false, true ],
"svg.in-content.enabled" : [true, true, false],
"svg.in-content.enabled" : [true, true, false]
};
// The Security Settings prefs in question.
const kSliderPref = "extensions.tor-browser-settings@torproject.org.security_level";
const kCustomPref = "extensions.tor-browser-settings@torproject.org.security_custom";
const nsaPolicyPref = "extensions.nsa.policy";
const nsaStandard = {
"js": true,
"webgl": true,
"java": true,
"flash": true,
"silverlight": true,
"plugin": true,
"media": true,
"frame": true,
"font": true
};
const nsaSafest = {
"js": false,
"webgl": false,
"java": false,
"flash": false,
"silverlight": false,
"plugin": false,
"media": false,
"frame": false,
"font": false
};
// ### Prefs
var generate_nsa_policy = function () {
let currentNsaPolicy = get(nsaPolicyPref) || '{"UNTRUSTED":{},"TRUSTED":{"js":true,"webgl":true,"java":true,"flash":true,"silverlight":true,"plugin":true,"media":true,"frame":true,"font":true},"DEFAULT":{"frame":true},"mozilla.org":1,"mozilla.com":1,"mozilla.net":1,"google.com":1,"gstatic.com":1,"googleapis.com":1,"yahoo.com":1,"yimg.com":1,"yahooapis.com":1,"hotmail.com":1,"live.com":1,"wlxrs.com":1,"securecode.com":1,"recaptcha.net":1,"noscript.net":1,"flashgot.net":1,"informaction.com":1,"youtube.com":1,"ytimg.com":1}';
let securitySliderValue = get(kSliderPref);
currentNsaPolicy = JSON.parse(currentNsaPolicy);
currentNsaPolicy.UNTRUSTED = {};
if (securitySliderValue === 0 || securitySliderValue === "0") {
currentNsaPolicy.TRUSTED = nsaStandard;
currentNsaPolicy.DEFAULT = nsaStandard;
} else {
currentNsaPolicy.TRUSTED = nsaSafest;
currentNsaPolicy.DEFAULT = nsaSafest;
}
return JSON.stringify(currentNsaPolicy);
};
// __write_setting_to_prefs(settingIndex)__.
// Take a given setting index and write the appropriate pref values
// to the pref database.
......@@ -94,6 +130,7 @@ var initialize = function () {
return;
}
initialized = true;
set(nsaPolicyPref, generate_nsa_policy());
// When security_custom is set to false, apply security_slider setting
// to the security-sensitive prefs.
utils.bindPrefAndInit(kCustomPref, function (custom) {
......@@ -105,6 +142,7 @@ var initialize = function () {
// be set to false.
utils.bindPref(kSliderPref, function (prefIndex) {
set(kCustomPref, false);
set(nsaPolicyPref, generate_nsa_policy());
write_setting_to_prefs(prefIndex);
});
// If a security-sensitive pref changes, then decide if the set of pref values
......