"General/Cascade top document's restrictions to subdocuments" option (default true on the Tor Browser).

6 files changed, 25 insertions, 7 deletions

diff --git a/src/_locales/en/messages.json b/src/_locales/en/messages.json
index 13ab4c3..ec826a9 100644
--- a/src/_locales/en/messages.json
+++ b/src/_locales/en/messages.json
@@ -74,6 +74,9 @@
   "CascadePermissions": {
     "message": "Cascade top document's permissions to 3rd party scripts"
   },
+  "CascadeRestrictions": {
+    "message": "Cascade top document's restrictions to subdocuments"
+  },
   "ClearClickDescription": {
     "message": "NoScript intercepted a mouse or keyboard interaction with a partially hidden element. Click on the image below to cycle between the obstructed and the clear version."
   },
diff --git a/src/bg/Defaults.js b/src/bg/Defaults.js
index e30380b..f1b9a18 100644
--- a/src/bg/Defaults.js
+++ b/src/bg/Defaults.js
@@ -12,6 +12,7 @@ var Defaults = {
       sync: {

         global: false,

         xss: true,

+        cascadeRestrictions : false,

         xssScanRequestBody: true,

         xssBlockUnscannedPOST: false,

         overrideTorBrowserPolicy: false, // note: Settings.update() on reset will flip this to true

diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index 2f590dc..e7be814 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -326,7 +326,7 @@ var RequestGuard = (() => {
             capabilities = perms.capabilities;
           } else {
             capabilities = perms.capabilities;
-            if (frameAncestors.length > 0) {
+            if (frameAncestors.length > 0 && ns.sync.cascadeRestrictions) {
               // cascade top document's restrictions to subframes
               let topUrl = frameAncestors.pop().url;
               let topPerms = policy.get(topUrl, topUrl).perms;
diff --git a/src/bg/Settings.js b/src/bg/Settings.js
index 3efc4ad..c0af149 100644
--- a/src/bg/Settings.js
+++ b/src/bg/Settings.js
@@ -91,6 +91,7 @@ var Settings = {
     if (isTorBrowser) {
       // Tor Browser-specific settings
       ns.defaults.local.isTorBrowser = true; // prevents reset from forgetting
+      ns.defaults.sync.cascadeRestrictions = true; // we want this to be the default even on reset
       if (!this.gotTorBrowserInit) {
         // First initialization message from the Tor Browser
         this.gotTorBrowserInit = true;
@@ -105,11 +106,20 @@ var Settings = {
       } else {
         reloadOptionsUI = true;
       }
-      if (!settings.local) settings.local = {};
-      settings.local.isTorBrowser = true;
-      if (!settings.sync) settings.sync = {};
-      settings.sync.xssScanRequestBody = false;
-      settings.sync.xssBlockUnscannedPOST = true;
+
+      let torBrowserSettings = {
+        local: {
+          isTorBrowser: true,
+        },
+        sync: {
+          cascadeRestrictions: true,
+          xssScanRequestBody: false,
+          xssBlockUnscannedPOST: true,
+        }
+      }
+      for (let [storage, prefs] of Object.entries(torBrowserSettings)) {
+        settings[storage] = Object.assign(settings[storage] || {}, prefs);
+      }
     }
 
     if (settings.sync === null) {
diff --git a/src/ui/options.html b/src/ui/options.html
index a80dece..9ffaa69 100644
--- a/src/ui/options.html
+++ b/src/ui/options.html
@@ -44,7 +44,9 @@
   <span id="auto-opt">
   <input type="checkbox" class="enforcement_required" id="opt-auto"><label for="opt-auto" id="lbl-auto">__MSG_AutoAllowTopLevel__</label>
   </span>
-
+  <span id="cascadeRestrictions-opt">
+  <input type="checkbox" class="enforcement_required" id="opt-cascadeRestrictions"><label for="opt-cascadeRestrictions" id="lbl-cascadeRestrictions">__MSG_CascadeRestrictions__</label>
+  </span>
   </div>
 
   <fieldset class="enforcement_required">
diff --git a/src/ui/options.js b/src/ui/options.js
index 7a9ca2b..1932269 100644
--- a/src/ui/options.js
+++ b/src/ui/options.js
@@ -32,6 +32,8 @@
     return policy.autoAllowTop;
   });
 
+  opt("cascadeRestrictions");
+
   opt("xss");
   opt("xssScanRequestBody");
   opt("xssBlockUnscannedPOST");