From 921a7910f078ebdb963c047fd6a1b5a6d0231c31 Mon Sep 17 00:00:00 2001 From: hackademix Date: Fri, 15 Mar 2019 23:55:18 +0100 Subject: "General/Cascade top document's restrictions to subdocuments" option (default true on the Tor Browser). --- src/_locales/en/messages.json | 3 +++ src/bg/Defaults.js | 1 + src/bg/RequestGuard.js | 2 +- src/bg/Settings.js | 20 +++++++++++++++----- src/ui/options.html | 4 +++- src/ui/options.js | 2 ++ 6 files changed, 25 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/_locales/en/messages.json b/src/_locales/en/messages.json index 13ab4c3..ec826a9 100644 --- a/src/_locales/en/messages.json +++ b/src/_locales/en/messages.json @@ -74,6 +74,9 @@ "CascadePermissions": { "message": "Cascade top document's permissions to 3rd party scripts" }, + "CascadeRestrictions": { + "message": "Cascade top document's restrictions to subdocuments" + }, "ClearClickDescription": { "message": "NoScript intercepted a mouse or keyboard interaction with a partially hidden element. Click on the image below to cycle between the obstructed and the clear version." }, diff --git a/src/bg/Defaults.js b/src/bg/Defaults.js index e30380b..f1b9a18 100644 --- a/src/bg/Defaults.js +++ b/src/bg/Defaults.js @@ -12,6 +12,7 @@ var Defaults = { sync: { global: false, xss: true, + cascadeRestrictions : false, xssScanRequestBody: true, xssBlockUnscannedPOST: false, overrideTorBrowserPolicy: false, // note: Settings.update() on reset will flip this to true diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 2f590dc..e7be814 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -326,7 +326,7 @@ var RequestGuard = (() => { capabilities = perms.capabilities; } else { capabilities = perms.capabilities; - if (frameAncestors.length > 0) { + if (frameAncestors.length > 0 && ns.sync.cascadeRestrictions) { // cascade top document's restrictions to subframes let topUrl = frameAncestors.pop().url; let topPerms = policy.get(topUrl, topUrl).perms; diff --git a/src/bg/Settings.js b/src/bg/Settings.js index 3efc4ad..c0af149 100644 --- a/src/bg/Settings.js +++ b/src/bg/Settings.js @@ -91,6 +91,7 @@ var Settings = { if (isTorBrowser) { // Tor Browser-specific settings ns.defaults.local.isTorBrowser = true; // prevents reset from forgetting + ns.defaults.sync.cascadeRestrictions = true; // we want this to be the default even on reset if (!this.gotTorBrowserInit) { // First initialization message from the Tor Browser this.gotTorBrowserInit = true; @@ -105,11 +106,20 @@ var Settings = { } else { reloadOptionsUI = true; } - if (!settings.local) settings.local = {}; - settings.local.isTorBrowser = true; - if (!settings.sync) settings.sync = {}; - settings.sync.xssScanRequestBody = false; - settings.sync.xssBlockUnscannedPOST = true; + + let torBrowserSettings = { + local: { + isTorBrowser: true, + }, + sync: { + cascadeRestrictions: true, + xssScanRequestBody: false, + xssBlockUnscannedPOST: true, + } + } + for (let [storage, prefs] of Object.entries(torBrowserSettings)) { + settings[storage] = Object.assign(settings[storage] || {}, prefs); + } } if (settings.sync === null) { diff --git a/src/ui/options.html b/src/ui/options.html index a80dece..9ffaa69 100644 --- a/src/ui/options.html +++ b/src/ui/options.html @@ -44,7 +44,9 @@ - + + +