mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 04:45:45 +00:00
Bug 4126862 - "Change the 'allow scripts to move or resize existing windows' pref to a whitelist". Backing out this patch.
This commit is contained in:
parent
d037fa6443
commit
dc895122d0
@ -346,6 +346,8 @@ pref("dom.disable_window_open_feature.status", true);
|
||||
// without it there isn't a really good way to prevent chrome spoofing, see bug 337344
|
||||
pref("dom.disable_window_open_feature.location", true);
|
||||
pref("dom.disable_window_status_change", true);
|
||||
// allow JS to move and resize existing windows
|
||||
pref("dom.disable_window_move_resize", false);
|
||||
// prevent JS from monkeying with window focus, etc
|
||||
pref("dom.disable_window_flip", true);
|
||||
|
||||
|
@ -317,6 +317,8 @@ nsOperaProfileMigrator::PrefTransform gTransforms[] = {
|
||||
{ "User Prefs", "Download Directory", _OPM(STRING), "browser.download.dir", _OPM(SetFile), PR_FALSE, -1 },
|
||||
{ nsnull, "Enable Cookies", _OPM(INT), "network.cookie.cookieBehavior", _OPM(SetCookieBehavior), PR_FALSE, -1 },
|
||||
{ nsnull, "Accept Cookies Session Only", _OPM(BOOL), "network.cookie.lifetimePolicy", _OPM(SetCookieLifetime), PR_FALSE, -1 },
|
||||
{ nsnull, "Allow script to resize window", _OPM(BOOL), "dom.disable_window_move_resize", _OPM(SetBool), PR_FALSE, -1 },
|
||||
{ nsnull, "Allow script to move window", _OPM(BOOL), "dom.disable_window_move_resize", _OPM(SetBool), PR_FALSE, -1 },
|
||||
{ nsnull, "Allow script to raise window", _OPM(BOOL), "dom.disable_window_flip", _OPM(SetBool), PR_FALSE, -1 },
|
||||
{ nsnull, "Allow script to change status", _OPM(BOOL), "dom.disable_window_status_change", _OPM(SetBool), PR_FALSE, -1 },
|
||||
{ nsnull, "Ignore Unrequested Popups", _OPM(BOOL), "dom.disable_open_during_load", _OPM(SetBool), PR_FALSE, -1 },
|
||||
|
@ -363,6 +363,7 @@ nsSeamonkeyProfileMigrator::PrefTransform gTransforms[] = {
|
||||
MAKESAMETYPEPREFTRANSFORM("security.OSCP.URL", String),
|
||||
MAKESAMETYPEPREFTRANSFORM("security.enable_java", Bool),
|
||||
MAKESAMETYPEPREFTRANSFORM("javascript.enabled", Bool),
|
||||
MAKESAMETYPEPREFTRANSFORM("dom.disable_window_move_resize", Bool),
|
||||
MAKESAMETYPEPREFTRANSFORM("dom.disable_window_flip", Bool),
|
||||
MAKESAMETYPEPREFTRANSFORM("dom.disable_window_open_feature.status", Bool),
|
||||
MAKESAMETYPEPREFTRANSFORM("dom.disable_window_status_change", Bool),
|
||||
|
@ -1,65 +0,0 @@
|
||||
/*
|
||||
# -*- Mode: Java; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is Mozilla Preferences.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Ben Turner <bent.mozilla@gmail.com>.
|
||||
# Portions created by the Initial Developer are Copyright (C) 2008
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
*/
|
||||
|
||||
var gAdvancedJSPane = {
|
||||
|
||||
_exceptionsParams: {
|
||||
moveresize: {
|
||||
blockVisible: false,
|
||||
sessionVisible: false,
|
||||
allowVisible: true,
|
||||
prefilledHost: "",
|
||||
permissionType: "moveresize"
|
||||
}
|
||||
},
|
||||
|
||||
_showExceptions: function(aPermissionType) {
|
||||
var bundlePreferences = document.getElementById("preferencesBundle");
|
||||
var params = this._exceptionsParams[aPermissionType];
|
||||
params.windowTitle = bundlePreferences.getString(aPermissionType + "permissionstitle");
|
||||
params.introText = bundlePreferences.getString(aPermissionType + "permissionstext");
|
||||
document.documentElement.openWindow("Browser:Permissions",
|
||||
"chrome://browser/content/preferences/permissions.xul",
|
||||
"", params);
|
||||
},
|
||||
|
||||
showRaiseExceptions: function() {
|
||||
this._showExceptions("moveresize");
|
||||
}
|
||||
};
|
@ -38,12 +38,7 @@
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
<!DOCTYPE overlay [
|
||||
<!ENTITY % advancedDTD SYSTEM "chrome://browser/locale/preferences/advanced-scripts.dtd">
|
||||
<!ENTITY % contentDTD SYSTEM "chrome://browser/locale/preferences/content.dtd">
|
||||
%advancedDTD;
|
||||
%contentDTD;
|
||||
]>
|
||||
<!DOCTYPE prefwindow SYSTEM "chrome://browser/locale/preferences/advanced-scripts.dtd">
|
||||
|
||||
<?xml-stylesheet href="chrome://global/skin/"?>
|
||||
|
||||
@ -57,6 +52,7 @@
|
||||
|
||||
<preferences>
|
||||
<preference id="dom.event.contextmenu.enabled" name="dom.event.contextmenu.enabled" type="bool"/>
|
||||
<preference id="dom.disable_window_move_resize" name="dom.disable_window_move_resize" type="bool" inverted="true"/>
|
||||
<preference id="dom.disable_window_flip" name="dom.disable_window_flip" type="bool" inverted="true"/>
|
||||
<preference id="dom.disable_window_open_feature.status" inverted="true"
|
||||
name="dom.disable_window_open_feature.status" type="bool"/>
|
||||
@ -70,6 +66,9 @@
|
||||
|
||||
<description value="&allowScripts.label;"/>
|
||||
|
||||
<checkbox id="moveResizeWindows" label="&moveResizeWindows.label;"
|
||||
accesskey="&moveResizeWindows.accesskey;"
|
||||
preference="dom.disable_window_move_resize"/>
|
||||
<checkbox id="raiseLowerWindows" label="&raiseLowerWindows.label;"
|
||||
accesskey="&raiseLowerWindows.accesskey;"
|
||||
preference="dom.disable_window_flip"/>
|
||||
@ -83,12 +82,5 @@
|
||||
accesskey="&changeStatusBar.accesskey;"
|
||||
preference="dom.disable_window_status_change"/>
|
||||
|
||||
<hbox flex="1" align="center">
|
||||
<label id="moveResizeWindows" value="&moveResizeNotAllowed.label;"/>
|
||||
<button label="&exceptions.label;"
|
||||
accesskey="&exceptions.accesskey;"
|
||||
oncommand="gAdvancedJSPane.showRaiseExceptions();"/>
|
||||
</hbox>
|
||||
|
||||
</prefpane>
|
||||
</prefwindow>
|
||||
|
@ -2,7 +2,6 @@ browser.jar:
|
||||
* content/browser/preferences/advanced.xul
|
||||
* content/browser/preferences/advanced.js
|
||||
* content/browser/preferences/advanced-scripts.xul
|
||||
* content/browser/preferences/advanced-scripts.js
|
||||
* content/browser/preferences/applications.xul
|
||||
* content/browser/preferences/applications.js
|
||||
* content/browser/preferences/applicationManager.xul
|
||||
|
@ -42,7 +42,6 @@
|
||||
|
||||
<!ENTITY moveResizeWindows.label "Move or resize existing windows">
|
||||
<!ENTITY moveResizeWindows.accesskey "M">
|
||||
<!ENTITY moveResizeNotAllowed.label "Scripts may not move or resize existing windows">
|
||||
<!ENTITY raiseLowerWindows.label "Raise or lower windows">
|
||||
<!ENTITY raiseLowerWindows.accesskey "R">
|
||||
<!ENTITY disableContextMenus.label "Disable or replace context menus">
|
||||
|
@ -21,8 +21,6 @@ imagepermissionstext=You can specify which web sites are allowed to load images.
|
||||
imagepermissionstitle=Exceptions - Images
|
||||
invalidURI=Please enter a valid hostname
|
||||
invalidURITitle=Invalid Hostname Entered
|
||||
moveresizepermissionstext=You can specify which web sites are allowed to move or resize windows. Type the exact address of the site you want to permit and then click Allow.
|
||||
moveresizepermissionstitle=Exceptions - Moving or Resizing Windows
|
||||
|
||||
#### Master Password
|
||||
|
||||
|
@ -3075,11 +3075,11 @@ nsGlobalWindow::SetInnerWidth(PRInt32 aInnerWidth)
|
||||
NS_ENSURE_STATE(mDocShell);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent setting window.innerWidth by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows() || IsFrame()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize") || IsFrame()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -3148,11 +3148,11 @@ nsGlobalWindow::SetInnerHeight(PRInt32 aInnerHeight)
|
||||
NS_ENSURE_STATE(mDocShell);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent setting window.innerHeight by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows() || IsFrame()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize") || IsFrame()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -3212,11 +3212,11 @@ nsGlobalWindow::SetOuterWidth(PRInt32 aOuterWidth)
|
||||
FORWARD_TO_OUTER(SetOuterWidth, (aOuterWidth), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent setting window.outerWidth by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize")) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -3264,11 +3264,11 @@ nsGlobalWindow::SetOuterHeight(PRInt32 aOuterHeight)
|
||||
FORWARD_TO_OUTER(SetOuterHeight, (aOuterHeight), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent setting window.outerHeight by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize")) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -3311,11 +3311,11 @@ nsGlobalWindow::SetScreenX(PRInt32 aScreenX)
|
||||
FORWARD_TO_OUTER(SetScreenX, (aScreenX), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent setting window.screenX by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize")) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -3359,11 +3359,11 @@ nsGlobalWindow::SetScreenY(PRInt32 aScreenY)
|
||||
FORWARD_TO_OUTER(SetScreenY, (aScreenY), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent setting window.screenY by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize")) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -4415,11 +4415,11 @@ nsGlobalWindow::MoveTo(PRInt32 aXPos, PRInt32 aYPos)
|
||||
FORWARD_TO_OUTER(MoveTo, (aXPos, aYPos), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent window.moveTo() by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows() || IsFrame()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize") || IsFrame()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -4442,11 +4442,11 @@ nsGlobalWindow::MoveBy(PRInt32 aXDif, PRInt32 aYDif)
|
||||
FORWARD_TO_OUTER(MoveBy, (aXDif, aYDif), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent window.moveBy() by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows() || IsFrame()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize") || IsFrame()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -4473,11 +4473,11 @@ nsGlobalWindow::ResizeTo(PRInt32 aWidth, PRInt32 aHeight)
|
||||
FORWARD_TO_OUTER(ResizeTo, (aWidth, aHeight), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent window.resizeTo() by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows() || IsFrame()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize") || IsFrame()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -4500,11 +4500,11 @@ nsGlobalWindow::ResizeBy(PRInt32 aWidthDif, PRInt32 aHeightDif)
|
||||
FORWARD_TO_OUTER(ResizeBy, (aWidthDif, aHeightDif), NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* prevent window.resizeBy() by exiting early
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows() || IsFrame()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize") || IsFrame()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -4536,11 +4536,11 @@ nsGlobalWindow::SizeToContent()
|
||||
}
|
||||
|
||||
/*
|
||||
* If caller is not chrome and the user has not explicitly exempted the site,
|
||||
* prevent window.sizeToContent() by exiting early
|
||||
* If caller is not chrome and dom.disable_window_move_resize is true,
|
||||
* block window.SizeToContent() by exiting
|
||||
*/
|
||||
|
||||
if (!CanMoveResizeWindows() || IsFrame()) {
|
||||
if (!CanSetProperty("dom.disable_window_move_resize") || IsFrame()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -567,8 +567,6 @@ protected:
|
||||
|
||||
static void MakeScriptDialogTitle(nsAString &aOutTitle);
|
||||
|
||||
static PRBool CanMoveResizeWindows();
|
||||
|
||||
// Helper for window.find()
|
||||
nsresult FindInternal(const nsAString& aStr, PRBool caseSensitive,
|
||||
PRBool backwards, PRBool wrapAround, PRBool wholeWord,
|
||||
|
@ -441,6 +441,7 @@ pref("capability.policy.default.Clipboard.paste", "noAccess");
|
||||
// Scripts & Windows prefs
|
||||
pref("dom.disable_image_src_set", false);
|
||||
pref("dom.disable_window_flip", false);
|
||||
pref("dom.disable_window_move_resize", false);
|
||||
pref("dom.disable_window_status_change", false);
|
||||
|
||||
pref("dom.disable_window_open_feature.titlebar", false);
|
||||
|
Loading…
Reference in New Issue
Block a user