Bug 1141352 - add a pairwise allowlist to tracking protection. r=gcp

--HG-- rename : toolkit/components/url-classifier/tests/mochitest/test_privatebrowsing_trackingprotection.html => toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_whitelist.html rename : toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedPBFrame.html => toolkit/components/url-classifier/tests/mochitest/whitelistFrame.html
2025-02-23 10:54:33 +00:00 · 2015-08-07 13:08:22 -07:00 · 2015-08-07 13:08:22 -07:00 · e5ccece7d7
commit e5ccece7d7
parent dd944c9f77
17 changed files with 370 additions and 56 deletions
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@ -171,6 +171,8 @@ http://malware.example.com:80
 http://tracking.example.com:80
 http://not-tracking.example.com:80
 http://tracking.example.org:80
 http://itisatracker.org:80
 http://trackertest.org:80
 https://malware.example.com:443
 https://tracking.example.com:443
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -4781,11 +4781,12 @@ pref("urlclassifier.malwareTable", "goog-malware-shavar,goog-unwanted-shavar,tes
 pref("urlclassifier.phishTable", "goog-phish-shavar,test-phish-simple");
 pref("urlclassifier.downloadBlockTable", "");
 pref("urlclassifier.downloadAllowTable", "");
-pref("urlclassifier.disallow_completions", "test-malware-simple,test-phish-simple,test-unwanted-simple,test-track-simple,goog-downloadwhite-digest256,mozpub-track-digest256");
+pref("urlclassifier.disallow_completions", "test-malware-simple,test-phish-simple,test-unwanted-simple,test-track-simple,test-trackwhite-simple,goog-downloadwhite-digest256,mozpub-track-digest256,mozpub-trackwhite-digest256");
 // The table and update/gethash URLs for Safebrowsing phishing and malware
 // checks.
 pref("urlclassifier.trackingTable", "test-track-simple,mozpub-track-digest256");
 pref("urlclassifier.trackingWhitelistTable", "test-trackwhite-simple,mozpub-trackwhite-digest256");
 pref("browser.trackingprotection.updateURL", "https://tracking.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
 pref("browser.trackingprotection.gethashURL", "https://tracking.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
--- a/netwerk/base/nsChannelClassifier.cpp
+++ b/netwerk/base/nsChannelClassifier.cpp
@ -512,12 +512,83 @@ nsChannelClassifier::SetBlockedTrackingContent(nsIChannel *channel)
  return NS_OK;
 }
 nsresult
 nsChannelClassifier::IsTrackerWhitelisted()
 {
  nsresult rv;
  nsCOMPtr<nsIURIClassifier> uriClassifier =
    do_GetService(NS_URICLASSIFIERSERVICE_CONTRACTID, &rv);
  NS_ENSURE_SUCCESS(rv, rv);
  nsAutoCString tables;
  Preferences::GetCString("urlclassifier.trackingWhitelistTable", &tables);
  if (tables.IsEmpty()) {
    LOG(("nsChannelClassifier[%p]:IsTrackerWhitelisted whitelist disabled",
         this));
    return NS_ERROR_TRACKING_URI;
  }
  nsCOMPtr<nsIHttpChannelInternal> chan = do_QueryInterface(mChannel, &rv);
  NS_ENSURE_SUCCESS(rv, rv);
  nsCOMPtr<nsIURI> topWinURI;
  rv = chan->GetTopWindowURI(getter_AddRefs(topWinURI));
  NS_ENSURE_SUCCESS(rv, rv);
  if (!topWinURI) {
    LOG(("nsChannelClassifier[%p]: No window URI", this));
    return NS_ERROR_TRACKING_URI;
  }
  nsCOMPtr<nsIScriptSecurityManager> securityManager =
    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
  NS_ENSURE_SUCCESS(rv, rv);
  nsCOMPtr<nsIPrincipal> chanPrincipal;
  rv = securityManager->GetChannelURIPrincipal(mChannel,
                                               getter_AddRefs(chanPrincipal));
  NS_ENSURE_SUCCESS(rv, rv);
  // Craft a whitelist URL like "toplevel.page/?resource=third.party.domain"
  nsAutoCString pageHostname, resourceDomain;
  rv = topWinURI->GetHost(pageHostname);
  NS_ENSURE_SUCCESS(rv, rv);
  rv = chanPrincipal->GetBaseDomain(resourceDomain);
  NS_ENSURE_SUCCESS(rv, rv);
  nsAutoCString whitelistEntry = NS_LITERAL_CSTRING("http://") +
    pageHostname + NS_LITERAL_CSTRING("/?resource=") + resourceDomain;
  LOG(("nsChannelClassifier[%p]: Looking for %s in the whitelist",
       this, whitelistEntry.get()));
  nsCOMPtr<nsIURI> whitelistURI;
  rv = NS_NewURI(getter_AddRefs(whitelistURI), whitelistEntry);
  NS_ENSURE_SUCCESS(rv, rv);
  // Check whether or not the tracker is in the entity whitelist
  nsAutoCString results;
  rv = uriClassifier->ClassifyLocalWithTables(whitelistURI, tables, results);
  NS_ENSURE_SUCCESS(rv, rv);
  if (!results.IsEmpty()) {
    return NS_OK; // found it on the whitelist, must not be blocked
  }
  LOG(("nsChannelClassifier[%p]: %s is not in the whitelist",
       this, whitelistEntry.get()));
  return NS_ERROR_TRACKING_URI;
 }
 NS_IMETHODIMP
 nsChannelClassifier::OnClassifyComplete(nsresult aErrorCode)
 {
    // Should only be called in the parent process.
    MOZ_ASSERT(XRE_IsParentProcess());
    if (aErrorCode == NS_ERROR_TRACKING_URI &&
        NS_SUCCEEDED(IsTrackerWhitelisted())) {
      LOG(("nsChannelClassifier[%p]:OnClassifyComplete tracker found "
           "in whitelist so we won't block it)", this));
      aErrorCode = NS_OK;
    }
    LOG(("nsChannelClassifier[%p]:OnClassifyComplete %d", this, aErrorCode));
    if (mSuspendedChannel) {
        MarkEntryClassified(aErrorCode);
--- a/netwerk/base/nsChannelClassifier.h
+++ b/netwerk/base/nsChannelClassifier.h
@ -41,6 +41,8 @@ private:
    // Start is called. Returns NS_OK if and only if we will get a callback
    // from the classifier service.
    nsresult StartInternal();
    // Helper function to check a tracking URI against the whitelist
    nsresult IsTrackerWhitelisted();
 public:
    // If we are blocking tracking content, update the corresponding flag in
--- a/netwerk/base/nsIURIClassifier.idl
+++ b/netwerk/base/nsIURIClassifier.idl
@ -4,8 +4,9 @@
 #include "nsISupports.idl"
 interface nsIPrincipal;
 interface nsIChannel;
 interface nsIPrincipal;
 interface nsIURI;
 /**
 * Callback function for nsIURIClassifier lookups.
@ -30,7 +31,7 @@ interface nsIURIClassifierCallback : nsISupports
 * The URI classifier service checks a URI against lists of phishing
 * and malware sites.
 */
-[scriptable, uuid(9168a330-7fba-40e8-9c47-4ce8f15a57fd)]
+[scriptable, uuid(596620cc-76e3-4133-9d90-360e59a794cf)]
 interface nsIURIClassifier : nsISupports
 {
  /**
@ -56,10 +57,9 @@ interface nsIURIClassifier : nsISupports
                   in nsIURIClassifierCallback aCallback);
  /**
-   * Synchronously classify a Principal locally using its URI with a
+   * Synchronously classify a URI with a comma-separated string
-   * comma-separated string containing the given tables. This does not make
+   * containing the given tables. This does not make network requests.
-   * network requests. The result is a comma-separated string of tables that match.
+   * The result is a comma-separated string of tables that match.
   */
-  ACString classifyLocalWithTables(in nsIPrincipal aPrincipal,
+  ACString classifyLocalWithTables(in nsIURI aURI, in ACString aTables);
                                   in ACString aTables);
 };
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@ -5160,23 +5160,24 @@ nsHttpChannel::BeginConnect()
    nsRefPtr<nsChannelClassifier> channelClassifier = new nsChannelClassifier();
    if (mLoadFlags & LOAD_CLASSIFY_URI) {
        nsCOMPtr<nsIURIClassifier> classifier = do_GetService(NS_URICLASSIFIERSERVICE_CONTRACTID);
-        if (classifier) {
+        bool tpEnabled = false;
-            bool tpEnabled = false;
+        channelClassifier->ShouldEnableTrackingProtection(this, &tpEnabled);
-            channelClassifier->ShouldEnableTrackingProtection(this, &tpEnabled);
+        if (classifier && tpEnabled) {
            // We skip speculative connections by setting mLocalBlocklist only
            // when tracking protection is enabled. Though we could do this for
            // both phishing and malware, it is not necessary for correctness,
            // since no network events will be received while the
            // nsChannelClassifier is in progress. See bug 1122691.
-            if (tpEnabled) {
+            nsCOMPtr<nsIURI> uri;
-                nsCOMPtr<nsIPrincipal> principal = GetURIPrincipal();
+            rv = GetURI(getter_AddRefs(uri));
            if (NS_SUCCEEDED(rv) && uri) {
                nsAutoCString tables;
                Preferences::GetCString("urlclassifier.trackingTable", &tables);
                nsAutoCString results;
-                rv = classifier->ClassifyLocalWithTables(principal, tables, results);
+                rv = classifier->ClassifyLocalWithTables(uri, tables, results);
                if (NS_SUCCEEDED(rv) && !results.IsEmpty()) {
                    LOG(("nsHttpChannel::ClassifyLocalWithTables found "
-                         "principal on local tracking blocklist [this=%p]",
+                         "uri on local tracking blocklist [this=%p]",
                         this));
                    mLocalBlocklist = true;
                } else {
--- a/toolkit/components/url-classifier/SafeBrowsing.jsm
+++ b/toolkit/components/url-classifier/SafeBrowsing.jsm
@ -29,6 +29,7 @@ const malwareLists = getLists("urlclassifier.malwareTable");
 const downloadBlockLists = getLists("urlclassifier.downloadBlockTable");
 const downloadAllowLists = getLists("urlclassifier.downloadAllowTable");
 const trackingProtectionLists = getLists("urlclassifier.trackingTable");
 const trackingProtectionWhitelists = getLists("urlclassifier.trackingWhitelistTable");
 var debug = false;
 function log(...stuff) {
@ -73,6 +74,11 @@ this.SafeBrowsing = {
                                this.trackingUpdateURL,
                                this.trackingGethashURL);
    }
    for (let i = 0; i < trackingProtectionWhitelists.length; ++i) {
      listManager.registerTable(trackingProtectionWhitelists[i],
                                this.trackingUpdateURL,
                                this.trackingGethashURL);
    }
    this.addMozEntries();
    this.controlUpdateChecking();
@ -200,8 +206,10 @@ this.SafeBrowsing = {
    for (let i = 0; i < trackingProtectionLists.length; ++i) {
      if (this.trackingEnabled) {
        listManager.enableUpdate(trackingProtectionLists[i]);
        listManager.enableUpdate(trackingProtectionWhitelists[i]);
      } else {
        listManager.disableUpdate(trackingProtectionLists[i]);
        listManager.disableUpdate(trackingProtectionWhitelists[i]);
      }
    }
    listManager.maybeToggleUpdateChecking();
@ -214,25 +222,30 @@ this.SafeBrowsing = {
    const phishURL    = "itisatrap.org/firefox/its-a-trap.html";
    const malwareURL  = "itisatrap.org/firefox/its-an-attack.html";
    const unwantedURL = "itisatrap.org/firefox/unwanted.html";
-    const trackerURLs  = [
+    const trackerURLs = [
      "trackertest.org/",
      "itisatracker.org/",
    ];
    const whitelistURL = "itisatrap.org/?resource=itisatracker.org";
    let update = "n:1000\ni:test-malware-simple\nad:1\n" +
                 "a:1:32:" + malwareURL.length + "\n" +
-                 malwareURL;
+                 malwareURL + "\n";
    update += "n:1000\ni:test-phish-simple\nad:1\n" +
              "a:1:32:" + phishURL.length + "\n" +
-              phishURL;
+              phishURL  + "\n";
    update += "n:1000\ni:test-unwanted-simple\nad:1\n" +
              "a:1:32:" + unwantedURL.length + "\n" +
-              unwantedURL;
+              unwantedURL + "\n";
    update += "n:1000\ni:test-track-simple\n" +
              "ad:" + trackerURLs.length + "\n";
    trackerURLs.forEach((trackerURL, i) => {
-      update += "n:1000\ni:test-track-simple\nad:1\n" +
+      update += "a:" + (i + 1) + ":32:" + trackerURL.length + "\n" +
-                "a:" + (i + 1) + ":32:" + trackerURL.length + "\n" +
+                trackerURL + "\n";
                trackerURL;
    });
    update += "n:1000\ni:test-trackwhite-simple\nad:1\n" +
              "a:1:32:" + whitelistURL.length + "\n" +
              whitelistURL;
    log("addMozEntries:", update);
    let db = Cc["@mozilla.org/url-classifier/dbservice;1"].
@ -247,7 +260,7 @@ this.SafeBrowsing = {
    };
    try {
-      let tables = "test-malware-simple,test-phish-simple,test-unwanted-simple,test-track-simple";
+      let tables = "test-malware-simple,test-phish-simple,test-unwanted-simple,test-track-simple,test-trackwhite-simple";
      db.beginUpdate(dummyListener, tables, "");
      db.beginStream("", "");
      db.updateStream(update);
--- a/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp
+++ b/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp
@ -78,6 +78,7 @@ PRLogModuleInfo *gUrlClassifierDbServiceLog = nullptr;
 #define MALWARE_TABLE_PREF      "urlclassifier.malwareTable"
 #define PHISH_TABLE_PREF        "urlclassifier.phishTable"
 #define TRACKING_TABLE_PREF     "urlclassifier.trackingTable"
 #define TRACKING_WHITELIST_TABLE_PREF "urlclassifier.trackingWhitelistTable"
 #define DOWNLOAD_BLOCK_TABLE_PREF "urlclassifier.downloadBlockTable"
 #define DOWNLOAD_ALLOW_TABLE_PREF "urlclassifier.downloadAllowTable"
 #define DISALLOW_COMPLETION_TABLE_PREF "urlclassifier.disallow_completions"
@ -1068,6 +1069,12 @@ nsUrlClassifierDBService::ReadTablesFromPrefs()
    allTables.Append(tables);
  }
  Preferences::GetCString(TRACKING_WHITELIST_TABLE_PREF, &tables);
  if (!tables.IsEmpty()) {
    allTables.Append(',');
    allTables.Append(tables);
  }
  Classifier::SplitTables(allTables, mGethashTables);
  Preferences::GetCString(DISALLOW_COMPLETION_TABLE_PREF, &tables);
@ -1115,6 +1122,7 @@ nsUrlClassifierDBService::Init()
  Preferences::AddStrongObserver(this, PHISH_TABLE_PREF);
  Preferences::AddStrongObserver(this, MALWARE_TABLE_PREF);
  Preferences::AddStrongObserver(this, TRACKING_TABLE_PREF);
  Preferences::AddStrongObserver(this, TRACKING_WHITELIST_TABLE_PREF);
  Preferences::AddStrongObserver(this, DOWNLOAD_BLOCK_TABLE_PREF);
  Preferences::AddStrongObserver(this, DOWNLOAD_ALLOW_TABLE_PREF);
  Preferences::AddStrongObserver(this, DISALLOW_COMPLETION_TABLE_PREF);
@ -1186,11 +1194,22 @@ nsUrlClassifierDBService::BuildTables(bool aTrackingProtectionEnabled,
    tables.Append(',');
    tables.Append(phishing);
  }
-  nsAutoCString tracking;
+  if (aTrackingProtectionEnabled) {
-  Preferences::GetCString(TRACKING_TABLE_PREF, &tracking);
+    nsAutoCString tracking, trackingWhitelist;
-  if (aTrackingProtectionEnabled && !tracking.IsEmpty()) {
+    Preferences::GetCString(TRACKING_TABLE_PREF, &tracking);
-    tables.Append(',');
+    if (!tracking.IsEmpty()) {
-    tables.Append(tracking);
+      tables.Append(',');
      tables.Append(tracking);
    }
    Preferences::GetCString(TRACKING_WHITELIST_TABLE_PREF, &trackingWhitelist);
    if (!trackingWhitelist.IsEmpty()) {
      tables.Append(',');
      tables.Append(trackingWhitelist);
    }
  }
  if (StringBeginsWith(tables, NS_LITERAL_CSTRING(","))) {
    tables.Cut(0, 1);
  }
 }
@ -1229,25 +1248,20 @@ nsUrlClassifierDBService::Classify(nsIPrincipal* aPrincipal,
 }
 NS_IMETHODIMP
-nsUrlClassifierDBService::ClassifyLocalWithTables(nsIPrincipal *aPrincipal,
+nsUrlClassifierDBService::ClassifyLocalWithTables(nsIURI *aURI,
                                                  const nsACString & aTables,
                                                  nsACString & aTableResults)
 {
  MOZ_ASSERT(NS_IsMainThread(), "ClassifyLocalWithTables must be on main thread");
-  nsCOMPtr<nsIURI> uri;
+  nsCOMPtr<nsIURI> uri = NS_GetInnermostURI(aURI);
  nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
  NS_ENSURE_SUCCESS(rv, rv);
  NS_ENSURE_TRUE(uri, NS_ERROR_FAILURE);
  uri = NS_GetInnermostURI(uri);
  NS_ENSURE_TRUE(uri, NS_ERROR_FAILURE);
  nsAutoCString key;
  // Canonicalize the url
  nsCOMPtr<nsIUrlClassifierUtils> utilsService =
    do_GetService(NS_URLCLASSIFIERUTILS_CONTRACTID);
-  rv = utilsService->GetKeyForURI(uri, key);
+  nsresult rv = utilsService->GetKeyForURI(uri, key);
  NS_ENSURE_SUCCESS(rv, rv);
  nsAutoPtr<LookupResultArray> results(new LookupResultArray());
@ -1513,6 +1527,7 @@ nsUrlClassifierDBService::Observe(nsISupports *aSubject, const char *aTopic,
      NS_LITERAL_STRING(PHISH_TABLE_PREF).Equals(aData) ||
      NS_LITERAL_STRING(MALWARE_TABLE_PREF).Equals(aData) ||
      NS_LITERAL_STRING(TRACKING_TABLE_PREF).Equals(aData) ||
      NS_LITERAL_STRING(TRACKING_WHITELIST_TABLE_PREF).Equals(aData) ||
      NS_LITERAL_STRING(DOWNLOAD_BLOCK_TABLE_PREF).Equals(aData) ||
      NS_LITERAL_STRING(DOWNLOAD_ALLOW_TABLE_PREF).Equals(aData) ||
      NS_LITERAL_STRING(DISALLOW_COMPLETION_TABLE_PREF).Equals(aData)) {
@ -1552,6 +1567,7 @@ nsUrlClassifierDBService::Shutdown()
    prefs->RemoveObserver(PHISH_TABLE_PREF, this);
    prefs->RemoveObserver(MALWARE_TABLE_PREF, this);
    prefs->RemoveObserver(TRACKING_TABLE_PREF, this);
    prefs->RemoveObserver(TRACKING_WHITELIST_TABLE_PREF, this);
    prefs->RemoveObserver(DOWNLOAD_BLOCK_TABLE_PREF, this);
    prefs->RemoveObserver(DOWNLOAD_ALLOW_TABLE_PREF, this);
    prefs->RemoveObserver(DISALLOW_COMPLETION_TABLE_PREF, this);
--- a/toolkit/components/url-classifier/tests/UrlClassifierTestUtils.jsm
+++ b/toolkit/components/url-classifier/tests/UrlClassifierTestUtils.jsm
@ -4,27 +4,54 @@ this.EXPORTED_SYMBOLS = ["UrlClassifierTestUtils"];
 const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components;
 const TRACKING_TABLE_NAME = "mochitest-track-simple";
 const TRACKING_TABLE_PREF = "urlclassifier.trackingTable";
 const WHITELIST_TABLE_NAME = "mochitest-trackwhite-simple";
 const WHITELIST_TABLE_PREF = "urlclassifier.trackingWhitelistTable";
 Cu.import("resource://gre/modules/Services.jsm");
 this.UrlClassifierTestUtils = {
  addTestTrackers() {
-    const TABLE_PREF = "urlclassifier.trackingTable";
+    // Add some URLs to the tracking databases
-    const TABLE_NAME = "test-track-simple";
+    let trackingURL1 = "tracking.example.com/";
    let trackingURL2 = "itisatracker.org/";
    let trackingURL3 = "trackertest.org/";
    let whitelistedURL = "itisatrap.org/?resource=itisatracker.org";
-    // Add some URLs to the tracking database (to be blocked)
+    let trackingUpdate =
-    let testData = "tracking.example.com/";
+          "n:1000\ni:" + TRACKING_TABLE_NAME + "\nad:3\n" +
-    let testUpdate =
+          "a:1:32:" + trackingURL1.length + "\n" +
-          "n:1000\ni:test-track-simple\nad:1\n" +
+          trackingURL1 + "\n" +
-          "a:524:32:" + testData.length + "\n" +
+          "a:2:32:" + trackingURL2.length + "\n" +
-          testData;
+          trackingURL2 + "\n" +
          "a:3:32:" + trackingURL3.length + "\n" +
          trackingURL3 + "\n";
    let whitelistUpdate =
          "n:1000\ni:" + WHITELIST_TABLE_NAME + "\nad:1\n" +
          "a:1:32:" + whitelistedURL.length + "\n" +
          whitelistedURL + "\n";
-    return this.useTestDatabase(TABLE_PREF, TABLE_NAME, testUpdate);
+    var tables = [
      {
        pref: TRACKING_TABLE_PREF,
        name: TRACKING_TABLE_NAME,
        update: trackingUpdate
      },
      {
        pref: WHITELIST_TABLE_PREF,
        name: WHITELIST_TABLE_NAME,
        update: whitelistUpdate
      }
    ];
    return this.useTestDatabase(tables);
  },
  cleanupTestTrackers() {
-    const TABLE_PREF = "urlclassifier.trackingTable";
+    Services.prefs.clearUserPref(TRACKING_TABLE_PREF);
-    Services.prefs.clearUserPref(TABLE_PREF);
+    Services.prefs.clearUserPref(WHITELIST_TABLE_PREF);
  },
  /**
@ -33,8 +60,10 @@ this.UrlClassifierTestUtils = {
   *
   * @return {Promise}
   */
-  useTestDatabase(tablePref, tableName, update) {
+  useTestDatabase(tables) {
-    Services.prefs.setCharPref(tablePref, tableName);
+    for (var table of tables) {
      Services.prefs.setCharPref(table.pref, table.name);
    }
    return new Promise((resolve, reject) => {
      let dbService = Cc["@mozilla.org/url-classifier/dbservice;1"].
@ -57,11 +86,13 @@ this.UrlClassifierTestUtils = {
        }
      };
-      dbService.beginUpdate(listener, tableName, "");
+      for (var table of tables) {
-      dbService.beginStream("", "");
+        dbService.beginUpdate(listener, table.name, "");
-      dbService.updateStream(update);
+        dbService.beginStream("", "");
-      dbService.finishStream();
+        dbService.updateStream(table.update);
-      dbService.finishUpdate();
+        dbService.finishStream();
        dbService.finishUpdate();
      }
    });
  },
 };
--- a/toolkit/components/url-classifier/tests/mochitest/chrome.ini
+++ b/toolkit/components/url-classifier/tests/mochitest/chrome.ini
@ -14,3 +14,5 @@ tags = trackingprotection
 tags = trackingprotection
 [test_trackingprotection_bug1157081.html]
 tags = trackingprotection
 [test_trackingprotection_whitelist.html]
 tags = trackingprotection
--- a/toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedPBFrame.html
+++ b/toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedPBFrame.html
@ -12,6 +12,8 @@
 <script id="badscript" data-touched="not sure" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js" onload="this.dataset.touched = 'yes';" onerror="this.dataset.touched = 'no';"></script>
 <script id="goodscript" data-touched="not sure" src="http://itisatracker.org/tests/toolkit/components/url-classifier/tests/mochitest/good.js" onload="this.dataset.touched = 'yes';" onerror="this.dataset.touched = 'no';"></script>
 <!-- The image cache can cache JS handlers, so make sure we use a different URL for raptor.jpg each time -->
 <img id="badimage" data-touched="not sure" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/raptor.jpg?pbmode=test" onload="this.dataset.touched = 'yes';" onerror="this.dataset.touched = 'no';"/>
--- a/toolkit/components/url-classifier/tests/mochitest/good.js
+++ b/toolkit/components/url-classifier/tests/mochitest/good.js
@ -0,0 +1 @@
 scriptItem = "loaded whitelisted javascript!";
--- a/toolkit/components/url-classifier/tests/mochitest/mochitest.ini
+++ b/toolkit/components/url-classifier/tests/mochitest/mochitest.ini
@ -1,8 +1,10 @@
 [DEFAULT]
 skip-if = buildapp == 'b2g' || e10s
 support-files =
  classifiedAnnotatedPBFrame.html
  classifierFrame.html
  cleanWorker.js
  good.js
  evil.css
  evil.js
  evilWorker.js
@ -10,6 +12,7 @@ support-files =
  raptor.jpg
  track.html
  unwantedWorker.js
  whitelistFrame.html
  workerFrame.html
 [test_classifier.html]
--- a/toolkit/components/url-classifier/tests/mochitest/test_privatebrowsing_trackingprotection.html
+++ b/toolkit/components/url-classifier/tests/mochitest/test_privatebrowsing_trackingprotection.html
@ -25,7 +25,7 @@ var mainWindow = window.QueryInterface(Ci.nsIInterfaceRequestor)
                    .rootTreeItem
                    .QueryInterface(Ci.nsIInterfaceRequestor)
                    .getInterface(Ci.nsIDOMWindow);
-var contentPage = "chrome://mochitests/content/chrome/toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedPBFrame.html"
+var contentPage = "http://www.itisatrap.org/tests/toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedPBFrame.html";
 Components.utils.import("resource://gre/modules/Services.jsm");
 Components.utils.import("resource://testing-common/UrlClassifierTestUtils.jsm");
@ -71,6 +71,7 @@ function checkLoads(aWindow, aBlocked) {
  var win = aWindow.content;
  is(win.document.getElementById("badscript").dataset.touched, aBlocked ? "no" : "yes", "Should not load tracking javascript");
  is(win.document.getElementById("badimage").dataset.touched, aBlocked ? "no" : "yes", "Should not load tracking images");
  is(win.document.getElementById("goodscript").dataset.touched, "yes", "Should load whitelisted tracking javascript");
  var elt = win.document.getElementById("styleCheck");
  var style = win.document.defaultView.getComputedStyle(elt, "");
--- a/toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_whitelist.html
+++ b/toolkit/components/url-classifier/tests/mochitest/test_trackingprotection_whitelist.html
@ -0,0 +1,150 @@
 <!DOCTYPE HTML>
 <!-- Any copyright is dedicated to the Public Domain.
     http://creativecommons.org/publicdomain/zero/1.0/ -->
 <html>
 <head>
  <title>Test Tracking Protection in Private Browsing mode</title>
  <script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css">
 </head>
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
 </div>
 <pre id="test">
 <script class="testbody" type="text/javascript">
 var Cc = SpecialPowers.Cc;
 var Ci = SpecialPowers.Ci;
 var mainWindow = window.QueryInterface(Ci.nsIInterfaceRequestor)
                    .getInterface(Ci.nsIWebNavigation)
                    .QueryInterface(Ci.nsIDocShellTreeItem)
                    .rootTreeItem
                    .QueryInterface(Ci.nsIInterfaceRequestor)
                    .getInterface(Ci.nsIDOMWindow);
 var contentPage1 = "http://www.itisatrap.org/tests/toolkit/components/url-classifier/tests/mochitest/whitelistFrame.html";
 var contentPage2 = "http://example.com/tests/toolkit/components/url-classifier/tests/mochitest/whitelistFrame.html";
 Components.utils.import("resource://gre/modules/Services.jsm");
 Components.utils.import("resource://testing-common/UrlClassifierTestUtils.jsm");
 function whenDelayedStartupFinished(aWindow, aCallback) {
  Services.obs.addObserver(function observer(aSubject, aTopic) {
    if (aWindow == aSubject) {
      Services.obs.removeObserver(observer, aTopic);
      setTimeout(aCallback, 0);
    }
  }, "browser-delayed-startup-finished", false);
 }
 function testOnWindow(contentPage, aCallback) {
  var win = mainWindow.OpenBrowserWindow();
  win.addEventListener("load", function onLoad() {
    win.removeEventListener("load", onLoad, false);
    whenDelayedStartupFinished(win, function() {
      win.addEventListener("DOMContentLoaded", function onInnerLoad() {
        if (win.content.location.href != contentPage) {
          win.gBrowser.loadURI(contentPage);
          return;
        }
        win.removeEventListener("DOMContentLoaded", onInnerLoad, true);
        win.content.addEventListener('load', function innerLoad2() {
          win.content.removeEventListener('load', innerLoad2, false);
          SimpleTest.executeSoon(function() { aCallback(win); });
        }, false, true);
      }, true);
      SimpleTest.executeSoon(function() { win.gBrowser.loadURI(contentPage); });
    });
  }, true);
 }
 var alwaysbadids = [
  "badscript",
 ];
 function checkLoads(aWindow, aWhitelisted) {
  var win = aWindow.content;
  is(win.document.getElementById("badscript").dataset.touched, "no", "Should not load tracking javascript");
  is(win.document.getElementById("goodscript").dataset.touched, aWhitelisted ? "yes" : "no", "Should load whitelisted tracking javascript");
  var badids = alwaysbadids.slice();
  if (!aWhitelisted) {
    badids.push("goodscript");
  }
  is(win.document.blockedTrackingNodeCount, badids.length, "Should identify all tracking elements");
  var blockedTrackingNodes = win.document.blockedTrackingNodes;
  // Make sure that every node in blockedTrackingNodes exists in the tree
  // (that may not always be the case but do not expect any nodes to disappear
  // from the tree here)
  var allNodeMatch = true;
  for (var i = 0; i < blockedTrackingNodes.length; i++) {
    var nodeMatch = false;
    for (var j = 0; j < badids.length && !nodeMatch; j++) {
      nodeMatch = nodeMatch ||
        (blockedTrackingNodes[i] == win.document.getElementById(badids[j]));
    }
    allNodeMatch = allNodeMatch && nodeMatch;
  }
  is(allNodeMatch, true, "All annotated nodes are expected in the tree");
  // Make sure that every node with a badid (see badids) is found in the
  // blockedTrackingNodes. This tells us if we are neglecting to annotate
  // some nodes
  allNodeMatch = true;
  for (var j = 0; j < badids.length; j++) {
    var nodeMatch = false;
    for (var i = 0; i < blockedTrackingNodes.length && !nodeMatch; i++) {
      nodeMatch = nodeMatch ||
        (blockedTrackingNodes[i] == win.document.getElementById(badids[j]));
    }
    allNodeMatch = allNodeMatch && nodeMatch;
  }
  is(allNodeMatch, true, "All tracking nodes are expected to be annotated as such");
 }
 SpecialPowers.pushPrefEnv(
  {"set" : [["privacy.trackingprotection.enabled", true],
            ["channelclassifier.allowlist_example", true]]},
  test);
 function test() {
  SimpleTest.registerCleanupFunction(UrlClassifierTestUtils.cleanupTestTrackers);
  UrlClassifierTestUtils.addTestTrackers().then(() => {
    // Load the test from a URL on the whitelist
    testOnWindow(contentPage1, function(aWindow) {
      checkLoads(aWindow, true);
      aWindow.close();
      // Load the test from a URL that's NOT on the whitelist
      testOnWindow(contentPage2, function(aWindow) {
        checkLoads(aWindow, false);
        aWindow.close();
        // Load the test from a URL on the whitelist but without the whitelist
        SpecialPowers.setCharPref("urlclassifier.trackingWhitelistTable", "");
        testOnWindow(contentPage1, function(aWindow) {
        checkLoads(aWindow, false);
          aWindow.close();
          SimpleTest.finish();
        });
      });
    });
  });
 }
 SimpleTest.waitForExplicitFinish();
 </script>
 </pre>
 <iframe id="testFrame" width="100%" height="100%" onload=""></iframe>
 </body>
 </html>
--- a/toolkit/components/url-classifier/tests/mochitest/whitelistFrame.html
+++ b/toolkit/components/url-classifier/tests/mochitest/whitelistFrame.html
@ -0,0 +1,15 @@
 <!DOCTYPE HTML>
 <!-- Any copyright is dedicated to the Public Domain.
     http://creativecommons.org/publicdomain/zero/1.0/ -->
 <html>
 <head>
 <title></title>
 </head>
 <body>
 <script id="badscript" data-touched="not sure" src="http://trackertest.org/tests/toolkit/components/url-classifier/tests/mochitest/evil.js" onload="this.dataset.touched = 'yes';" onerror="this.dataset.touched = 'no';"></script>
 <script id="goodscript" data-touched="not sure" src="http://itisatracker.org/tests/toolkit/components/url-classifier/tests/mochitest/good.js" onload="this.dataset.touched = 'yes';" onerror="this.dataset.touched = 'no';"></script>
 </body>
 </html>
--- a/toolkit/components/url-classifier/tests/unit/head_urlclassifier.js
+++ b/toolkit/components/url-classifier/tests/unit/head_urlclassifier.js
@ -55,19 +55,22 @@ function cleanUp() {
  delFile("safebrowsing/test-malware-simple.sbstore");
  delFile("safebrowsing/test-unwanted-simple.sbstore");
  delFile("safebrowsing/test-track-simple.sbstore");
  delFile("safebrowsing/test-trackwhite-simple.sbstore");
  delFile("safebrowsing/test-phish-simple.cache");
  delFile("safebrowsing/test-malware-simple.cache");
  delFile("safebrowsing/test-unwanted-simple.cache");
  delFile("safebrowsing/test-track-simple.cache");
  delFile("safebrowsing/test-trackwhite-simple.cache");
  delFile("safebrowsing/test-phish-simple.pset");
  delFile("safebrowsing/test-malware-simple.pset");
  delFile("safebrowsing/test-unwanted-simple.pset");
  delFile("safebrowsing/test-track-simple.pset");
  delFile("safebrowsing/test-trackwhite-simple.pset");
  delFile("testLarge.pset");
  delFile("testNoDelta.pset");
 }
-var allTables = "test-phish-simple,test-malware-simple,test-unwanted-simple,test-track-simple";
+var allTables = "test-phish-simple,test-malware-simple,test-unwanted-simple,test-track-simple,test-trackwhite-simple";
 var dbservice = Cc["@mozilla.org/url-classifier/dbservice;1"].getService(Ci.nsIUrlClassifierDBService);
 var streamUpdater = Cc["@mozilla.org/url-classifier/streamupdater;1"]
		`@ -0,0 +1 @@`
							`scriptItem = "loaded whitelisted javascript!";`