2600s renumber/reorder #368

2018-05-08 04:13:53 +12:00 · 2018-05-08 04:13:53 +12:00 · 1b0c9f66d9
parent 7eda26a1d0
commit 1b0c9f66d9
1 changed files with 68 additions and 68 deletions
--- a/user.js
+++ b/user.js
@ -1209,30 +1209,80 @@ user_pref("dom.w3c_pointer_events.enabled", false);

 /*** 2600: MISCELLANEOUS ***/
 user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
-/* 2601: disable sending additional analytics to web servers
+/* 2601: prevent accessibility services from accessing your browser [RESTART]
+ * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser
+ * [1] https://support.mozilla.org/kb/accessibility-services ***/
+user_pref("accessibility.force_disabled", 1);
+/* 2602: disable sending additional analytics to web servers
 * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/
 user_pref("beacon.enabled", false);
-/* 2604: remove temp files opened with an external application
+/* 2603: remove temp files opened with an external application
 * [1] https://bugzilla.mozilla.org/302433 ***/
 user_pref("browser.helperApps.deleteTempFileOnExit", true);
-/* 2607: disable page thumbnail collection
+/* 2604: disable page thumbnail collection
 * look in profile/thumbnails directory - you may want to clean that out ***/
 user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref)
-/* 2608: disable JAR from opening Unsafe File Types ***/
-user_pref("network.jar.open-unsafe-types", false);
-/* 2609: disable exposure of system colors to CSS or canvas (FF44+)
- * [NOTE] see second listed bug: may cause black on black for elements with undefined colors
- * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/
-user_pref("ui.use_standins_for_native_colors", true); // (hidden pref)
-/* 2610: remove special permissions for certain mozilla domains (FF35+)
- * [1] resource://app/defaults/permissions ***/
-user_pref("permissions.manager.defaultsUrl", "");
-/* 2611: disable WebIDE to prevent remote debugging and extension downloads
+/* 2605: block web content in file processes (FF55+)
+ * [WARNING] [SETUP] You may want to disable this for corporate or developer environments
+ * [1] https://bugzilla.mozilla.org/1343184 ***/
+user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
+/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
+user_pref("browser.uitour.enabled", false);
+user_pref("browser.uitour.url", "");
+/* 2607: disable various developer tools in browser context
+ * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes
+ * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/
+user_pref("devtools.chrome.enabled", false);
+/* 2608: disable WebIDE to prevent remote debugging and extension downloads
 * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
 user_pref("devtools.webide.autoinstallADBHelper", false);
 user_pref("devtools.debugger.remote-enabled", false);
 user_pref("devtools.webide.enabled", false);
-/* 2617: enable Firefox's built-in PDF reader [SETUP]
+/* 2609: disable MathML (Mathematical Markup Language) (FF51+)
+ * [TEST] http://browserspy.dk/mathml.php
+ * [1] https://bugzilla.mozilla.org/1173199 ***/
+user_pref("mathml.disabled", true);
+/* 2610: disable in-content SVG (Scalable Vector Graphics) (FF53+)
+ * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.
+ * [1] https://bugzilla.mozilla.org/1216893 ***/
+   // user_pref("svg.disabled", true);
+/* 2611: disable middle mouse click opening links from clipboard
+ * [1] https://trac.torproject.org/projects/tor/ticket/10089
+ * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/
+user_pref("middlemouse.contentLoadURL", false);
+/* 2612: disable remote JAR files being opened, regardless of content type (FF42+)
+ * [1] https://bugzilla.mozilla.org/1173171
+ * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/
+user_pref("network.jar.block-remote-files", true);
+/* 2613: disable JAR from opening Unsafe File Types ***/
+user_pref("network.jar.open-unsafe-types", false);
+/* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
+ * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins)
+ * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/
+user_pref("network.http.redirection-limit", 10);
+/* 2615: disable websites overriding Firefox's keyboard shortcuts (FF58+)
+ * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts
+ * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/
+   // user_pref("permissions.default.shortcuts", 2); //  0 (default) or 1=allow, 2=block
+/* 2616: remove special permissions for certain mozilla domains (FF35+)
+ * [1] resource://app/defaults/permissions ***/
+user_pref("permissions.manager.defaultsUrl", "");
+/* 2617: remove webchannel whitelist ***/
+user_pref("webchannel.allowObject.urlWhitelist", "");
+/* 2618: disable exposure of system colors to CSS or canvas (FF44+)
+ * [NOTE] see second listed bug: may cause black on black for elements with undefined colors
+ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/
+user_pref("ui.use_standins_for_native_colors", true); // (hidden pref)
+/* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
+ * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also
+ * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets
+ * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
+ * [1] https://wiki.mozilla.org/IDN_Display_Algorithm
+ * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack
+ * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/
+ * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/
+user_pref("network.IDN_show_punycode", true);
+/* 2620: enable Firefox's built-in PDF reader [SETUP]
 * [SETTING] General>Applications>Portable Document Format (PDF)
 * [SETTING-ESR52] Applications>Portable Document Format (PDF)
 * This setting controls if the option "Display in Firefox" in the above setting is available
@ -1244,56 +1294,6 @@ user_pref("devtools.webide.enabled", false);
 * CONS: You may prefer a different pdf reader for security reasons
 * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) ***/
 user_pref("pdfjs.disabled", false);
-/* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
- * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins)
- * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/
-user_pref("network.http.redirection-limit", 10);
-/* 2620: disable middle mouse click opening links from clipboard
- * [1] https://trac.torproject.org/projects/tor/ticket/10089
- * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/
-user_pref("middlemouse.contentLoadURL", false);
-/* 2628: disable UITour backend so there is no chance that a remote page can use it ***/
-user_pref("browser.uitour.enabled", false);
-user_pref("browser.uitour.url", "");
-/* 2629: disable remote JAR files being opened, regardless of content type (FF42+)
- * [1] https://bugzilla.mozilla.org/1173171
- * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/
-user_pref("network.jar.block-remote-files", true);
-/* 2630: prevent accessibility services from accessing your browser [RESTART]
- * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser
- * [1] https://support.mozilla.org/kb/accessibility-services ***/
-user_pref("accessibility.force_disabled", 1);
-/* 2631: block web content in file processes (FF55+)
- * [WARNING] [SETUP] You may want to disable this for corporate or developer environments
- * [1] https://bugzilla.mozilla.org/1343184 ***/
-user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
-/* 2632: disable websites overriding Firefox's keyboard shortcuts (FF58+)
- * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts
- * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/
-   // user_pref("permissions.default.shortcuts", 2); //  0 (default) or 1=allow, 2=block
-/* 2663: disable MathML (Mathematical Markup Language) (FF51+)
- * [TEST] http://browserspy.dk/mathml.php
- * [1] https://bugzilla.mozilla.org/1173199 ***/
-user_pref("mathml.disabled", true);
-/* 2665: remove webchannel whitelist ***/
-user_pref("webchannel.allowObject.urlWhitelist", "");
-/* 2667: disable various developer tools in browser context
- * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes
- * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/
-user_pref("devtools.chrome.enabled", false);
-/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+)
- * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.
- * [1] https://bugzilla.mozilla.org/1216893 ***/
-   // user_pref("svg.disabled", true);
-/* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
- * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also
- * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets
- * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
- * [1] https://wiki.mozilla.org/IDN_Display_Algorithm
- * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack
- * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/
- * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/
-user_pref("network.IDN_show_punycode", true);

 /** DOWNLOADS ***/
 /* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used)
@ -1738,13 +1738,13 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
 ***/
 user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!");
 /* FF42 and older
-// 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled
+// 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled
   // [-] https://bugzilla.mozilla.org/897811
 user_pref("pageThumbs.enabled", false);
 // 2503: (31+) disable network API - replaced by dom.netinfo.enabled
   // [-] https://bugzilla.mozilla.org/960426
 user_pref("dom.network.enabled", false);
-// 2620: (35+) disable WebSockets
+// 2600s: (35+) disable WebSockets
   // [-] https://bugzilla.mozilla.org/1091016
 user_pref("network.websocket.enabled", false);
 // 1610: (36+) set DNT "value" to "not be tracked" (FF21+)
@ -2035,11 +2035,11 @@ user_pref("social.enabled", false); // (hidden pref)
 // 1830: disable DRM's EME WideVineAdapter
   // [-] https://bugzilla.mozilla.org/1395468
 user_pref("media.eme.chromium-api.enabled", false); // (FF55+)
-// 2611: disable WebIDE extension downloads (Valence)
+// 2608: disable WebIDE extension downloads (Valence)
   // [1] https://trac.torproject.org/projects/tor/ticket/16222
   // [-] https://bugzilla.mozilla.org/1393497
 user_pref("devtools.webide.autoinstallFxdtAdapters", false);
-// 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku
+// 2600s: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku
   // [1] https://trac.torproject.org/projects/tor/ticket/16222
   // [-] https://bugzilla.mozilla.org/1393582
 user_pref("browser.casting.enabled", false);