1
0

2203: undo sh*t

This is so wrong: It is better to inform users that 3 **must** be used than rely on zero info as well as removing useful info on what the values do. All future issues with this will be directed to earthlng. Remove RFP info as RFP users should know this stuff if they turned it on. Non RFP users, who we told they can bypass it, will not have a reference to RFP now. Enforce will now be banned as a word because, "reasons".
This commit is contained in:
Thorin-Oakenpants 2018-03-26 19:33:46 +00:00 committed by GitHub
parent 72e1858926
commit 30fbaba4df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1067,13 +1067,12 @@ user_pref("dom.disable_window_open_feature.toolbar", true);
user_pref("dom.allow_scripts_to_close_windows", false); // default: false user_pref("dom.allow_scripts_to_close_windows", false); // default: false
user_pref("dom.disable_window_flip", true); // window z-order - default: true user_pref("dom.disable_window_flip", true); // window z-order - default: true
user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_window_move_resize", true);
/* 2203: enforce links targeting new windows to open in a new tab instead /* 2203: open links targeting new windows in a new tab instead
* This stops malicious window sizes and some screen resolution leaks. * This stops malicious window sizes and some screen resolution leaks.
* You can still right-click a link and open in a new window (or middle-click). * You can still right-click a link and open in a new window (or middle-click).
* [NOTE] RFP (4500) already resizes new windows to cover screen resolution leaks
* [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
* [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/
user_pref("browser.link.open_newwindow", 3); // 1=current, 2=new, 3=most recent user_pref("browser.link.open_newwindow", 3);
user_pref("browser.link.open_newwindow.restriction", 0); user_pref("browser.link.open_newwindow.restriction", 0);
/* 2204: disable Fullscreen API to prevent screen-resolution leaks [SETUP] /* 2204: disable Fullscreen API to prevent screen-resolution leaks [SETUP]
* [NOTE] You can still manually toggle the browser's fullscreen state (F11), * [NOTE] You can still manually toggle the browser's fullscreen state (F11),