1
0

add 2624: window.name protection, fixes #1012

This commit is contained in:
Thorin-Oakenpants 2020-11-11 16:59:27 +00:00 committed by GitHub
parent accef19af4
commit f2fe7f02b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1183,6 +1183,10 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
* for these will show/use their correct 3rd party origin * for these will show/use their correct 3rd party origin
* [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */ * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */
user_pref("permissions.delegation.enabled", false); user_pref("permissions.delegation.enabled", false);
/* 2624: enable "window.name" protection [FF82+]
* If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
* string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/
user_pref("privacy.window.name.update.enabled", true);
/** DOWNLOADS ***/ /** DOWNLOADS ***/
/* 2650: discourage downloading to desktop /* 2650: discourage downloading to desktop