This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.11.0esr-12.0-1 in repository tor-browser.

commit d5e39bf2f23cc179fe8359bbf9d0a07f88b0bf01 Author: Pier Angelo Vendrame pierov@torproject.org AuthorDate: Fri Jul 8 16:19:41 2022 +0200

Bug 40925: Implemented the SecurityLevel backend --- browser/components/securitylevel/SecurityLevel.jsm | 458 +++++++++++++++++++++ .../securitylevel/SecurityLevel.manifest | 1 + browser/components/securitylevel/components.conf | 10 + browser/components/securitylevel/moz.build | 12 + browser/installer/package-manifest.in | 2 + 5 files changed, 483 insertions(+)

diff --git a/browser/components/securitylevel/SecurityLevel.jsm b/browser/components/securitylevel/SecurityLevel.jsm new file mode 100644 index 0000000000000..bd7c803511fff --- /dev/null +++ b/browser/components/securitylevel/SecurityLevel.jsm @@ -0,0 +1,458 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["SecurityLevel"]; + +const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); + +const BrowserTopics = Object.freeze({ + ProfileAfterChange: "profile-after-change", +}); + +const { ExtensionUtils } = ChromeUtils.import( + "resource://gre/modules/ExtensionUtils.jsm" +); +const { MessageChannel } = ChromeUtils.import( + "resource://gre/modules/MessageChannel.jsm" +); + +const { XPCOMUtils } = ChromeUtils.import( + "resource://gre/modules/XPCOMUtils.jsm" +); + +XPCOMUtils.defineLazyModuleGetters(this, { + ExtensionParent: "resource://gre/modules/ExtensionParent.jsm", +}); + +// Logger adapted from CustomizableUI.jsm +XPCOMUtils.defineLazyGetter(this, "logger", () => { + let scope = {}; + ChromeUtils.import("resource://gre/modules/Console.jsm", scope); + let consoleOptions = { + maxLogLevel: "info", + prefix: "SecurityLevel", + }; + return new scope.ConsoleAPI(consoleOptions); +}); + +// The Security Settings prefs in question. +const kSliderPref = "extensions.torbutton.security_slider"; +const kCustomPref = "extensions.torbutton.security_custom"; +const kSliderMigration = "extensions.torbutton.security_slider_migration"; + +// __getPrefValue(prefName)__ +// Returns the current value of a preference, regardless of its type. +var getPrefValue = function(prefName) { + switch (Services.prefs.getPrefType(prefName)) { + case Services.prefs.PREF_BOOL: + return Services.prefs.getBoolPref(prefName); + case Services.prefs.PREF_INT: + return Services.prefs.getIntPref(prefName); + case Services.prefs.PREF_STRING: + return Services.prefs.getCharPref(prefName); + default: + return null; + } +}; + +// __bindPref(prefName, prefHandler, init)__ +// Applies prefHandler whenever the value of the pref changes. +// If init is true, applies prefHandler to the current value. +// Returns a zero-arg function that unbinds the pref. +var bindPref = function(prefName, prefHandler, init = false) { + let update = () => { + prefHandler(getPrefValue(prefName)); + }, + observer = { + observe(subject, topic, data) { + if (data === prefName) { + update(); + } + }, + }; + Services.prefs.addObserver(prefName, observer); + if (init) { + update(); + } + return () => { + Services.prefs.removeObserver(prefName, observer); + }; +}; + +// __bindPrefAndInit(prefName, prefHandler)__ +// Applies prefHandler to the current value of pref specified by prefName. +// Re-applies prefHandler whenever the value of the pref changes. +// Returns a zero-arg function that unbinds the pref. +var bindPrefAndInit = (prefName, prefHandler) => + bindPref(prefName, prefHandler, true); + +async function waitForExtensionMessage(extensionId, checker = () => {}) { + const { torWaitForExtensionMessage } = ExtensionParent; + if (torWaitForExtensionMessage) { + return torWaitForExtensionMessage(extensionId, checker); + } + + // Old messaging <= 78 + return new Promise(resolve => { + const listener = ({ data }) => { + for (const msg of data) { + if (msg.recipient.extensionId === extensionId) { + const deserialized = msg.data.deserialize({}); + if (checker(deserialized)) { + Services.mm.removeMessageListener( + "MessageChannel:Messages", + listener + ); + resolve(deserialized); + } + } + } + }; + Services.mm.addMessageListener("MessageChannel:Messages", listener); + }); +} + +async function sendExtensionMessage(extensionId, message) { + const { torSendExtensionMessage } = ExtensionParent; + if (torSendExtensionMessage) { + return torSendExtensionMessage(extensionId, message); + } + + // Old messaging <= 78 + Services.cpmm.sendAsyncMessage("MessageChannel:Messages", [ + { + messageName: "Extension:Message", + sender: { id: extensionId, extensionId }, + recipient: { extensionId }, + data: new StructuredCloneHolder(message), + channelId: ExtensionUtils.getUniqueId(), + responseType: MessageChannel.RESPONSE_NONE, + }, + ]); + return undefined; +} + +// ## NoScript settings + +// Minimum and maximum capability states as controlled by NoScript. +const max_caps = [ + "fetch", + "font", + "frame", + "media", + "object", + "other", + "script", + "webgl", + "noscript", +]; +const min_caps = ["frame", "other", "noscript"]; + +// Untrusted capabilities for [Standard, Safer, Safest] safety levels. +const untrusted_caps = [ + max_caps, // standard safety: neither http nor https + ["frame", "font", "object", "other", "noscript"], // safer: http + min_caps, // safest: neither http nor https +]; + +// Default capabilities for [Standard, Safer, Safest] safety levels. +const default_caps = [ + max_caps, // standard: both http and https + ["fetch", "font", "frame", "object", "other", "script", "noscript"], // safer: https only + min_caps, // safest: both http and https +]; + +// __noscriptSettings(safetyLevel)__. +// Produces NoScript settings with policy according to +// the safetyLevel which can be: +// 0 = Standard, 1 = Safer, 2 = Safest +// +// At the "Standard" safety level, we leave all sites at +// default with maximal capabilities. Essentially no content +// is blocked. +// +// At "Safer", we set all http sites to untrusted, +// and all https sites to default. Scripts are only permitted +// on https sites. Neither type of site is supposed to allow +// media, but both allow fonts (as we used in legacy NoScript). +// +// At "Safest", all sites are at default with minimal +// capabilities. Most things are blocked. +let noscriptSettings = safetyLevel => ({ + __meta: { + name: "updateSettings", + recipientInfo: null, + }, + policy: { + DEFAULT: { + capabilities: default_caps[safetyLevel], + temp: false, + }, + TRUSTED: { + capabilities: max_caps, + temp: false, + }, + UNTRUSTED: { + capabilities: untrusted_caps[safetyLevel], + temp: false, + }, + sites: { + trusted: [], + untrusted: [[], ["http:"], []][safetyLevel], + custom: {}, + temp: [], + }, + enforced: true, + autoAllowTop: false, + }, + isTorBrowser: true, + tabId: -1, +}); + +// ## Communications + +// The extension ID for NoScript (WebExtension) +const noscriptID = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + +// Ensure binding only occurs once. +let initialized = false; + +// __initialize()__. +// The main function that binds the NoScript settings to the security +// slider pref state. +var initializeNoScriptControl = () => { + if (initialized) { + return; + } + initialized = true; + + try { + // LegacyExtensionContext is not there anymore. Using raw + // Services.cpmm.sendAsyncMessage mechanism to communicate with + // NoScript. + + // The component that handles WebExtensions' sendMessage. + + // __setNoScriptSettings(settings)__. + // NoScript listens for internal settings with onMessage. We can send + // a new settings JSON object according to NoScript's + // protocol and these are accepted! See the use of + // `browser.runtime.onMessage.addListener(...)` in NoScript's bg/main.js. + + // TODO: Is there a better way? + let sendNoScriptSettings = settings => + sendExtensionMessage(noscriptID, settings); + + // __setNoScriptSafetyLevel(safetyLevel)__. + // Set NoScript settings according to a particular safety level + // (security slider level): 0 = Standard, 1 = Safer, 2 = Safest + let setNoScriptSafetyLevel = safetyLevel => + sendNoScriptSettings(noscriptSettings(safetyLevel)); + + // __securitySliderToSafetyLevel(sliderState)__. + // Converts the "extensions.torbutton.security_slider" pref value + // to a "safety level" value: 0 = Standard, 1 = Safer, 2 = Safest + let securitySliderToSafetyLevel = sliderState => + [undefined, 2, 1, 1, 0][sliderState]; + + // Wait for the first message from NoScript to arrive, and then + // bind the security_slider pref to the NoScript settings. + let messageListener = a => { + try { + logger.debug("Message received from NoScript:", a); + let noscriptPersist = Services.prefs.getBoolPref( + "extensions.torbutton.noscript_persist", + false + ); + let noscriptInited = Services.prefs.getBoolPref( + "extensions.torbutton.noscript_inited", + false + ); + // Set the noscript safety level once if we have never run noscript + // before, or if we are not allowing noscript per-site settings to be + // persisted between browser sessions. Otherwise make sure that the + // security slider position, if changed, will rewrite the noscript + // settings. + bindPref( + kSliderPref, + sliderState => + setNoScriptSafetyLevel(securitySliderToSafetyLevel(sliderState)), + !noscriptPersist || !noscriptInited + ); + if (!noscriptInited) { + Services.prefs.setBoolPref( + "extensions.torbutton.noscript_inited", + true + ); + } + } catch (e) { + logger.exception(e); + } + }; + waitForExtensionMessage(noscriptID, a => a.__meta.name === "started").then( + messageListener + ); + logger.info("Listening for messages from NoScript."); + } catch (e) { + logger.exception(e); + } +}; + +// ### Constants + +// __kSecuritySettings__. +// A table of all prefs bound to the security slider, and the value +// for each security setting. Note that 2-m and 3-m are identical, +// corresponding to the old 2-medium-high setting. We also separately +// bind NoScript settings to the extensions.torbutton.security_slider +// (see noscript-control.js). +/* eslint-disable */ +const kSecuritySettings = { + // Preference name : [0, 1-high 2-m 3-m 4-low] + "javascript.options.ion" : [, false, false, false, true ], + "javascript.options.baselinejit" : [, false, false, false, true ], + "javascript.options.native_regexp" : [, false, false, false, true ], + "mathml.disabled" : [, true, true, true, false], + "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ], + "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], + "svg.disabled" : [, true, false, false, false], + "javascript.options.asmjs" : [, false, false, false, true ], + "javascript.options.wasm" : [, false, false, false, true ], + "dom.security.https_only_mode_send_http_background_request" : [, false, false, false, true ], +}; +/* eslint-enable */ + +// ### Prefs + +// __write_setting_to_prefs(settingIndex)__. +// Take a given setting index and write the appropriate pref values +// to the pref database. +var write_setting_to_prefs = function(settingIndex) { + Object.keys(kSecuritySettings).forEach(prefName => + Services.prefs.setBoolPref( + prefName, + kSecuritySettings[prefName][settingIndex] + ) + ); +}; + +// __read_setting_from_prefs()__. +// Read the current pref values, and decide if any of our +// security settings matches. Otherwise return null. +var read_setting_from_prefs = function(prefNames) { + prefNames = prefNames || Object.keys(kSecuritySettings); + for (let settingIndex of [1, 2, 3, 4]) { + let possibleSetting = true; + // For the given settingIndex, check if all current pref values + // match the setting. + for (let prefName of prefNames) { + if ( + kSecuritySettings[prefName][settingIndex] !== + Services.prefs.getBoolPref(prefName) + ) { + possibleSetting = false; + } + } + if (possibleSetting) { + // We have a match! + return settingIndex; + } + } + // No matching setting; return null. + return null; +}; + +// __watch_security_prefs(onSettingChanged)__. +// Whenever a pref bound to the security slider changes, onSettingChanged +// is called with the new security setting value (1,2,3,4 or null). +// Returns a zero-arg function that ends this binding. +var watch_security_prefs = function(onSettingChanged) { + let prefNames = Object.keys(kSecuritySettings); + let unbindFuncs = []; + for (let prefName of prefNames) { + unbindFuncs.push( + bindPrefAndInit(prefName, () => + onSettingChanged(read_setting_from_prefs()) + ) + ); + } + // Call all the unbind functions. + return () => unbindFuncs.forEach(unbind => unbind()); +}; + +// __initialized__. +// Have we called initialize() yet? +var initializedSecPrefs = false; + +// __initialize()__. +// Defines the behavior of "extensions.torbutton.security_custom", +// "extensions.torbutton.security_slider", and the security-sensitive +// prefs declared in kSecuritySettings. +var initializeSecurityPrefs = function() { + // Only run once. + if (initializedSecPrefs) { + return; + } + logger.info("Initializing security-prefs.js"); + initializedSecPrefs = true; + // When security_custom is set to false, apply security_slider setting + // to the security-sensitive prefs. + bindPrefAndInit(kCustomPref, function(custom) { + if (custom === false) { + write_setting_to_prefs(Services.prefs.getIntPref(kSliderPref)); + } + }); + // If security_slider is given a new value, then security_custom should + // be set to false. + bindPref(kSliderPref, function(prefIndex) { + Services.prefs.setBoolPref(kCustomPref, false); + write_setting_to_prefs(prefIndex); + }); + // If a security-sensitive pref changes, then decide if the set of pref values + // constitutes a security_slider setting or a custom value. + watch_security_prefs(settingIndex => { + if (settingIndex === null) { + Services.prefs.setBoolPref(kCustomPref, true); + } else { + Services.prefs.setIntPref(kSliderPref, settingIndex); + Services.prefs.setBoolPref(kCustomPref, false); + } + }); + // Migrate from old medium-low (3) to new medium (2). + if ( + Services.prefs.getBoolPref(kCustomPref) === false && + Services.prefs.getIntPref(kSliderPref) === 3 + ) { + Services.prefs.setIntPref(kSliderPref, 2); + write_setting_to_prefs(2); + } + + // Revert #33613 fix + if (Services.prefs.getIntPref(kSliderMigration, 0) < 2) { + // We can't differentiate between users having flipped `javascript.enabled` + // to `false` before it got governed by the security settings vs. those who + // had it flipped due to #33613. Reset the preference for everyone. + if (Services.prefs.getIntPref(kSliderPref) === 1) { + Services.prefs.setBoolPref("javascript.enabled", true); + } + Services.prefs.clearUserPref("media.webaudio.enabled"); + Services.prefs.setIntPref(kSliderMigration, 2); + } + logger.info("security-prefs.js initialization complete"); +}; + +// This class is used to initialize the security level stuff at the startup +class SecurityLevel { + QueryInterface = ChromeUtils.generateQI(["nsIObserver"]); + + init() { + initializeNoScriptControl(); + initializeSecurityPrefs(); + } + + observe(aSubject, aTopic, aData) { + if (aTopic == BrowserTopics.ProfileAfterChange) { + this.init(); + Services.obs.removeObserver(this, aTopic); + } + } +} diff --git a/browser/components/securitylevel/SecurityLevel.manifest b/browser/components/securitylevel/SecurityLevel.manifest new file mode 100644 index 0000000000000..0bfbd2ba1ac7b --- /dev/null +++ b/browser/components/securitylevel/SecurityLevel.manifest @@ -0,0 +1 @@ +category profile-after-change SecurityLevel @torproject.org/security-level;1 diff --git a/browser/components/securitylevel/components.conf b/browser/components/securitylevel/components.conf new file mode 100644 index 0000000000000..4b9263ce7f0f2 --- /dev/null +++ b/browser/components/securitylevel/components.conf @@ -0,0 +1,10 @@ +Classes = [ + { + "cid": "{c602ffe5-abf4-40d0-a944-26738b81efdb}", + "contract_ids": [ + "@torproject.org/security-level;1", + ], + "jsm": "resource:///modules/SecurityLevel.jsm", + "constructor": "SecurityLevel", + } +] diff --git a/browser/components/securitylevel/moz.build b/browser/components/securitylevel/moz.build index 2661ad7cb9f3d..33573a3706f97 100644 --- a/browser/components/securitylevel/moz.build +++ b/browser/components/securitylevel/moz.build @@ -1 +1,13 @@ JAR_MANIFESTS += ["jar.mn"] + +EXTRA_JS_MODULES += [ + "SecurityLevel.jsm", +] + +XPCOM_MANIFESTS += [ + "components.conf", +] + +EXTRA_COMPONENTS += [ + "SecurityLevel.manifest", +] diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index 8009a4d83ec5f..f32d574813a74 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -486,3 +486,5 @@ i686/gmp-clearkey/0.1/clearkey.dll ; build, which, practically speaking, is the case. @BINPATH@/gmp-clearkey/0.1/manifest.json #endif + +@RESPATH@/browser/components/SecurityLevel.manifest

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.11.0esr-12.0-1 in repository tor-browser.

commit cd9ac3ca05934d61cda55952faf1e70e7a07a6ec Author: Pier Angelo Vendrame pierov@torproject.org AuthorDate: Mon Jul 11 15:50:25 2022 +0200

fixup! Bug 25658: Replace security slider with security level UI --- browser/base/content/browser.xhtml | 1 + browser/components/preferences/preferences.xhtml | 1 + .../securitylevel/content/securityLevel.js | 383 +++++++++------------ .../content/securityLevelButton.inc.xhtml | 4 +- .../content/securityLevelPanel.inc.xhtml | 18 +- .../content/securityLevelPreferences.inc.xhtml | 59 ++-- .../en-US/browser/base-browser/securityLevel.ftl | 66 ++++ 7 files changed, 284 insertions(+), 248 deletions(-)

diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml index 394a464140186..21af5188c18d2 100644 --- a/browser/base/content/browser.xhtml +++ b/browser/base/content/browser.xhtml @@ -85,6 +85,7 @@ <link rel="localization" href="browser/places.ftl"/> <link rel="localization" href="toolkit/printing/printUI.ftl"/> <link rel="localization" href="browser/tabbrowser.ftl"/> + <link rel="localization" href="browser/base-browser/securityLevel.ftl"/>

<title data-l10n-id="browser-main-window-title"></title>

diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml index 30ce70079adb7..64a266a5756f5 100644 --- a/browser/components/preferences/preferences.xhtml +++ b/browser/components/preferences/preferences.xhtml @@ -57,6 +57,7 @@ <link rel="localization" href="browser/preferences/siteDataSettings.ftl"/> <link rel="localization" href="browser/aboutDialog.ftl"/> <link rel="localization" href="browser/sanitize.ftl"/> + <link rel="localization" href="browser/base-browser/securityLevel.ftl"/> <link rel="localization" href="toolkit/updates/history.ftl"/> <link rel="localization" href="security/certificates/deviceManager.ftl"/> <link rel="localization" href="security/certificates/certManager.ftl"/> diff --git a/browser/components/securitylevel/content/securityLevel.js b/browser/components/securitylevel/content/securityLevel.js index 95770dbc6bed9..0e8f3c00be9bb 100644 --- a/browser/components/securitylevel/content/securityLevel.js +++ b/browser/components/securitylevel/content/securityLevel.js @@ -1,5 +1,7 @@ "use strict";

+/* global AppConstants, Services, openPreferences, XPCOMUtils */ + ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm"); ChromeUtils.import("resource://gre/modules/Services.jsm");

@@ -8,11 +10,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { PanelMultiView: "resource:///modules/PanelMultiView.jsm", });

-ChromeUtils.defineModuleGetter( - this, - "TorStrings", - "resource:///modules/TorStrings.jsm" -); +const SecurityLevels = Object.freeze(["", "safest", "safer", "", "standard"]);

/* Security Level Prefs @@ -20,13 +18,13 @@ ChromeUtils.defineModuleGetter( Getters and Setters for relevant torbutton prefs */ const SecurityLevelPrefs = { - security_slider_pref : "extensions.torbutton.security_slider", - security_custom_pref : "extensions.torbutton.security_custom", + security_slider_pref: "extensions.torbutton.security_slider", + security_custom_pref: "extensions.torbutton.security_custom",

get securitySlider() { try { return Services.prefs.getIntPref(this.security_slider_pref); - } catch(e) { + } catch (e) { // init pref to 4 (standard) const val = 4; Services.prefs.setIntPref(this.security_slider_pref, val); @@ -38,10 +36,18 @@ const SecurityLevelPrefs = { Services.prefs.setIntPref(this.security_slider_pref, val); },

+ get securitySliderLevel() { + const slider = this.securitySlider; + if (slider >= 1 && slider <= 4 && SecurityLevels[slider]) { + return SecurityLevels[slider]; + } + return null; + }, + get securityCustom() { try { return Services.prefs.getBoolPref(this.security_custom_pref); - } catch(e) { + } catch (e) { // init custom to false const val = false; Services.prefs.setBoolPref(this.security_custom_pref, val); @@ -61,34 +67,20 @@ const SecurityLevelPrefs = { */

const SecurityLevelButton = { - _securityPrefsBranch : null, - - _populateXUL : function(securityLevelButton) { - if (securityLevelButton != null) { - securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.securityLevel); - securityLevelButton.setAttribute("label", TorStrings.securityLevel.securityLevel); - } - }, + _securityPrefsBranch: null,

- _configUIFromPrefs : function(securityLevelButton) { + _configUIFromPrefs(securityLevelButton) { if (securityLevelButton != null) { - let securitySlider = SecurityLevelPrefs.securitySlider; - securityLevelButton.removeAttribute("level"); - const securityCustom = SecurityLevelPrefs.securityCustom; - switch(securitySlider) { - case 4: - securityLevelButton.setAttribute("level", `standard${securityCustom ? "_custom" : ""}`); - securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.standard.tooltip); - break; - case 2: - securityLevelButton.setAttribute("level", `safer${securityCustom ? "_custom" : ""}`); - securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.safer.tooltip); - break; - case 1: - securityLevelButton.setAttribute("level", `safest${securityCustom ? "_custom" : ""}`); - securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.safest.tooltip); - break; + const level = SecurityLevelPrefs.securitySliderLevel; + if (!level) { + return; } + const customStr = SecurityLevelPrefs.securityCustom ? "_custom" : ""; + securityLevelButton.setAttribute("level", `${level}${customStr}`); + document.l10n.setAttributes( + securityLevelButton, + `security-level-button-${level}` + ); } },

@@ -110,21 +102,22 @@ const SecurityLevelButton = { return anchor; },

- init : function() { + init() { // set the initial class based off of the current pref let button = this.button; - this._populateXUL(button); this._configUIFromPrefs(button);

- this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton."); - this._securityPrefsBranch.addObserver("", this, false); + this._securityPrefsBranch = Services.prefs.getBranch( + "extensions.torbutton." + ); + this._securityPrefsBranch.addObserver("", this);

CustomizableUI.addListener(this);

SecurityLevelPanel.init(); },

- uninit : function() { + uninit() { CustomizableUI.removeListener(this);

this._securityPrefsBranch.removeObserver("", this); @@ -133,8 +126,8 @@ const SecurityLevelButton = { SecurityLevelPanel.uninit(); },

- observe : function(subject, topic, data) { - switch(topic) { + observe(subject, topic, data) { + switch (topic) { case "nsPref:changed": if (data === "security_slider" || data === "security_custom") { this._configUIFromPrefs(this.button); @@ -144,17 +137,17 @@ const SecurityLevelButton = { },

// callback for entering the 'Customize Firefox' screen to set icon - onCustomizeStart : function(window) { + onCustomizeStart(window) { let navigatorToolbox = document.getElementById("navigator-toolbox"); - let button = navigatorToolbox.palette.querySelector("#security-level-button"); - this._populateXUL(button); + let button = navigatorToolbox.palette.querySelector( + "#security-level-button" + ); this._configUIFromPrefs(button); },

// callback when CustomizableUI modifies DOM - onWidgetAfterDOMChange : function(aNode, aNextNode, aContainer, aWasRemoval) { + onWidgetAfterDOMChange(aNode, aNextNode, aContainer, aWasRemoval) { if (aNode.id == "security-level-button" && !aWasRemoval) { - this._populateXUL(aNode); this._configUIFromPrefs(aNode); } }, @@ -165,7 +158,7 @@ const SecurityLevelButton = { // onmousedown. We do this to match the behavior of other panel spawning buttons such as Downloads, // Library, and the Hamburger menus. Using oncommand alone would result in only getting fired // after onclick, which is mousedown followed by mouseup. - onCommand : function(aEvent) { + onCommand(aEvent) { // snippet borrowed from /browser/components/downloads/content/indicator.js DownloadsIndicatorView.onCommand(evt) if ( // On Mac, ctrl-click will send a context menu event from the widget, so @@ -193,142 +186,128 @@ const SecurityLevelButton = { */

const SecurityLevelPanel = { - _securityPrefsBranch : null, - _panel : null, - _anchor : null, - _populated : false, + _securityPrefsBranch: null, + _panel: null, + _anchor: null, + _populated: false,

_selectors: Object.freeze({ panel: "panel#securityLevel-panel", icon: "vbox#securityLevel-vbox>vbox", - header: "h1#securityLevel-header", - level: "label#securityLevel-level", - custom: "label#securityLevel-custom", + labelLevel: "label#securityLevel-level", + labelCustom: "label#securityLevel-custom", summary: "description#securityLevel-summary", - learnMore: "label#securityLevel-learnMore", restoreDefaults: "button#securityLevel-restoreDefaults", advancedSecuritySettings: "button#securityLevel-advancedSecuritySettings", }),

- _populateXUL : function() { + _populateXUL() { let selectors = this._selectors;

this._elements = { panel: document.querySelector(selectors.panel), icon: document.querySelector(selectors.icon), - header: document.querySelector(selectors.header), - levelLabel: document.querySelector(selectors.level), - customLabel: document.querySelector(selectors.custom), + labelLevel: document.querySelector(selectors.labelLevel), + labelCustom: document.querySelector(selectors.labelCustom), summaryDescription: document.querySelector(selectors.summary), - learnMoreLabel: document.querySelector(selectors.learnMore), restoreDefaultsButton: document.querySelector(selectors.restoreDefaults), - changeButton: document.querySelector(selectors.advancedSecuritySettings), + advancedSecuritySettings: document.querySelector( + selectors.advancedSecuritySettings + ), }; - let elements = this._elements; - - elements.header.textContent = TorStrings.securityLevel.securityLevel; - elements.customLabel.setAttribute("value", TorStrings.securityLevel.customWarning); - elements.learnMoreLabel.setAttribute("value", TorStrings.securityLevel.learnMore); - elements.learnMoreLabel.setAttribute("href", TorStrings.securityLevel.learnMoreURL); - if (TorStrings.securityLevel.learnMoreURL.startsWith("about:")) { - elements.learnMoreLabel.setAttribute("useoriginprincipal", "true"); - } - elements.restoreDefaultsButton.setAttribute("label", TorStrings.securityLevel.restoreDefaults); - elements.changeButton.setAttribute("label", TorStrings.securityLevel.change); - + this._elements.panel.addEventListener("onpopupshown", e => { + this.onPopupShown(e); + }); + this._elements.panel.addEventListener("onpopuphidden", e => { + this.onPopupHidden(e); + }); + this._elements.restoreDefaultsButton.addEventListener("command", () => { + this.restoreDefaults(); + }); + this._elements.advancedSecuritySettings.addEventListener("command", () => { + this.openAdvancedSecuritySettings(); + }); this._configUIFromPrefs(); this._populated = true; },

- _configUIFromPrefs : function() { + _configUIFromPrefs() { // get security prefs - let securitySlider = SecurityLevelPrefs.securitySlider; - let securityCustom = SecurityLevelPrefs.securityCustom; - - // get the panel elements we need to populate - let elements = this._elements; - let icon = elements.icon; - let labelLevel = elements.levelLabel; - let labelCustomWarning = elements.customLabel; - let summary = elements.summaryDescription; - let buttonRestoreDefaults = elements.restoreDefaultsButton; - let buttonAdvancedSecuritySettings = elements.changeButton; + const level = SecurityLevelPrefs.securitySliderLevel; + const custom = SecurityLevelPrefs.securityCustom;

// only visible when user is using custom settings - labelCustomWarning.hidden = !securityCustom; - buttonRestoreDefaults.hidden = !securityCustom; + let labelCustomWarning = this._elements.labelCustom; + labelCustomWarning.hidden = !custom; + let buttonRestoreDefaults = this._elements.restoreDefaultsButton; + buttonRestoreDefaults.hidden = !custom;

+ const summary = this._elements.summaryDescription; // Descriptions change based on security level - switch(securitySlider) { - // standard - case 4: - icon.setAttribute("level", "standard"); - labelLevel.setAttribute("value", TorStrings.securityLevel.standard.level); - summary.textContent = TorStrings.securityLevel.standard.summary; - break; - // safer - case 2: - icon.setAttribute("level", "safer"); - labelLevel.setAttribute("value", TorStrings.securityLevel.safer.level); - summary.textContent = TorStrings.securityLevel.safer.summary; - break; - // safest - case 1: - icon.setAttribute("level", "safest"); - labelLevel.setAttribute("value", TorStrings.securityLevel.safest.level); - summary.textContent = TorStrings.securityLevel.safest.summary; - break; + if (level) { + this._elements.icon.setAttribute("level", level); + document.l10n.setAttributes( + this._elements.labelLevel, + `security-level-${level}-label` + ); + document.l10n.setAttributes(summary, `security-level-${level}-summary`); } - // override the summary text with custom warning - if (securityCustom) { - summary.textContent = TorStrings.securityLevel.custom.summary; + if (custom) { + document.l10n.setAttributes(summary, "security-level-custom-summary"); } },

- init : function() { - this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton."); - this._securityPrefsBranch.addObserver("", this, false); + init() { + this._securityPrefsBranch = Services.prefs.getBranch( + "extensions.torbutton." + ); + this._securityPrefsBranch.addObserver("", this); },

- uninit : function() { + uninit() { this._securityPrefsBranch.removeObserver("", this); this._securityPrefsBranch = null; },

- show : function() { - // we have to defer this until after the browser has finished init'ing before - // we can populate the panel + show() { + // we have to defer this until after the browser has finished init'ing + // before we can populate the panel if (!this._populated) { this._populateXUL(); }

- let panel = document.getElementById("securityLevel-panel"); - panel.hidden = false; - PanelMultiView.openPopup(panel, SecurityLevelButton.anchor, "bottomcenter topright", - 0, 0, false, null).catch(Cu.reportError); + this._elements.panel.hidden = false; + PanelMultiView.openPopup( + this._elements.panel, + SecurityLevelButton.anchor, + "bottomcenter topright", + 0, + 0, + false, + null + ).catch(Cu.reportError); },

- hide : function() { - let panel = document.getElementById("securityLevel-panel"); - PanelMultiView.hidePopup(panel); + hide() { + PanelMultiView.hidePopup(this._elements.panel); },

- restoreDefaults : function() { + restoreDefaults() { SecurityLevelPrefs.securityCustom = false; // hide and reshow so that layout re-renders properly this.hide(); this.show(this._anchor); },

- openAdvancedSecuritySettings : function() { + openAdvancedSecuritySettings() { openPreferences("privacy-securitylevel"); this.hide(); },

// callback when prefs change - observe : function(subject, topic, data) { - switch(topic) { + observe(subject, topic, data) { + switch (topic) { case "nsPref:changed": if (data == "security_slider" || data == "security_custom") { this._configUIFromPrefs(); @@ -338,14 +317,14 @@ const SecurityLevelPanel = { },

// callback when the panel is displayed - onPopupShown : function(event) { + onPopupShown(event) { SecurityLevelButton.button.setAttribute("open", "true"); },

// callback when the panel is hidden - onPopupHidden : function(event) { + onPopupHidden(event) { SecurityLevelButton.button.removeAttribute("open"); - } + }, }; /* Security Level Panel */

/* @@ -354,79 +333,58 @@ const SecurityLevelPanel = { Code to handle init and update of security level section in about:preferences#privacy */

-const SecurityLevelPreferences = -{ - _securityPrefsBranch : null, - - _populateXUL : function() { - let groupbox = document.getElementById("securityLevel-groupbox"); - - let labelHeader = groupbox.querySelector("#securityLevel-header"); - labelHeader.textContent = TorStrings.securityLevel.securityLevel; - - let spanOverview = groupbox.querySelector("#securityLevel-overview"); - spanOverview.textContent = TorStrings.securityLevel.overview; - - let labelLearnMore = groupbox.querySelector("#securityLevel-learnMore"); - labelLearnMore.setAttribute("value", TorStrings.securityLevel.learnMore); - labelLearnMore.setAttribute("href", TorStrings.securityLevel.learnMoreURL); - if (TorStrings.securityLevel.learnMoreURL.startsWith("about:")) { - labelLearnMore.setAttribute("useoriginprincipal", "true"); - } - - let radiogroup = document.getElementById("securityLevel-radiogroup"); - radiogroup.addEventListener("command", SecurityLevelPreferences.selectSecurityLevel); - - let populateRadioElements = function(vboxQuery, stringStruct) { - let vbox = groupbox.querySelector(vboxQuery); - - let radio = vbox.querySelector("radio"); - radio.setAttribute("label", stringStruct.level); - - let customWarning = vbox.querySelector("#securityLevel-customWarning"); - customWarning.setAttribute("value", TorStrings.securityLevel.customWarning); - - let labelSummary = vbox.querySelector("#securityLevel-summary"); - labelSummary.textContent = stringStruct.summary; - - let labelRestoreDefaults = vbox.querySelector("#securityLevel-restoreDefaults"); - labelRestoreDefaults.setAttribute("value", TorStrings.securityLevel.restoreDefaults); - labelRestoreDefaults.addEventListener("click", SecurityLevelPreferences.restoreDefaults); - - let description1 = vbox.querySelector("#securityLevel-description1"); - if (description1) { - description1.textContent = stringStruct.description1; - } - let description2 = vbox.querySelector("#securityLevel-description2"); - if (description2) { - description2.textContent = stringStruct.description2; - } - let description3 = vbox.querySelector("#securityLevel-description3"); - if (description3) { - description3.textContent = stringStruct.description3; - } +const SecurityLevelPreferences = { + _securityPrefsBranch: null, + + _populateXUL() { + const groupbox = document.querySelector("#securityLevel-groupbox"); + const radiogroup = groupbox.querySelector("#securityLevel-radiogroup"); + radiogroup.addEventListener( + "command", + SecurityLevelPreferences.selectSecurityLevel + ); + + const populateRadioElements = vboxQuery => { + const vbox = groupbox.querySelector(vboxQuery); + const labelRestoreDefaults = vbox.querySelector( + ".securityLevel-restoreDefaults" + ); + labelRestoreDefaults.addEventListener( + "click", + SecurityLevelPreferences.restoreDefaults + ); }; - - populateRadioElements("#securityLevel-vbox-standard", TorStrings.securityLevel.standard); - populateRadioElements("#securityLevel-vbox-safer", TorStrings.securityLevel.safer); - populateRadioElements("#securityLevel-vbox-safest", TorStrings.securityLevel.safest); + populateRadioElements("#securityLevel-vbox-standard"); + populateRadioElements("#securityLevel-vbox-safer"); + populateRadioElements("#securityLevel-vbox-safest"); },

- _configUIFromPrefs : function() { + _configUIFromPrefs() { // read our prefs - let securitySlider = SecurityLevelPrefs.securitySlider; - let securityCustom = SecurityLevelPrefs.securityCustom; + const securitySlider = SecurityLevelPrefs.securitySlider; + const securityCustom = SecurityLevelPrefs.securityCustom;

// get our elements - let groupbox = document.getElementById("securityLevel-groupbox"); - - let radiogroup = groupbox.querySelector("#securityLevel-radiogroup"); - let labelStandardCustom = groupbox.querySelector("#securityLevel-vbox-standard label#securityLevel-customWarning"); - let labelSaferCustom = groupbox.querySelector("#securityLevel-vbox-safer label#securityLevel-customWarning"); - let labelSafestCustom = groupbox.querySelector("#securityLevel-vbox-safest label#securityLevel-customWarning"); - let labelStandardRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-standard label#securityLevel-restoreDefaults"); - let labelSaferRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-safer label#securityLevel-restoreDefaults"); - let labelSafestRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-safest label#securityLevel-restoreDefaults"); + const groupbox = document.querySelector("#securityLevel-groupbox"); + let radiogroup = groupbox.querySelector("#securityLevel-radiogroup"); + let labelStandardCustom = groupbox.querySelector( + "#securityLevel-vbox-standard label.securityLevel-customWarning" + ); + let labelSaferCustom = groupbox.querySelector( + "#securityLevel-vbox-safer label.securityLevel-customWarning" + ); + let labelSafestCustom = groupbox.querySelector( + "#securityLevel-vbox-safest label.securityLevel-customWarning" + ); + let labelStandardRestoreDefaults = groupbox.querySelector( + "#securityLevel-vbox-standard label.securityLevel-restoreDefaults" + ); + let labelSaferRestoreDefaults = groupbox.querySelector( + "#securityLevel-vbox-safer label.securityLevel-restoreDefaults" + ); + let labelSafestRestoreDefaults = groupbox.querySelector( + "#securityLevel-vbox-safest label.securityLevel-restoreDefaults" + );

// hide custom label by default until we know which level we're at labelStandardCustom.hidden = true; @@ -437,7 +395,7 @@ const SecurityLevelPreferences = labelSaferRestoreDefaults.hidden = true; labelSafestRestoreDefaults.hidden = true;

- switch(securitySlider) { + switch (securitySlider) { // standard case 4: radiogroup.value = "standard"; @@ -459,7 +417,7 @@ const SecurityLevelPreferences = } },

- init : function() { + init() { // populate XUL with localized strings this._populateXUL();

@@ -467,31 +425,32 @@ const SecurityLevelPreferences = this._configUIFromPrefs();

// register for pref chagnes - this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton."); - this._securityPrefsBranch.addObserver("", this, false); + this._securityPrefsBranch = Services.prefs.getBranch( + "extensions.torbutton." + ); + this._securityPrefsBranch.addObserver("", this); },

- uninit : function() { + uninit() { // unregister for pref change events this._securityPrefsBranch.removeObserver("", this); this._securityPrefsBranch = null; },

// callback for when prefs change - observe : function(subject, topic, data) { - switch(topic) { + observe(subject, topic, data) { + switch (topic) { case "nsPref:changed": - if (data == "security_slider" || - data == "security_custom") { + if (data == "security_slider" || data == "security_custom") { this._configUIFromPrefs(); } break; } },

- selectSecurityLevel : function() { + selectSecurityLevel() { // radio group elements - let radiogroup = document.getElementById("securityLevel-radiogroup"); + let radiogroup = document.getElementById("securityLevel-radiogroup");

// update pref based on selected radio option switch (radiogroup.value) { @@ -509,7 +468,7 @@ const SecurityLevelPreferences = SecurityLevelPreferences.restoreDefaults(); },

- restoreDefaults : function() { + restoreDefaults() { SecurityLevelPrefs.securityCustom = false; }, }; /* Security Level Prefereces */ @@ -517,17 +476,17 @@ const SecurityLevelPreferences = Object.defineProperty(this, "SecurityLevelButton", { value: SecurityLevelButton, enumerable: true, - writable: false + writable: false, });

Object.defineProperty(this, "SecurityLevelPanel", { value: SecurityLevelPanel, enumerable: true, - writable: false + writable: false, });

Object.defineProperty(this, "SecurityLevelPreferences", { value: SecurityLevelPreferences, enumerable: true, - writable: false + writable: false, }); diff --git a/browser/components/securitylevel/content/securityLevelButton.inc.xhtml b/browser/components/securitylevel/content/securityLevelButton.inc.xhtml index 96ee1ec0ca499..2ca8fcde945c1 100644 --- a/browser/components/securitylevel/content/securityLevelButton.inc.xhtml +++ b/browser/components/securitylevel/content/securityLevelButton.inc.xhtml @@ -4,4 +4,6 @@ onmousedown="SecurityLevelButton.onCommand(event);" onkeypress="SecurityLevelButton.onCommand(event);" closemenu="none" - cui-areatype="toolbar"/> + cui-areatype="toolbar" + data-l10n-id="security-level-button" + /> diff --git a/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml b/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml index 02d93b738ff50..05a127dd98f24 100644 --- a/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml +++ b/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml @@ -4,14 +4,12 @@ orient="vertical" level="top" hidden="true" - class="panel-no-padding" - onpopupshown="SecurityLevelPanel.onPopupShown(event);" - onpopuphidden="SecurityLevelPanel.onPopupHidden(event);"> + class="panel-no-padding"> <panelmultiview mainViewId="securityLevel-panelview"> <panelview id="securityLevel-panelview" descriptionheightworkaround="true"> <vbox id="securityLevel-vbox"> <box class="panel-header"> - <html:h1 id="securityLevel-header"/> + <html:h1 data-l10n-id="security-level-header" /> </box> <toolbarseparator></toolbarseparator> <vbox> @@ -19,7 +17,7 @@ <label id="securityLevel-level"/> <vbox> <spacer flex="1"/> - <label id="securityLevel-custom"/> + <label id="securityLevel-custom" data-l10n-id="security-level-custom"/> <spacer flex="1"/> </vbox> <spacer flex="1"/> @@ -27,19 +25,21 @@ <description id="securityLevel-summary"/> <hbox> <label - id="securityLevel-learnMore" class="learnMore text-link" + href="about:manual#security-settings" + useoriginprincipal="true" onclick="SecurityLevelPanel.hide();" - is="text-link"/> + is="text-link" + data-l10n-id="security-level-learn-more"/> <spacer/> </hbox> </vbox> <hbox class="panel-footer"> <button id="securityLevel-restoreDefaults" - oncommand="SecurityLevelPanel.restoreDefaults();"/> + data-l10n-id="security-level-restore-defaults"/> <button id="securityLevel-advancedSecuritySettings" default="true" - oncommand="SecurityLevelPanel.openAdvancedSecuritySettings();"/> + data-l10n-id="security-level-change"/> </hbox> </vbox> </panelview> diff --git a/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml b/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml index b050dad81621a..8439e581af133 100644 --- a/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml +++ b/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml @@ -1,65 +1,72 @@ <groupbox id="securityLevel-groupbox" data-category="panePrivacy" hidden="true"> - <label><html:h2 id="securityLevel-header"/></label> + <label><html:h2 data-l10n-id="security-level-header"/></label> <vbox data-subcategory="securitylevel" flex="1"> <description flex="1"> - <html:span id="securityLevel-overview" class="tail-with-learn-more"/> - <label id="securityLevel-learnMore" class="learnMore text-link" is="text-link"/> + <html:span data-l10n-id="security-level-overview" class="tail-with-learn-more"/> + <label data-l10n-id="security-level-learn-more" + class="learnMore text-link" + is="text-link" + href="about:manual#security-settings" + useoriginprincipal="true"/> </description> <radiogroup id="securityLevel-radiogroup"> <vbox id="securityLevel-vbox-standard"> <hbox> - <radio value="standard"/> + <radio value="standard" data-l10n-id="security-level-standard-radio"/> <vbox> <spacer flex="1"/> - <label id="securityLevel-customWarning"/> + <label class="securityLevel-customWarning" data-l10n-id="security-level-custom"/> <spacer flex="1"/> </vbox> <spacer flex="1"/> </hbox> <description flex="1" class="indent"> - <html:span id="securityLevel-summary" class="tail-with-learn-more"/> - <label id="securityLevel-restoreDefaults" - class="learnMore text-link"/> + <html:span data-l10n-id="security-level-standard-summary" + class="tail-with-learn-more"/> + <label class="securityLevel-restoreDefaults learnMore text-link" + data-l10n-id="security-level-restore-link"/> </description> </vbox> <vbox id="securityLevel-vbox-safer"> <hbox> - <radio value="safer"/> + <radio value="safer" data-l10n-id="security-level-safer-radio"/> <vbox> <spacer flex="1"/> - <label id="securityLevel-customWarning"/> + <label class="securityLevel-customWarning" data-l10n-id="security-level-custom"/> <spacer flex="1"/> </vbox> </hbox> <description flex="1" class="indent"> - <html:span id="securityLevel-summary" class="tail-with-learn-more"/> - <label id="securityLevel-restoreDefaults" - class="learnMore text-link"/> + <html:span data-l10n-id="security-level-safer-summary" + class="tail-with-learn-more"/> + <label class="securityLevel-restoreDefaults learnMore text-link" + data-l10n-id="security-level-restore-link"/> </description> - <vbox id="securityLevel-descriptionList" class="indent"> - <description id="securityLevel-description1" class="indent"/> - <description id="securityLevel-description2" class="indent"/> - <description id="securityLevel-description3" class="indent"/> + <vbox class="securityLevel-descriptionList indent"> + <description data-l10n-id="security-level-js-https-only" class="indent"/> + <description data-l10n-id="security-level-limit-typography" class="indent"/> + <description data-l10n-id="security-level-limit-media" class="indent"/> </vbox> </vbox> <vbox id="securityLevel-vbox-safest"> <hbox> - <radio value="safest"/> + <radio value="safest" data-l10n-id="security-level-safest-radio"/> <vbox> <spacer flex="1"/> - <label id="securityLevel-customWarning"/> + <label class="securityLevel-customWarning" data-l10n-id="security-level-custom"/> <spacer flex="1"/> </vbox> </hbox> <description flex="1" class="indent"> - <html:span id="securityLevel-summary" class="tail-with-learn-more"/> - <label id="securityLevel-restoreDefaults" - class="learnMore text-link"/> + <html:span data-l10n-id="security-level-safest-summary" + class="tail-with-learn-more"/> + <label class="securityLevel-restoreDefaults learnMore text-link" + data-l10n-id="security-level-restore-link"/> </description> - <vbox id="securityLevel-descriptionList" class="indent"> - <description id="securityLevel-description1" class="indent"/> - <description id="securityLevel-description2" class="indent"/> - <description id="securityLevel-description3" class="indent"/> + <vbox class="securityLevel-descriptionList indent"> + <description data-l10n-id="security-level-js-disabled" class="indent"/> + <description data-l10n-id="security-level-limit-typography-svg" class="indent"/> + <description data-l10n-id="security-level-limit-media" class="indent"/> </vbox> </vbox> </radiogroup> diff --git a/browser/locales/en-US/browser/base-browser/securityLevel.ftl b/browser/locales/en-US/browser/base-browser/securityLevel.ftl new file mode 100644 index 0000000000000..ef1ca39a3d492 --- /dev/null +++ b/browser/locales/en-US/browser/base-browser/securityLevel.ftl @@ -0,0 +1,66 @@ +-security-level = Security Level +-security-level-standard = Standard +-security-level-safer = Safer +-security-level-safest = Safest +-security-level-tooltip-standard = Security Level: Standard +-security-level-tooltip-safer = Security Level: Safer +-security-level-tooltip-safest = Security Level: Safest +# Shown only for custom level +-security-level-restore = Restore Defaults + +## Security level button: when changing level, the id will be updated accordingly +# Not yet loaded (generic placeholders) +security-level-button = + .tooltiptext = { -security-level } + .label = { -security-level } +security-level-button-standard = + .tooltiptext = { -security-level-tooltip-standard } + .label = { -security-level-tooltip-standard } +security-level-button-safer = + .tooltiptext = { -security-level-tooltip-safer } + .label = { -security-level-tooltip-safer } +security-level-button-safest = + .tooltiptext = { -security-level-tooltip-safest } + .label = { -security-level-tooltip-safest } + +## Security level panel +security-level-change = Change… +security-level-standard-label = + .value = { -security-level-standard } +security-level-standard-radio = + .label = { -security-level-standard } +security-level-standard-summary = All Tor Browser and website features are enabled. +security-level-safer-label = + .value = { -security-level-safer } +security-level-safer-radio = + .label = { -security-level-safer } +security-level-safer-summary = Disables website features that are often dangerous, causing some sites to lose functionality. +security-level-safest-label = + .value = { -security-level-safest } +security-level-safest-radio = + .label = { -security-level-safest } +security-level-safest-summary = Only allows website features required for static sites and basic services. These changes affect images, media, and scripts. +security-level-custom = + .value = Custom +security-level-custom-summary = Your custom browser preferences have resulted in unusual security settings. For security and privacy reasons, we recommend you choose one of the default security levels. +security-level-restore-defaults = { -security-level-restore } + +## Security level section in about:preferences#privacy +security-level-overview = Disable certain web features that can be used to attack your security and anonymity. +security-level-list-safer = + .value = At the safer setting: +security-level-list-safest = + .value = At the safest setting: +security-level-restore-link = + .value = { -security-level-restore } +# Strings for descriptions +security-level-js-https-only = JavaScript is disabled on non-HTTPS sites. +security-level-js-disabled = JavaScript is disabled by default on all sites. +security-level-limit-typography = Some fonts and math symbols are disabled. +security-level-limit-typography-svg = Some fonts, icons, math symbols, and images are disabled. +security-level-limit-media = Audio and video (HTML5 media), and WebGL are click-to-play. + +## Shared strings (both panel and preferences) +security-level-header = { -security-level } +security-level-learn-more = + .value = Learn more

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.11.0esr-12.0-1 in repository tor-browser.

commit c6ba0bf0133d274720edbe121d7f43192d18a218 Author: Richard Pospesel richard@torproject.org AuthorDate: Fri Jul 15 18:59:33 2022 +0000

fixup! Bug 10760: Integrate TorButton to TorBrowser core --- toolkit/torproject/torbutton | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolkit/torproject/torbutton b/toolkit/torproject/torbutton index 27b24bcf73f44..6f84627dd470f 160000 --- a/toolkit/torproject/torbutton +++ b/toolkit/torproject/torbutton @@ -1 +1 @@ -Subproject commit 27b24bcf73f4465c5995c9da227740acfd5bdf8e +Subproject commit 6f84627dd470f0eade9e1ba51b81458687263c34