[X2Go-Commits] [pale-moon] 67/294: Make the Auth prompt DOS protection a browser-element opt-in feature.
git-admin at x2go.org
git-admin at x2go.org
Sat Apr 27 08:57:48 CEST 2019
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch upstream/28.5.0
in repository pale-moon.
commit c1ece93c2be6fb571a013f9735dc629d7279f389
Author: wolfbeast <mcwerewolf at wolfbeast.com>
Date: Fri Mar 1 14:01:09 2019 +0100
Make the Auth prompt DOS protection a browser-element opt-in feature.
---
application/basilisk/base/content/browser.xul | 3 +-
application/basilisk/base/content/tabbrowser.xml | 6 +++-
application/palemoon/base/content/browser.xul | 3 +-
application/palemoon/base/content/tabbrowser.xml | 6 +++-
.../passwordmgr/nsLoginManagerPrompter.js | 32 +++++++++++++++-------
toolkit/content/widgets/browser.xml | 4 +++
6 files changed, 40 insertions(+), 14 deletions(-)
diff --git a/application/basilisk/base/content/browser.xul b/application/basilisk/base/content/browser.xul
index 3208538..be64f1b 100644
--- a/application/basilisk/base/content/browser.xul
+++ b/application/basilisk/base/content/browser.xul
@@ -997,7 +997,8 @@
contentcontextmenu="contentAreaContextMenu"
autocompletepopup="PopupAutoComplete"
selectmenulist="ContentSelectDropdown"
- datetimepicker="DateTimePickerPanel"/>
+ datetimepicker="DateTimePickerPanel"
+ authdosprotected="true" />
</vbox>
<vbox id="browser-border-end" hidden="true" layer="true"/>
</hbox>
diff --git a/application/basilisk/base/content/tabbrowser.xml b/application/basilisk/base/content/tabbrowser.xml
index c84c333..52c51db 100644
--- a/application/basilisk/base/content/tabbrowser.xml
+++ b/application/basilisk/base/content/tabbrowser.xml
@@ -25,7 +25,7 @@
<xul:vbox flex="1" class="browserContainer">
<xul:stack flex="1" class="browserStack" anonid="browserStack">
<xul:browser anonid="initialBrowser" type="content-primary" message="true" messagemanagergroup="browsers"
- xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,selectmenulist,datetimepicker"/>
+ xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,selectmenulist,datetimepicker,authdosprotected"/>
</xul:stack>
</xul:vbox>
</xul:hbox>
@@ -1936,6 +1936,10 @@
if (this.hasAttribute("datetimepicker")) {
b.setAttribute("datetimepicker", this.getAttribute("datetimepicker"));
}
+
+ if (this.hasAttribute("authdosprotected")) {
+ b.setAttribute("authdosprotected", this.getAttribute("authdosprotected"));
+ }
b.setAttribute("autoscrollpopup", this._autoScrollPopup.id);
diff --git a/application/palemoon/base/content/browser.xul b/application/palemoon/base/content/browser.xul
index ce2a7c5..ddc305a 100644
--- a/application/palemoon/base/content/browser.xul
+++ b/application/palemoon/base/content/browser.xul
@@ -965,7 +965,8 @@
tabcontainer="tabbrowser-tabs"
contentcontextmenu="contentAreaContextMenu"
autocompletepopup="PopupAutoComplete"
- datetimepicker="DateTimePickerPanel"/>
+ datetimepicker="DateTimePickerPanel"
+ authdosprotected="true"/>
<chatbar id="pinnedchats" layer="true" mousethrough="always" hidden="true"/>
<statuspanel id="statusbar-display" inactive="true"/>
</vbox>
diff --git a/application/palemoon/base/content/tabbrowser.xml b/application/palemoon/base/content/tabbrowser.xml
index c3b4872..cbe029a 100644
--- a/application/palemoon/base/content/tabbrowser.xml
+++ b/application/palemoon/base/content/tabbrowser.xml
@@ -30,7 +30,7 @@
<xul:vbox flex="1" class="browserContainer">
<xul:stack flex="1" class="browserStack" anonid="browserStack">
<xul:browser anonid="initialBrowser" type="content-primary" message="true" disablehistory="true"
- xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,datetimepicker"/>
+ xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,datetimepicker,authdosprotected"/>
</xul:stack>
</xul:vbox>
</xul:hbox>
@@ -1588,6 +1588,10 @@
if (this.hasAttribute("datetimepicker")) {
b.setAttribute("datetimepicker", this.getAttribute("datetimepicker"));
}
+
+ if (this.hasAttribute("authdosprotected")) {
+ b.setAttribute("authdosprotected", this.getAttribute("authdosprotected"));
+ }
// Create the browserStack container
var stack = document.createElementNS(NS_XUL, "stack");
diff --git a/toolkit/components/passwordmgr/nsLoginManagerPrompter.js b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
index 3531511..c4be39e 100644
--- a/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
+++ b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
@@ -103,7 +103,7 @@ LoginManagerPromptFactory.prototype = {
// cancel the prompt until we stop showing it.
let browser = prompter._browser;
let baseDomain = null;
- if (browser) {
+ if (browser && browser.isAuthDOSProtected) {
try {
baseDomain = Services.eTLD.getBaseDomainFromHost(hostname);
} catch (e) {
@@ -145,7 +145,7 @@ LoginManagerPromptFactory.prototype = {
prompt.inProgress = false;
self._asyncPromptInProgress = false;
- if (browser) {
+ if (browser && browser.isAuthDOSProtected) {
// Reset the counter state if the user replied to a prompt and actually
// tried to login (vs. simply clicking any button to get out).
if (ok && (prompt.authInfo.username || prompt.authInfo.password)) {
@@ -177,15 +177,27 @@ LoginManagerPromptFactory.prototype = {
var cancelDialogLimit = Services.prefs.getIntPref("prompts.authentication_dialog_abuse_limit");
- let cancelationCounter = browser.authPromptCounter[baseDomain];
- this.log("cancelationCounter =", cancelationCounter);
- if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) {
- this.log("Blocking auth dialog, due to exceeding dialog bloat limit");
- delete this._asyncPrompts[hashKey];
-
- // just make the runnable cancel all consumers
- runnable.cancel = true;
+ // Block the auth prompt if:
+ // - There is an attached browser element
+ // - The browser element has opted-in to DOS protection
+ // - The dialog cancellation limit is not 0 (= feature disabled)
+ // - The amount of cancellations >= the set abuse limit
+ if (browser && browser.isAuthDOSProtected) {
+ let cancelationCounter = browser.authPromptCounter[baseDomain];
+ this.log("cancelationCounter =", cancelationCounter);
+
+ if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) {
+ this.log("Blocking auth dialog, due to exceeding dialog bloat limit");
+ delete this._asyncPrompts[hashKey];
+
+ // just make the runnable cancel all consumers
+ runnable.cancel = true;
+ } else {
+ this._asyncPromptInProgress = true;
+ prompt.inProgress = true;
+ }
} else {
+ // No DOS protection: prompt
this._asyncPromptInProgress = true;
prompt.inProgress = true;
}
diff --git a/toolkit/content/widgets/browser.xml b/toolkit/content/widgets/browser.xml
index a30ff1c..5a0a99b 100644
--- a/toolkit/content/widgets/browser.xml
+++ b/toolkit/content/widgets/browser.xml
@@ -899,6 +899,10 @@
<field name="mIconURL">null</field>
+ <property name="isAuthDOSProtected"
+ onget="return (this.getAttribute('authdosprotected') == 'true');"
+ readonly="true"/>
+
<!-- This is managed by the tabbrowser -->
<field name="lastURI">null</field>
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
More information about the x2go-commits
mailing list