tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 8c22be6bad0c3176f55684dc1f542973d52efda8
parent eee574aef00063f8333001f165ad0d3f3a87d57f
Author: Harshit <hsohaney@mozilla.com>
Date:   Thu, 18 Dec 2025 22:26:04 +0000

Bug 2005845 - Add a check to ensure that the spotlight is loaded from the about page. r=mconley

Differential Revision: https://phabricator.services.mozilla.com/D276562

Diffstat:

Mbrowser/components/backup/actors/BackupUIParent.sys.mjs | 14++++++++++++++


Mbrowser/components/profiles/tests/browser/browser_preferences.js | 2+-


2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/browser/components/backup/actors/BackupUIParent.sys.mjs b/browser/components/backup/actors/BackupUIParent.sys.mjs
@@ -7,6 +7,7 @@ const lazy = {};
 ChromeUtils.defineESModuleGetters(lazy, {
   BackupService: "resource:///modules/backup/BackupService.sys.mjs",
   ERRORS: "chrome://browser/content/backup/backup-constants.mjs",
+  E10SUtils: "resource://gre/modules/E10SUtils.sys.mjs",
 });
 
 ChromeUtils.defineLazyGetter(lazy, "logConsole", function () {
@@ -121,6 +122,19 @@ export class BackupUIParent extends JSWindowActorParent {
    *   Returns either a success object, a file details object, or null.
    */
   async receiveMessage(message) {
+    // The backup spotlights can be embedded in less privileged content pages, so let's
+    // make sure that any messages from content are coming from the privileged
+    // about content process type
+    if (
+      !this.browsingContext.currentWindowGlobal.isInProcess &&
+      this.browsingContext.currentRemoteType !=
+        lazy.E10SUtils.PRIVILEGEDABOUT_REMOTE_TYPE
+    ) {
+      throw new Error(
+        "BackupUIParent: received message from the wrong content process type."
+      );
+    }
+
     if (message.name == "RequestState") {
       this.sendState();
     } else if (message.name == "TriggerCreateBackup") {
diff --git a/browser/components/profiles/tests/browser/browser_preferences.js b/browser/components/profiles/tests/browser/browser_preferences.js
@@ -343,8 +343,8 @@ add_task(async function testPrivacyInfoHiddenWhenDisabled() {
 
   ok(!BrowserTestUtils.isVisible(profilesNote), "The profiles note is hidden");
 
-  BrowserTestUtils.removeTab(gBrowser.selectedTab);
   await SpecialPowers.popPrefEnv();
+  BrowserTestUtils.removeTab(gBrowser.selectedTab);
 });
 
 // If the user disables data collection, then re-enables data collection in