commit feb9474a96a7b006afd58b0f10ebd320cc34f7f3
parent ba4d82ada3b05ed2d5729d1b790140d1b2d02bc3
Author: hackademix <giorgio@maone.net>
Date: Mon, 29 Jul 2024 19:27:00 +0200
BB 42835: Create an actor to filter file data transfers
Diffstat:
4 files changed, 89 insertions(+), 0 deletions(-)
diff --git a/toolkit/actors/FilesFilterChild.sys.mjs b/toolkit/actors/FilesFilterChild.sys.mjs
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const lazy = {};
+
+ChromeUtils.defineLazyGetter(lazy, "console", () => {
+ return console.createInstance({
+ prefix: "FilesFilter",
+ });
+});
+
+export class FilesFilterChild extends JSWindowActorChild {
+ handleEvent(event) {
+ if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) {
+ return;
+ }
+ // drop or paste
+ const { composedTarget } = event;
+ const dt = event.clipboardData || event.dataTransfer;
+
+ if ([...dt.files].some(f => f.mozFullPath)) {
+ if (
+ ["HTMLInputElement", "HTMLTextAreaElement"].includes(
+ ChromeUtils.getClassName(composedTarget)
+ )
+ ) {
+ event.preventDefault();
+ lazy.console.log(
+ `Preventing path leak on ${event.type} for ${[...dt.files]
+ .map(f => `${f.name} (${f.mozFullPath})`)
+ .join(", ")}.`
+ );
+ }
+ return;
+ }
+
+ // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths
+ if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) {
+ return;
+ }
+
+ // check wether the clipboard contains a file
+ const { clipboard } = Services;
+ if (
+ [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some(
+ clipboardType =>
+ clipboard.isClipboardTypeSupported(clipboardType) &&
+ clipboard.hasDataMatchingFlavors(
+ ["application/x-moz-file"],
+ clipboardType
+ )
+ )
+ ) {
+ event.preventDefault();
+ event.stopPropagation();
+ lazy.console.log(
+ `Preventing path leak on "Paste Without Formatting" for ${dt.getData(
+ "text"
+ )}.`
+ );
+ }
+ }
+}
diff --git a/toolkit/actors/FilesFilterParent.sys.mjs b/toolkit/actors/FilesFilterParent.sys.mjs
@@ -0,0 +1,7 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+export class FilesFilterParent extends JSWindowActorParent {
+ // just a stub for now
+}
diff --git a/toolkit/actors/moz.build b/toolkit/actors/moz.build
@@ -49,6 +49,8 @@ FINAL_TARGET_FILES.actors += [
"ControllersChild.sys.mjs",
"ControllersParent.sys.mjs",
"ExtFindChild.sys.mjs",
+ "FilesFilterChild.sys.mjs",
+ "FilesFilterParent.sys.mjs",
"FindBarChild.sys.mjs",
"FindBarParent.sys.mjs",
"FinderChild.sys.mjs",
diff --git a/toolkit/modules/ActorManagerParent.sys.mjs b/toolkit/modules/ActorManagerParent.sys.mjs
@@ -348,6 +348,22 @@ let JSWINDOWACTORS = {
allFrames: true,
},
+ FilesFilter: {
+ parent: {
+ esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs",
+ },
+
+ child: {
+ esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs",
+ events: {
+ drop: {},
+ paste: { capture: true },
+ },
+ },
+
+ allFrames: true,
+ },
+
FindBar: {
parent: {
esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs",
