tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

UITourUtils.sys.mjs (2517B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 const PREF_TEST_ORIGINS = "browser.uitour.testingOrigins";
      6 const UITOUR_PERMISSION = "uitour";
      7 
      8 export let UITourUtils = {
      9  /**
     10   * Check if we've got a testing origin.
     11   *
     12   * @param {nsIURI} uri
     13   *    The URI to check
     14   * @returns {boolean}
     15   *    Whether or not it's a testing origin.
     16   */
     17  isTestingOrigin(uri) {
     18    let testingOrigins = Services.prefs.getStringPref(PREF_TEST_ORIGINS, "");
     19    if (!testingOrigins) {
     20      return false;
     21    }
     22 
     23    // Allow any testing origins (comma-seperated).
     24    for (let origin of testingOrigins.split(/\s*,\s*/)) {
     25      try {
     26        let testingURI = Services.io.newURI(origin);
     27        if (uri.prePath == testingURI.prePath) {
     28          return true;
     29        }
     30      } catch (ex) {
     31        console.error(ex);
     32      }
     33    }
     34    return false;
     35  },
     36 
     37  /**
     38   *
     39   * @param {WindowGlobalChild|WindowGlobalParent} windowGlobal
     40   *   The parent/child representation of a window global to check if we can
     41   *   use UITour.
     42   * @returns {boolean}
     43   *   Whether or not we can use UITour here.
     44   */
     45  ensureTrustedOrigin(windowGlobal) {
     46    // If we're not top-most or no longer current, bail out immediately.
     47    if (windowGlobal.browsingContext.parent || !windowGlobal.isCurrentGlobal) {
     48      return false;
     49    }
     50 
     51    let principal, uri;
     52    // We can get either a WindowGlobalParent or WindowGlobalChild, depending on
     53    // what process we're called in, and determining the secure context-ness and
     54    // principal + URI needs different approaches based on this.
     55    if (WindowGlobalParent.isInstance(windowGlobal)) {
     56      if (!windowGlobal.browsingContext.secureBrowserUI?.isSecureContext) {
     57        return false;
     58      }
     59      principal = windowGlobal.documentPrincipal;
     60      uri = windowGlobal.documentURI;
     61    } else {
     62      if (!windowGlobal.contentWindow?.isSecureContext) {
     63        return false;
     64      }
     65      let document = windowGlobal.contentWindow.document;
     66      principal = document?.nodePrincipal;
     67      uri = document?.documentURIObject;
     68    }
     69 
     70    if (!principal) {
     71      return false;
     72    }
     73 
     74    let permission = Services.perms.testPermissionFromPrincipal(
     75      principal,
     76      UITOUR_PERMISSION
     77    );
     78    if (permission == Services.perms.ALLOW_ACTION) {
     79      return true;
     80    }
     81 
     82    return uri && this.isTestingOrigin(uri);
     83  },
     84 };