From 30fbaba4dff5e4b48ef9d3c0c1441803e9096603 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Mar 2018 19:33:46 +0000 Subject: [PATCH] 2203: undo sh*t This is so wrong: It is better to inform users that 3 **must** be used than rely on zero info as well as removing useful info on what the values do. All future issues with this will be directed to earthlng. Remove RFP info as RFP users should know this stuff if they turned it on. Non RFP users, who we told they can bypass it, will not have a reference to RFP now. Enforce will now be banned as a word because, "reasons". --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 410b633..6b7f131 100644 --- a/user.js +++ b/user.js @@ -1067,13 +1067,12 @@ user_pref("dom.disable_window_open_feature.toolbar", true); user_pref("dom.allow_scripts_to_close_windows", false); // default: false user_pref("dom.disable_window_flip", true); // window z-order - default: true user_pref("dom.disable_window_move_resize", true); -/* 2203: enforce links targeting new windows to open in a new tab instead +/* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window (or middle-click). - * [NOTE] RFP (4500) already resizes new windows to cover screen resolution leaks * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 1=current, 2=new, 3=most recent +user_pref("browser.link.open_newwindow", 3); user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API to prevent screen-resolution leaks [SETUP] * [NOTE] You can still manually toggle the browser's fullscreen state (F11),