From 9f43d48a3222ac6f8980c4f3b1b23b7e45b0bce0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 25 Aug 2021 14:09:39 +0000 Subject: [PATCH] targetBlankNoOpener -> don't touch --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 06a76a1..d69ab34 100644 --- a/user.js +++ b/user.js @@ -728,14 +728,11 @@ user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 2405: enable (limited but sufficient) window.opener protection [FF65+] - * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] -/* 2406: disable website access to clipboard events/content +/* 2405: disable website access to clipboard events/content * Requires user interaction. Applies to onCut/onCopy/onPaste events * [SETUP-HARDEN] Will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress ***/ // user_pref("dom.event.clipboardevents.enabled", false); -/* 2407: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] +/* 2406: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ user_pref("dom.allow_cut_copy", false); @@ -1245,6 +1242,9 @@ user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: tru * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] +/* 6007: enforce window.opener protection [FF65+] + * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");