diff options
Diffstat (limited to 'browser/components/preferences/in-content/security.js')
-rw-r--r-- | browser/components/preferences/in-content/security.js | 302 |
1 files changed, 302 insertions, 0 deletions
diff --git a/browser/components/preferences/in-content/security.js b/browser/components/preferences/in-content/security.js new file mode 100644 index 0000000000..a8ad28c7ea --- /dev/null +++ b/browser/components/preferences/in-content/security.js @@ -0,0 +1,302 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper", + "resource://gre/modules/LoginHelper.jsm"); + +Components.utils.import("resource://gre/modules/PrivateBrowsingUtils.jsm"); + +var gSecurityPane = { + _pane: null, + + /** + * Initializes master password UI. + */ + init: function () + { + function setEventListener(aId, aEventType, aCallback) + { + document.getElementById(aId) + .addEventListener(aEventType, aCallback.bind(gSecurityPane)); + } + + this._pane = document.getElementById("paneSecurity"); + this._initMasterPasswordUI(); + this._initSafeBrowsing(); + + setEventListener("addonExceptions", "command", + gSecurityPane.showAddonExceptions); + setEventListener("passwordExceptions", "command", + gSecurityPane.showPasswordExceptions); + setEventListener("useMasterPassword", "command", + gSecurityPane.updateMasterPasswordButton); + setEventListener("changeMasterPassword", "command", + gSecurityPane.changeMasterPassword); + setEventListener("showPasswords", "command", + gSecurityPane.showPasswords); + }, + + // ADD-ONS + + /* + * Preferences: + * + * xpinstall.whitelist.required + * - true if a site must be added to a site whitelist before extensions + * provided by the site may be installed from it, false if the extension + * may be directly installed after a confirmation dialog + */ + + /** + * Enables/disables the add-ons Exceptions button depending on whether + * or not add-on installation warnings are displayed. + */ + readWarnAddonInstall: function () + { + var warn = document.getElementById("xpinstall.whitelist.required"); + var exceptions = document.getElementById("addonExceptions"); + + exceptions.disabled = !warn.value; + + // don't override the preference value + return undefined; + }, + + /** + * Displays the exceptions lists for add-on installation warnings. + */ + showAddonExceptions: function () + { + var bundlePrefs = document.getElementById("bundlePreferences"); + + var params = this._addonParams; + if (!params.windowTitle || !params.introText) { + params.windowTitle = bundlePrefs.getString("addons_permissions_title"); + params.introText = bundlePrefs.getString("addonspermissionstext"); + } + + gSubDialog.open("chrome://browser/content/preferences/permissions.xul", + null, params); + }, + + /** + * Parameters for the add-on install permissions dialog. + */ + _addonParams: + { + blockVisible: false, + sessionVisible: false, + allowVisible: true, + prefilledHost: "", + permissionType: "install" + }, + + // PASSWORDS + + /* + * Preferences: + * + * signon.rememberSignons + * - true if passwords are remembered, false otherwise + */ + + /** + * Enables/disables the Exceptions button used to configure sites where + * passwords are never saved. When browser is set to start in Private + * Browsing mode, the "Remember passwords" UI is useless, so we disable it. + */ + readSavePasswords: function () + { + var pref = document.getElementById("signon.rememberSignons"); + var excepts = document.getElementById("passwordExceptions"); + + if (PrivateBrowsingUtils.permanentPrivateBrowsing) { + document.getElementById("savePasswords").disabled = true; + excepts.disabled = true; + return false; + } + excepts.disabled = !pref.value; + // don't override pref value in UI + return undefined; + }, + + /** + * Displays a dialog in which the user can view and modify the list of sites + * where passwords are never saved. + */ + showPasswordExceptions: function () + { + var bundlePrefs = document.getElementById("bundlePreferences"); + var params = { + blockVisible: true, + sessionVisible: false, + allowVisible: false, + hideStatusColumn: true, + prefilledHost: "", + permissionType: "login-saving", + windowTitle: bundlePrefs.getString("savedLoginsExceptions_title"), + introText: bundlePrefs.getString("savedLoginsExceptions_desc") + }; + + gSubDialog.open("chrome://browser/content/preferences/permissions.xul", + null, params); + }, + + /** + * Initializes master password UI: the "use master password" checkbox, selects + * the master password button to show, and enables/disables it as necessary. + * The master password is controlled by various bits of NSS functionality, so + * the UI for it can't be controlled by the normal preference bindings. + */ + _initMasterPasswordUI: function () + { + var noMP = !LoginHelper.isMasterPasswordSet(); + + var button = document.getElementById("changeMasterPassword"); + button.disabled = noMP; + + var checkbox = document.getElementById("useMasterPassword"); + checkbox.checked = !noMP; + }, + + _initSafeBrowsing() { + let enableSafeBrowsing = document.getElementById("enableSafeBrowsing"); + let blockDownloads = document.getElementById("blockDownloads"); + let blockUncommonUnwanted = document.getElementById("blockUncommonUnwanted"); + + let safeBrowsingPhishingPref = document.getElementById("browser.safebrowsing.phishing.enabled"); + let safeBrowsingMalwarePref = document.getElementById("browser.safebrowsing.malware.enabled"); + + let blockDownloadsPref = document.getElementById("browser.safebrowsing.downloads.enabled"); + let malwareTable = document.getElementById("urlclassifier.malwareTable"); + + let blockUnwantedPref = document.getElementById("browser.safebrowsing.downloads.remote.block_potentially_unwanted"); + let blockUncommonPref = document.getElementById("browser.safebrowsing.downloads.remote.block_uncommon"); + + enableSafeBrowsing.addEventListener("command", function() { + safeBrowsingPhishingPref.value = enableSafeBrowsing.checked; + safeBrowsingMalwarePref.value = enableSafeBrowsing.checked; + + if (enableSafeBrowsing.checked) { + blockDownloads.removeAttribute("disabled"); + if (blockDownloads.checked) { + blockUncommonUnwanted.removeAttribute("disabled"); + } + } else { + blockDownloads.setAttribute("disabled", "true"); + blockUncommonUnwanted.setAttribute("disabled", "true"); + } + }); + + blockDownloads.addEventListener("command", function() { + blockDownloadsPref.value = blockDownloads.checked; + if (blockDownloads.checked) { + blockUncommonUnwanted.removeAttribute("disabled"); + } else { + blockUncommonUnwanted.setAttribute("disabled", "true"); + } + }); + + blockUncommonUnwanted.addEventListener("command", function() { + blockUnwantedPref.value = blockUncommonUnwanted.checked; + blockUncommonPref.value = blockUncommonUnwanted.checked; + + let malware = malwareTable.value + .split(",") + .filter(x => x !== "goog-unwanted-shavar" && x !== "test-unwanted-simple"); + + if (blockUncommonUnwanted.checked) { + malware.push("goog-unwanted-shavar"); + malware.push("test-unwanted-simple"); + } + + // sort alphabetically to keep the pref consistent + malware.sort(); + + malwareTable.value = malware.join(","); + }); + + // set initial values + + enableSafeBrowsing.checked = safeBrowsingPhishingPref.value && safeBrowsingMalwarePref.value; + if (!enableSafeBrowsing.checked) { + blockDownloads.setAttribute("disabled", "true"); + blockUncommonUnwanted.setAttribute("disabled", "true"); + } + + blockDownloads.checked = blockDownloadsPref.value; + if (!blockDownloadsPref.value) { + blockUncommonUnwanted.setAttribute("disabled", "true"); + } + + blockUncommonUnwanted.checked = blockUnwantedPref.value && blockUncommonPref.value; + }, + + /** + * Enables/disables the master password button depending on the state of the + * "use master password" checkbox, and prompts for master password removal if + * one is set. + */ + updateMasterPasswordButton: function () + { + var checkbox = document.getElementById("useMasterPassword"); + var button = document.getElementById("changeMasterPassword"); + button.disabled = !checkbox.checked; + + // unchecking the checkbox should try to immediately remove the master + // password, because it's impossible to non-destructively remove the master + // password used to encrypt all the passwords without providing it (by + // design), and it would be extremely odd to pop up that dialog when the + // user closes the prefwindow and saves his settings + if (!checkbox.checked) + this._removeMasterPassword(); + else + this.changeMasterPassword(); + + this._initMasterPasswordUI(); + }, + + /** + * Displays the "remove master password" dialog to allow the user to remove + * the current master password. When the dialog is dismissed, master password + * UI is automatically updated. + */ + _removeMasterPassword: function () + { + var secmodDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]. + getService(Ci.nsIPKCS11ModuleDB); + if (secmodDB.isFIPSEnabled) { + var promptService = Cc["@mozilla.org/embedcomp/prompt-service;1"]. + getService(Ci.nsIPromptService); + var bundle = document.getElementById("bundlePreferences"); + promptService.alert(window, + bundle.getString("pw_change_failed_title"), + bundle.getString("pw_change2empty_in_fips_mode")); + this._initMasterPasswordUI(); + } + else { + gSubDialog.open("chrome://mozapps/content/preferences/removemp.xul", + null, null, this._initMasterPasswordUI.bind(this)); + } + }, + + /** + * Displays a dialog in which the master password may be changed. + */ + changeMasterPassword: function () + { + gSubDialog.open("chrome://mozapps/content/preferences/changemp.xul", + "resizable=no", null, this._initMasterPasswordUI.bind(this)); + }, + + /** + * Shows the sites where the user has saved passwords and the associated login + * information. + */ + showPasswords: function () + { + gSubDialog.open("chrome://passwordmgr/content/passwordManager.xul"); + } + +}; |