mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

bug #357321 --> don't blindly trust address book recipients when loading remote content. Make the user explicitly mark each sender as allowing remote content. 

Remove the UI for enabling JS. Remove the now obsolete UI for white listing address book entries. sr=bienvenu
This commit is contained in:
scott%scott-macgregor.org 2006-11-13 18:59:35 +00:00
Родитель 10bec2cef1
Коммит 010cb8bae8
14 изменённых файлов: 175 добавлений и 156 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

19
mail/app/profile/all-thunderbird.js
Просмотреть файл

@ -179,25 +179,6 @@ pref("accessibility.typeaheadfind.flashBar", 1);
pref("mail.showFolderPaneColumns", false); // setting to true will allow total/unread/size columns
pref("mail.showCondensedAddresses", true); // show the friendly display name for people I know
/////////////////////////////////////////////////////////////////
// Privacy Controls for Handling Remote Content
/////////////////////////////////////////////////////////////////
pref("mailnews.message_display.allow.plugins", false); // disable plugins by default
pref("mailnews.message_display.disable_remote_image", true);
pref("mailnews.message_display.disable_remote_images.useWhitelist", true);
pref("mailnews.message_display.disable_remote_images.whiteListAbURI","moz-abmdbdirectory://abook.mab");
/////////////////////////////////////////////////////////////////
// Trusted Mail Domains
//
// Specific domains can be white listed to bypass various privacy controls in Thunderbird
// such as blocking remote images, the phishing detector, etc. This is particularly
// useful for business deployments where images or links reference servers inside a
// corporate intranet. For multiple domains, separate them with a comma. i.e.
// pref("mail.trusteddomains", "mozilla.org,mozillafoundation.org");
/////////////////////////////////////////////////////////////////
pref("mail.trusteddomains", "");
// hidden pref for changing how we present attachments in the message pane
pref("mailnews.attachments.display.largeView", false);
pref("mail.pane_config.dynamic", 0);

112
mail/base/content/mailWindowOverlay.js
Просмотреть файл

@ -55,7 +55,7 @@ const kClassicMailLayout = 0;
const kWideMailLayout = 1;
const kVerticalMailLayout = 2;
// Per message headder flags to keep track of whether the user is allowing remote
// Per message header flags to keep track of whether the user is allowing remote
// content for a particular message.
// if you change or add more values to these constants, be sure to modify
// the corresponding definitions in nsMsgContentPolicy.cpp
@ -2316,9 +2316,12 @@ var gMessageNotificationBar =
setRemoteContentMsg: function(aMsgHdr)
{
var blockRemote = aMsgHdr &&
aMsgHdr.getUint32Property("remoteContentPolicy") == kBlockRemoteContent;
this.updateMsgNotificationBar(kMsgNotificationRemoteImages, blockRemote);
// update the allow remote content for sender string
var headerParser = Components.classes["@mozilla.org/messenger/headerparser;1"].getService(Components.interfaces.nsIMsgHeaderParser);
var emailAddress = headerParser.extractHeaderAddressMailboxes(null, aMsgHdr.author);
document.getElementById('allowRemoteContentForAuthorDesc').value =
gMessengerBundle.getFormattedString('alwaysLoadRemoteContentForSender', [emailAddress ? emailAddress : aMsgHdr.author]);
this.updateMsgNotificationBar(kMsgNotificationRemoteImages, true);
},
// aUrl is the nsIURI for the message currently loaded in the message pane
@ -2354,7 +2357,11 @@ var gMessageNotificationBar =
}
};
function LoadMsgWithRemoteContent()
/**
* LoadMsgWithRemoteContent
* Reload the current message, allowing remote content
*/
function loadMsgWithRemoteContent()
{
// we want to get the msg hdr for the currently selected message
// change the "remoteContentBar" property on it
@ -2363,6 +2370,73 @@ function LoadMsgWithRemoteContent()
setMsgHdrPropertyAndReload("remoteContentPolicy", kAllowRemoteContent);
}
/**
* msgHdrForCurrentMessage
* Returns the msg hdr associated with the current loaded message.
*/
function msgHdrForCurrentMessage()
{
var msgURI = GetLoadedMessage();
if (msgURI && !(/type=application\/x-message-display/.test(msgURI)))
return (msgURI && !(/type=application\/x-message-display/.test(msgURI))) ? messenger.msgHdrFromURI(msgURI) : null;
}
/**
* Reloads the message after adjusting the remote content policy for the sender.
* Iterate through the local address books looking for a card with the same e-mail address as the
* sender of the current loaded message. If we find a card, update the allow remote content field.
* If we can't find a card, prompt the user with a new AB card dialog, pre-selecting the remote content field.
*/
function allowRemoteContentForSender()
{
// get the sender of the msg hdr
var msgHdr = msgHdrForCurrentMessage();
if (!msgHdr)
return;
var headerParser = Components.classes["@mozilla.org/messenger/headerparser;1"]
.getService(Components.interfaces.nsIMsgHeaderParser);
var names = {};
var addresses = {};
var fullNames = {};
var numAddresses;
numAddresses = headerParser.parseHeadersWithArray(msgHdr.author, addresses, names, fullNames);
var authorEmailAddress = addresses.value[0];
if (!authorEmailAddress)
return;
// search through all of our local address books looking for a match.
var parentDir = RDF.GetResource("moz-abdirectory://").QueryInterface(Components.interfaces.nsIAbDirectory);
var enumerator = parentDir.childNodes;
var cardForEmailAddress;
var addrbook;
while (!cardForEmailAddress && enumerator.hasMoreElements())
{
addrbook = enumerator.getNext();
if (addrbook instanceof Components.interfaces.nsIAbMDBDirectory)
cardForEmailAddress = addrbook.cardForEmailAddress(authorEmailAddress);
}
if (cardForEmailAddress)
{
// set the property for remote content
cardForEmailAddress.allowRemoteContent = true;
cardForEmailAddress.editCardToDatabase("");
}
else
{
// create a new card and set the property
window.openDialog("chrome://messenger/content/addressbook/abNewCardDialog.xul",
"",
"chrome,resizable=no,titlebar,modal,centerscreen",
{primaryEmail:authorEmailAddress, displayName:names.value[0], allowRemoteContent:'true'});
}
// reload the message now that we've updated the remote content policy for the sender
MsgReload();
}
function MsgIsNotAScam()
{
// we want to get the msg hdr for the currently selected message
@ -2377,16 +2451,11 @@ function setMsgHdrPropertyAndReload(aProperty, aValue)
// we want to get the msg hdr for the currently selected message
// change the appropiate property on it then reload the message
var msgURI = GetLoadedMessage();
if (msgURI && !(/type=application\/x-message-display/.test(msgURI)))
var msgHdr = msgHdrForCurrentMessage();
if (msgHdr)
{
var msgHdr = messenger.msgHdrFromURI(msgURI);
if (msgHdr)
{
msgHdr.setUint32Property(aProperty, aValue);
MsgReload();
}
msgHdr.setUint32Property(aProperty, aValue);
MsgReload();
}
}
@ -2394,15 +2463,8 @@ function checkMsgHdrPropertyIsNot(aProperty, aValue)
{
// we want to get the msg hdr for the currently selected message,
// get the appropiate property on it and then test against value.
var msgURI = GetLoadedMessage();
if (msgURI && !(/type=application\/x-message-display/.test(msgURI)))
{
var msgHdr = messenger.msgHdrFromURI(msgURI);
return (msgHdr && msgHdr.getUint32Property(aProperty) != aValue);
}
return false;
var msgHdr = msgHdrForCurrentMessage();
return (msgHdr && msgHdr.getUint32Property(aProperty) != aValue);
}
function MarkCurrentMessageAsRead()
@ -2447,7 +2509,6 @@ function OnMsgLoaded(aUrl)
catch (ex) {}
var msgURI = GetLoadedMessage();
var msgHdr = null;
if (!folder || !msgURI)
return;
@ -2462,8 +2523,7 @@ function OnMsgLoaded(aUrl)
if (wintype == "mail:messageWindow" || GetThreadTree().view.selection.currentIndex != gSelectedIndexWhenDeleting)
gNextMessageViewIndexAfterDelete = -2;
if (!(/type=application\/x-message-display/.test(msgURI)))
msgHdr = messenger.messageServiceFromURI(msgURI).messageURIToMsgHdr(msgURI);
var msgHdr = msgHdrForCurrentMessage();
gMessageNotificationBar.setJunkMsg(msgHdr);

8
mail/base/content/mailWindowOverlay.xul
Просмотреть файл

@ -2192,9 +2192,13 @@
<hbox id="remoteContentBar" class="msgNotificationBar" align="center">
<image id="remoteContentImage"/>
<description flex="1" class="msgNotificationBarText">&remoteContentMessage.label;</description>
<vbox>
<description flex="1" class="msgNotificationBarText">&remoteContentMessage.label;</description>
<description id="allowRemoteContentForAuthorDesc" class="text-link" flex="1"
onclick="allowRemoteContentForSender();"></description>
</vbox>
<spacer flex="1"/>
<button label="&loadRemoteContentButton.label;" oncommand="LoadMsgWithRemoteContent();"/>
<button label="&loadRemoteContentButton1.label;" oncommand="loadMsgWithRemoteContent();"/>
</hbox>
</deck>

37
mail/components/preferences/privacy.xul
Просмотреть файл

@ -57,18 +57,6 @@
<preferences>
<preference id="mail.preferences.privacy.selectedTabIndex"
name="mail.preferences.privacy.selectedTabIndex" type="int"/>
<preference id="mailnews.message_display.disable_remote_image"
name="mailnews.message_display.disable_remote_image"
type="bool"/>
<preference id="mailnews.message_display.disable_remote_images.useWhitelist"
name="mailnews.message_display.disable_remote_images.useWhitelist"
type="bool"/>
<preference id="mailnews.message_display.disable_remote_images.whiteListAbURI"
name="mailnews.message_display.disable_remote_images.whiteListAbURI"
type="string"/>
<preference id="javascript.allow.mailnews"
name="javascript.allow.mailnews" inverted="true"
type="bool"/>
<preference id="mail.spam.manualMark"
name="mail.spam.manualMark"
type="bool"/>
@ -106,7 +94,6 @@
<tabbox id="privacyPrefs" flex="1" onselect="gPrivacyPane.tabSelectionChanged();">
<tabs>
<tab label="&itemGeneral.label;"/>
<tab label="&itemJunk.label;"/>
<tab label="&itemPhishing.label;"/>
<tab label="&itemAntiVirus.label;"/>
@ -115,30 +102,6 @@
</tabs>
<tabpanels flex="1">
<!-- General -->
<tabpanel orient="vertical">
<checkbox id="networkImageDisableImagesInMailNews"
label="&disableImageInMailNews.label;" accesskey="&disableImageInMailNews.accesskey;"
preference="mailnews.message_display.disable_remote_image"
oncommand="gPrivacyPane.updateRemoteImagesState();"/>
<hbox class="indent">
<checkbox id="useWhiteList"
preference="mailnews.message_display.disable_remote_images.useWhitelist"
label="&allowRemoteImagesForFriends.label;" accesskey="&allowRemoteImagesForFriends.accesskey;"/>
<menulist id="whiteListAbURI" flex="1" preference="mailnews.message_display.disable_remote_images.whiteListAbURI">
<menupopup id="whitelist-menupopup">
</menupopup>
</menulist>
</hbox>
<separator class="thin"/>
<checkbox id="javascriptAllowMailNews"
label="&enbJsCheckMailNews.label;" accesskey="&enbJsCheckMailNews.accesskey;"
preference="javascript.allow.mailnews"/>
</tabpanel>
<tabpanel orient="vertical">
<description>&junkMail.intro;</description>
<class separator="thin"/>

2
mail/locales/en-US/chrome/messenger/messenger.dtd
Просмотреть файл

@ -628,7 +628,7 @@
<!-- Remote Content Bar -->
<!ENTITY remoteContentMessage.label "To protect your privacy, &brandShortName; has blocked remote images in this message.">
<!ENTITY loadRemoteContentButton.label "Show Images">
<!ENTITY loadRemoteContentButton1.label "Load Images">
<!-- Phishing Bar -->
<!ENTITY phishingBarMessage.label "&brandShortName; thinks this message might be an email scam.">

2
mail/locales/en-US/chrome/messenger/messenger.properties
Просмотреть файл

@ -416,4 +416,4 @@ copyToFolderAgain=Copy to "%1$S" Again
copyToFolderAgainAccessKey=t
#LOCALIZATION NOTE %1$S is the e-mail address of the person we will allow remote images for
alwaysLoadRemoteContentForSender=Click here to always load remote images from %1$S
alwaysLoadRemoteContentForSender=Click here to always load remote images from %1$S.

8
mail/locales/en-US/chrome/messenger/preferences/privacy.dtd
Просмотреть файл

@ -1,17 +1,9 @@
<!ENTITY itemGeneral.label "General">
<!ENTITY itemJunk.label "Junk">
<!ENTITY itemPhishing.label "E-mail Scams">
<!ENTITY itemPasswords.label "Passwords">
<!ENTITY itemAntiVirus.label "Anti-Virus">
<!ENTITY itemSecurity.label "Security">
<!ENTITY disableImageInMailNews.label "Block loading of remote images in mail messages">
<!ENTITY disableImageInMailNews.accesskey "B">
<!ENTITY allowRemoteImagesForFriends.label "Allow remote images if the sender is in my:">
<!ENTITY allowRemoteImagesForFriends.accesskey "A">
<!ENTITY enbJsCheckMailNews.label "Block JavaScript in mail messages">
<!ENTITY enbJsCheckMailNews.accesskey "J">
<!-- Junk Mail Controls -->
<!ENTITY junkMail.intro "Set your default junk mail settings. Account specific junk mail settings can be configured in Account Settings.">
<!ENTITY manualMark.label "When I mark messages as junk:">

4
mail/themes/pinstripe/mail/primaryToolbar.css
Просмотреть файл

@ -511,6 +511,10 @@ toolbar[iconsize="small"] #button-next[disabled] {
color: black;
}
#allowRemoteContentForAuthorDesc {
padding-left: 10px;
}
#phishingBarImage {
/* for now, temporarily copy the remote image icon until we can get a new one */
list-style-image: url("chrome://global/skin/console/console-toolbar.png");

5
mail/themes/pinstripe/mail/searchBox.css
Просмотреть файл

@ -37,11 +37,6 @@
# ***** END LICENSE BLOCK *****
*/
#searchBox {
padding: 2px 0px;
margin: 0px 4px;
}
#searchInput[searchCriteria="true"] {
color: grey;
}

2
mail/themes/qute/mail/messageHeader.css
Просмотреть файл

@ -196,9 +196,7 @@ description[selectable="true"]:focus > descriptionitem[selected="true"]
/* ::::: email address twisty ::::: */
.addresstwisty {
-moz-padding-end: 5px;
padding-top: 4px;
list-style-image: url("chrome://global/skin/tree/twisty-clsd.png");
}

4
mail/themes/qute/mail/primaryToolbar.css
Просмотреть файл

@ -519,6 +519,10 @@ toolbar[iconsize="small"] #button-goforward[disabled] {
list-style-image: url("chrome://messenger/skin/icons/remote-blocked.png");
}
#allowRemoteContentForAuthorDesc {
padding-left: 10px;
}
#phishingBarImage {
list-style-image: url("chrome://messenger/skin/icons/phishing.png");
}

99
mailnews/base/src/nsMsgContentPolicy.cpp
Просмотреть файл

@ -48,7 +48,8 @@
#include "nsIRDFResource.h"
#include "nsIMsgHeaderParser.h"
#include "nsIAbMDBDirectory.h"
#include "nsIAbMDBCard.h"
#include "nsIAbCard.h"
#include "nsIMsgMailNewsUrl.h"
#include "nsIMsgWindow.h"
#include "nsIMimeMiscStatus.h"
@ -78,8 +79,6 @@
#include "nsContentPolicyUtils.h"
static const char kBlockRemoteImages[] = "mailnews.message_display.disable_remote_image";
static const char kRemoteImagesUseWhiteList[] = "mailnews.message_display.disable_remote_images.useWhitelist";
static const char kRemoteImagesWhiteListURI[] = "mailnews.message_display.disable_remote_images.whiteListAbURI";
static const char kAllowPlugins[] = "mailnews.message_display.allow.plugins";
static const char kTrustedDomains[] = "mail.trusteddomains";
@ -99,7 +98,6 @@ NS_IMPL_ISUPPORTS3(nsMsgContentPolicy,
nsMsgContentPolicy::nsMsgContentPolicy()
{
mAllowPlugins = PR_FALSE;
mUseRemoteImageWhiteList = PR_TRUE;
mBlockRemoteImages = PR_TRUE;
}
@ -111,8 +109,6 @@ nsMsgContentPolicy::~nsMsgContentPolicy()
if (NS_SUCCEEDED(rv))
{
prefInternal->RemoveObserver(kBlockRemoteImages, this);
prefInternal->RemoveObserver(kRemoteImagesUseWhiteList, this);
prefInternal->RemoveObserver(kRemoteImagesWhiteListURI, this);
prefInternal->RemoveObserver(kAllowPlugins, this);
}
}
@ -126,54 +122,72 @@ nsresult nsMsgContentPolicy::Init()
NS_ENSURE_SUCCESS(rv, rv);
prefInternal->AddObserver(kBlockRemoteImages, this, PR_TRUE);
prefInternal->AddObserver(kRemoteImagesUseWhiteList, this, PR_TRUE);
prefInternal->AddObserver(kRemoteImagesWhiteListURI, this, PR_TRUE);
prefInternal->AddObserver(kAllowPlugins, this, PR_TRUE);
prefInternal->GetBoolPref(kAllowPlugins, &mAllowPlugins);
prefInternal->GetBoolPref(kRemoteImagesUseWhiteList, &mUseRemoteImageWhiteList);
prefInternal->GetCharPref(kRemoteImagesWhiteListURI, getter_Copies(mRemoteImageWhiteListURI));
prefInternal->GetCharPref(kTrustedDomains, getter_Copies(mTrustedMailDomains));
return prefInternal->GetBoolPref(kBlockRemoteImages, &mBlockRemoteImages);
prefInternal->GetBoolPref(kBlockRemoteImages, &mBlockRemoteImages);
return NS_OK;
}
/**
* returns true if the sender referenced by aMsgHdr is in one of our
* trusted white lists.
* returns true if the sender referenced by aMsgHdr is in one one of our local
* address books and the user has explicitly allowed remote content for the sender
*/
nsresult nsMsgContentPolicy::IsSenderInWhiteList(nsIMsgDBHdr * aMsgHdr, PRBool * aWhiteListed)
nsresult nsMsgContentPolicy::AllowRemoteContentForSender(nsIMsgDBHdr * aMsgHdr, PRBool * aAllowForSender)
{
*aWhiteListed = PR_FALSE;
NS_ENSURE_ARG_POINTER(aMsgHdr);
nsresult rv = NS_OK;
nsresult rv;
*aAllowForSender = PR_FALSE;
if (mBlockRemoteImages && mUseRemoteImageWhiteList && !mRemoteImageWhiteListURI.IsEmpty())
{
nsXPIDLCString author;
rv = aMsgHdr->GetAuthor(getter_Copies(author));
NS_ENSURE_SUCCESS(rv, rv);
// extract the e-mail address from the msg hdr
nsXPIDLCString author;
rv = aMsgHdr->GetAuthor(getter_Copies(author));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIRDFService> rdfService = do_GetService("@mozilla.org/rdf/rdf-service;1", &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIMsgHeaderParser> headerParser = do_GetService("@mozilla.org/messenger/headerparser;1", &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsXPIDLCString emailAddress;
rv = headerParser->ExtractHeaderAddressMailboxes(nsnull, author, getter_Copies(emailAddress));
NS_ENSURE_SUCCESS(rv, rv);
// Use the RDF service to walk through the list of local directories
nsCOMPtr<nsIRDFService> rdfService = do_GetService("@mozilla.org/rdf/rdf-service;1", &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr <nsIRDFResource> resource;
rv = rdfService->GetResource(mRemoteImageWhiteListURI, getter_AddRefs(resource));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr <nsIRDFResource> resource;
rv = rdfService->GetResource(NS_LITERAL_CSTRING("moz-abdirectory://"), getter_AddRefs(resource));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr <nsIAbMDBDirectory> addressBook = do_QueryInterface(resource, &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr <nsIAbDirectory> directory = do_QueryInterface(resource, &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIMsgHeaderParser> headerParser = do_GetService("@mozilla.org/messenger/headerparser;1", &rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsISimpleEnumerator> enumerator;
rv = directory->GetChildNodes(getter_AddRefs(enumerator));
NS_ENSURE_SUCCESS(rv, rv);
nsXPIDLCString emailAddress;
rv = headerParser->ExtractHeaderAddressMailboxes(nsnull, author, getter_Copies(emailAddress));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsISupports> supports;
nsCOMPtr<nsIAbMDBDirectory> mdbDirectory;
nsCOMPtr<nsIAbCard> cardForAddress;
PRBool hasMore;
rv = addressBook->HasCardForEmailAddress(emailAddress, aWhiteListed);
while (NS_SUCCEEDED(enumerator->HasMoreElements(&hasMore)) && hasMore && !cardForAddress)
{
rv = enumerator->GetNext(getter_AddRefs(supports));
NS_ENSURE_SUCCESS(rv, rv);
mdbDirectory = do_QueryInterface(supports);
if (mdbDirectory)
mdbDirectory->CardForEmailAddress(emailAddress, getter_AddRefs(cardForAddress));
}
return rv;
// if we found a card from the sender,
if (cardForAddress)
cardForAddress->GetAllowRemoteContent(aAllowForSender);
return NS_OK;
}
/**
@ -360,18 +374,18 @@ nsresult nsMsgContentPolicy::AllowRemoteContentForMsgHdr(nsIMsgDBHdr * aMsgHdr,
IsRSSArticle(aRequestingLocation, &isRSS);
// Case #3, author is in our white list..
PRBool authorInWhiteList = PR_FALSE;
IsSenderInWhiteList(aMsgHdr, &authorInWhiteList);
PRBool allowForSender = PR_FALSE;
AllowRemoteContentForSender(aMsgHdr, &allowForSender);
// Case #4, the domain for the remote image is in our white list
PRBool trustedDomain = IsTrustedDomain(aContentLocation);
*aDecision = (isRSS || remoteContentPolicy == kAllowRemoteContent || authorInWhiteList || trustedDomain)
*aDecision = (isRSS || remoteContentPolicy == kAllowRemoteContent || allowForSender || trustedDomain)
? nsIContentPolicy::ACCEPT : nsIContentPolicy::REJECT_REQUEST;
if (*aDecision == nsIContentPolicy::REJECT_REQUEST && !remoteContentPolicy) // kNoRemoteContentPolicy means we have never set a value on the message
aMsgHdr->SetUint32Property("remoteContentPolicy", kBlockRemoteContent);
return NS_OK; // always return success
}
@ -438,7 +452,6 @@ nsresult nsMsgContentPolicy::ComposeShouldLoad(nsIDocShell * aRootDocShell, nsIU
{
nsresult rv;
PRUint32 remoteContentPolicy = kNoRemoteContentPolicy;
PRBool authorInWhiteList = PR_FALSE;
PRBool trustedDomain = PR_FALSE;
@ -546,10 +559,6 @@ NS_IMETHODIMP nsMsgContentPolicy::Observe(nsISupports *aSubject, const char *aTo
if (pref.Equals(kBlockRemoteImages))
prefBranchInt->GetBoolPref(kBlockRemoteImages, &mBlockRemoteImages);
else if (pref.Equals(kRemoteImagesUseWhiteList))
prefBranchInt->GetBoolPref(kRemoteImagesUseWhiteList, &mUseRemoteImageWhiteList);
else if (pref.Equals(kRemoteImagesWhiteListURI))
prefBranchInt->GetCharPref(kRemoteImagesWhiteListURI, getter_Copies(mRemoteImageWhiteListURI));
}
return NS_OK;

6
mailnews/base/src/nsMsgContentPolicy.h
Просмотреть файл

@ -78,17 +78,15 @@ public:
protected:
PRBool mBlockRemoteImages;
PRBool mUseRemoteImageWhiteList;
nsXPIDLCString mRemoteImageWhiteListURI;
PRBool mAllowPlugins;
nsAdoptingCString mTrustedMailDomains;
PRBool IsTrustedDomain(nsIURI * aContentLocation);
nsresult IsSenderInWhiteList(nsIMsgDBHdr * aMsgHdr, PRBool * aWhiteListed);
nsresult nsMsgContentPolicy::AllowRemoteContentForSender(nsIMsgDBHdr * aMsgHdr, PRBool * aAllowForSender);
nsresult AllowRemoteContentForMsgHdr(nsIMsgDBHdr * aMsgHdr, nsIURI * aRequestingLocation, nsIURI * aContentLocation, PRInt16 *aDecision);
nsresult MailShouldLoad(nsIURI * aRequestingLocation, nsIURI * aContentLocation, PRInt16 * aDecision);
nsresult ComposeShouldLoad(nsIDocShell * aRootDocShell, nsIURI * aContentLocation, PRInt16 * aDecision);
nsresult GetRootDocShellForContext(nsISupports * aRequestingContext, nsIDocShell ** aDocShell);
nsresult GetMessagePaneURI(nsIDocShell * aRootDocShell, nsIURI ** aURI);
};

23
mailnews/mailnews.js
Просмотреть файл

@ -560,6 +560,23 @@ pref("mailnews.html_domains","");
pref("mailnews.plaintext_domains","");
pref("mailnews.global_html_domains.version",1);
/////////////////////////////////////////////////////////////////
// Privacy Controls for Handling Remote Content
/////////////////////////////////////////////////////////////////
pref("mailnews.message_display.allow.plugins", false); // disable plugins by default
pref("mailnews.message_display.disable_remote_image", false);
/////////////////////////////////////////////////////////////////
// Trusted Mail Domains
//
// Specific domains can be white listed to bypass various privacy controls in Thunderbird
// such as blocking remote images, the phishing detector, etc. This is particularly
// useful for business deployments where images or links reference servers inside a
// corporate intranet. For multiple domains, separate them with a comma. i.e.
// pref("mail.trusteddomains", "mozilla.org,mozillafoundation.org");
/////////////////////////////////////////////////////////////////
pref("mail.trusteddomains", "");
pref("mail.imap.use_status_for_biff", true);
pref("mail.quota.mainwindow_threshold.show", 75); // in percent. when the quota meter starts showing up at all. decrease this for it to be more than a warning.
@ -651,12 +668,6 @@ pref("mailnews.customHeaders", "");
pref("mailnews.fakeaccount.show", false);
pref("mailnews.fakeaccount.server", "");
// message display properties
pref("mailnews.message_display.allow.plugins", false);
pref("mailnews.message_display.disable_remote_image", true);
pref("mailnews.message_display.disable_remote_images.useWhitelist", true);
pref("mailnews.message_display.disable_remote_images.whiteListAbURI","moz-abmdbdirectory://abook.mab");
// default msg compose font prefs
pref("msgcompose.font_face", "");
pref("msgcompose.font_size", "medium");