notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-29 08:02:12 +05:30
Code Issues Releases Wiki Activity

expand PDF, enable privacy.antitracking.isolateContentScriptResources

Browse Source
This commit is contained in:
yokoffing
2025-11-07 12:21:39 -05:00
committed by GitHub
parent 3f1866ab60
commit aa57fb2599
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Securefox.js
+15 -2
View File
@@ -322,7 +322,7 @@ user_pref("security.OCSP.enabled", 0);
//user_pref("browser.contentanalysis.default_result", 0; // [FF127+] [DEFAULT] //user_pref("browser.contentanalysis.default_result", 0; // [FF127+] [DEFAULT]
// PREF: disable referrer and storage access for resources injected by content scripts [FF139+] // PREF: disable referrer and storage access for resources injected by content scripts [FF139+]
//user_pref("privacy.antitracking.isolateContentScriptResources", true); user_pref("privacy.antitracking.isolateContentScriptResources", true);
// PREF: disable CSP Level 2 Reporting [FF140+] // PREF: disable CSP Level 2 Reporting [FF140+]
// [1] https://github.com/yokoffing/Betterfox/issues/415 // [1] https://github.com/yokoffing/Betterfox/issues/415
@@ -1189,7 +1189,20 @@ user_pref("privacy.userContext.ui.enabled", true);
// PREF: do not allow PDFs to load javascript // PREF: do not allow PDFs to load javascript
// [1] https://www.reddit.com/r/uBlockOrigin/comments/mulc86/firefox_88_now_supports_javascript_in_pdf_files/ // [1] https://www.reddit.com/r/uBlockOrigin/comments/mulc86/firefox_88_now_supports_javascript_in_pdf_files/
user_pref("pdfjs.enableScripting", false);
// PREF: enforce PDFJS, disable PDFJS scripting
// This setting controls if the option "Display in Firefox" is available in the setting below
// and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With").
// [WHY] pdfjs is lightweight, open source, and secure: the last exploit was June 2015 [1].
// It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
// It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
// [NOTE] JS can still force a pdf to open in-browser by bundling its own code.
// [SETUP-CHROME] You may prefer a different pdf reader for security/workflow reasons.
// [SETTING] General>Applications>Portable Document Format (PDF)
// [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox
// [2] https://www.reddit.com/r/uBlockOrigin/comments/mulc86/firefox_88_now_supports_javascript_in_pdf_files/
//user_pref("pdfjs.disabled", false); // [DEFAULT: false]
user_pref("pdfjs.enableScripting", false); // [FF86+]
/****************************************************************************** /******************************************************************************
* SECTION: SAFE BROWSING (SB) * * SECTION: SAFE BROWSING (SB) *