80-alpha

Updater.sh rework 2 (#1000 )
* rework DOWNLOAD_METHOD, download_file, open_file * remove legacy command leftover line * return empty string if download fails and return/exit if this happens and show error message * fix IFS var typo * bump version * add quotes Co-authored-by: TotallyLeGIT <bbkqx24kxlgvgbss@mailban.de>
2025-09-01 01:18:30 +02:00 · 2020-08-28 18:27:20 +00:00 · 2020-08-28 10:51:15 +00:00 · 2020-08-26 11:28:47 +00:00 · 2020-08-25 14:59:41 +00:00 · 2020-08-23 14:37:18 +00:00
3 changed files with 93 additions and 122 deletions
--- a/README.md
+++ b/README.md
@ -1,10 +1,10 @@
 ### ![][b] user.js
 A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page.

-### ![][b] ghacks user.js
-The `ghacks user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
+### ![][b] This user.js
+This `user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).

-Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings.
+Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings.

 Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. 

@ -13,15 +13,11 @@ Also be aware that this `user.js` is made specifically for desktop Firefox. Usin
 Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs)

 ### ![][b] acknowledgments
-Literally thousands of sources, references and suggestions. That said...
+Literally thousands of sources, references and suggestions. Special mention to:

-* Martin Brinkmann at [ghacks](https://www.ghacks.net/) <sup>1</sup>
-* The ghacks community and commentators
 * [12bytes](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
   * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement)

-<sup>1</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.
-
 ### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

 [b]: /wikipiki/bullet01.png
--- a/updater.sh
+++ b/updater.sh
@ -2,7 +2,7 @@

 ## ghacks-user.js updater for macOS and Linux

-## version: 2.6
+## version: 2.7
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac

@ -11,7 +11,7 @@
 readonly CURRDIR=$(pwd)

 sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
-if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi
+[ -z "$sfp" ] && sfp=${BASH_SOURCE[0]}
 readonly SCRIPT_DIR=$(dirname "${sfp}")


@ -42,9 +42,9 @@ ESR=false
 # Download method priority: curl -> wget
 DOWNLOAD_METHOD=''
 if [[ $(command -v 'curl') ]]; then
-  DOWNLOAD_METHOD='curl'
+  DOWNLOAD_METHOD='curl --max-redirs 3 -so'
 elif [[ $(command -v 'wget') ]]; then
-  DOWNLOAD_METHOD='wget'
+  DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O'
 else
  echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}"
  exit 0
@ -52,15 +52,15 @@ fi


 show_banner () {
-  echo -e "${BBLUE}\n"
-  echo '                ############################################################################'
-  echo '                ####                                                                    ####'
-  echo '                ####                           ghacks user.js                           ####'
-  echo '                ####       Hardening the Privacy and Security Settings of Firefox       ####'
-  echo '                ####           Maintained by @Thorin-Oakenpants and @earthlng           ####'
-  echo '                ####            Updater for macOS and Linux by @overdodactyl            ####'
-  echo '                ####                                                                    ####'
-  echo '                ############################################################################'
+  echo -e "${BBLUE}
+                ############################################################################
+                ####                                                                    ####
+                ####                           ghacks user.js                           ####
+                ####       Hardening the Privacy and Security Settings of Firefox       ####
+                ####           Maintained by @Thorin-Oakenpants and @earthlng           ####
+                ####            Updater for macOS and Linux by @overdodactyl            ####
+                ####                                                                    ####
+                ############################################################################"
  echo -e "${NC}\n"
  echo -e "Documentation for this script is available here: ${CYAN}https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts${NC}\n"
 }
@ -70,66 +70,50 @@ show_banner () {
 #########################

 usage() {
-  echo -e "${BLUE}\nUsage: $0 [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-e] [-o OVERRIDE]\n${NC}" 1>&2  # Echo usage string to standard error
-  echo 'Optional Arguments:'
-  echo -e "\t-h,\t\t Show this help message and exit."
-  echo -e "\t-p PROFILE,\t Path to your Firefox profile (if different than the dir of this script)"
-  echo -e "\t\t\t IMPORTANT: if the path include spaces, wrap the entire argument in quotes."
-  echo -e "\t-l, \t\t Choose your Firefox profile from a list"
-  echo -e "\t-u,\t\t Update updater.sh and execute silently.  Do not seek confirmation."
-  echo -e "\t-d,\t\t Do not look for updates to updater.sh."
-  echo -e "\t-s,\t\t Silently update user.js.  Do not seek confirmation."
-  echo -e "\t-b,\t\t Only keep one backup of each file."
-  echo -e "\t-c,\t\t Create a diff file comparing old and new user.js within userjs_diffs. "
-  echo -e "\t-o OVERRIDE,\t Filename or path to overrides file (if different than user-overrides.js)."
-  echo -e "\t\t\t If used with -p, paths should be relative to PROFILE or absolute paths"
-  echo -e "\t\t\t If given a directory, all files inside will be appended recursively."
-  echo -e "\t\t\t You can pass multiple files or directories by passing a comma separated list."
-  echo -e "\t\t\t\t Note: If a directory is given, only files inside ending in the extension .js are appended"
-  echo -e "\t\t\t\t IMPORTANT: do not add spaces between files/paths.  Ex: -o file1.js,file2.js,dir1"
-  echo -e "\t\t\t\t IMPORTANT: if any files/paths include spaces, wrap the entire argument in quotes."
-  echo -e "\t\t\t\t\t Ex: -o \"override folder\" "
-  echo -e "\t-n,\t\t Do not append any overrides, even if user-overrides.js exists."
-  echo -e "\t-v,\t\t Open the resulting user.js file."
-  echo -e "\t-r,\t\t Only download user.js to a temporary file and open it."
-    echo -e "\t-e,\t\t Activate ESR related preferences."
-  echo -e
-  echo 'Deprecated Arguments (they still work for now):'
-  echo -e "\t-donotupdate,\t Use instead -d"
-  echo -e "\t-update,\t Use instead -u"
-  echo -e
+  echo
+  echo -e "${BLUE}Usage: $0 [-bcdehlnrsuv] [-p PROFILE] [-o OVERRIDE]${NC}" 1>&2  # Echo usage string to standard error
+  echo -e "
+Optional Arguments:
+    -h           Show this help message and exit.
+    -p PROFILE   Path to your Firefox profile (if different than the dir of this script)
+                 IMPORTANT: if the path includes spaces, wrap the entire argument in quotes.
+    -l           Choose your Firefox profile from a list
+    -u           Update updater.sh and execute silently.  Do not seek confirmation.
+    -d           Do not look for updates to updater.sh.
+    -s           Silently update user.js.  Do not seek confirmation.
+    -b           Only keep one backup of each file.
+    -c           Create a diff file comparing old and new user.js within userjs_diffs.
+    -o OVERRIDE  Filename or path to overrides file (if different than user-overrides.js).
+                 If used with -p, paths should be relative to PROFILE or absolute paths
+                 If given a directory, all files inside will be appended recursively.
+                 You can pass multiple files or directories by passing a comma separated list.
+                     Note: If a directory is given, only files inside ending in the extension .js are appended
+                     IMPORTANT: do not add spaces between files/paths.  Ex: -o file1.js,file2.js,dir1
+                     IMPORTANT: if any files/paths include spaces, wrap the entire argument in quotes.
+                         Ex: -o \"override folder\"
+    -n           Do not append any overrides, even if user-overrides.js exists.
+    -v           Open the resulting user.js file.
+    -r           Only download user.js to a temporary file and open it.
+    -e           Activate ESR related preferences."
+  echo
  exit 1
 }

-legacy_argument () {
-  echo -e "${ORANGE}\nWarning: command line arguments have changed."
-  echo -e "$1 has been deprecated and may not work in the future.\n"
-  echo -e "Please view the new options using the -h argument.${NC}"
-}
-
 #########################
 #     File Handling     #
 #########################

 # Download files
-download_file () {
-  declare -r url=$1
+download_file () {   # expects URL as argument ($1)
  declare -r tf=$(mktemp)
-  local dlcmd=''

-  if [ $DOWNLOAD_METHOD = 'curl' ]; then
-    dlcmd="curl -o $tf"
-  else
-    dlcmd="wget -O $tf"
-  fi
-
-  $dlcmd "${url}" &>/dev/null && echo "$tf" || echo '' # return the temp-filename (or empty string on error)
+  $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error
 }

 open_file () { #expects one argument: file_path
  if [ "$(uname)" == 'Darwin' ]; then
    open "$1"
-  elif [ "$(expr substr $(uname -s) 1 5)" == "Linux" ]; then
+  elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then
    xdg-open "$1"
  else
    echo -e "${RED}Error: Sorry, opening files is not supported for your OS.${NC}"
@ -204,23 +188,22 @@ get_updater_version () {
 # Update updater.sh
 # Default: Check for update, if available, ask user if they want to execute it
 # Args:
-#   -donotupdate: New version will not be looked for and update will not occur
-#   -update: Check for update, if available, execute without asking
+#   -d: New version will not be looked for and update will not occur
+#   -u: Check for update, if available, execute without asking
 update_updater () {
  if [ $UPDATE = 'no' ]; then
    return 0 # User signified not to check for updates
  fi

-  declare -r tmpfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh')
+  declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh')"
+  [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed

  if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then
    if [ $UPDATE = 'check' ]; then
      echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
      read -p "" -n 1 -r
      echo -e "\n\n"
-      if [[ $REPLY =~ ^[Nn]$ ]]; then
-        return 0 # Update available, but user chooses not to update
-      fi
+      [[ $REPLY =~ ^[Nn]$ ]] && return 0 # Update available, but user chooses not to update
    fi
  else
    return 0 # No update available
@ -238,11 +221,7 @@ update_updater () {

 # Returns version number of a user.js file
 get_userjs_version () {
-  if [ -e $1 ]; then
-    echo "$(sed -n '4p' "$1")"
-  else
-    echo "Not detected."
-  fi
+  [ -e $1 ] && echo "$(sed -n '4p' "$1")" || echo "Not detected."
 }

 add_override () {
@ -252,7 +231,7 @@ add_override () {
    cat "$input" >> user.js
    echo -e "Status: ${GREEN}Override file appended:${NC} ${input}"
  elif [ -d "$input" ]; then
-    FSAVEIFS=$IFS
+    SAVEIFS=$IFS
    IFS=$'\n\b' # Set IFS
    FILES="${input}"/*.js
    for f in $FILES
@ -271,12 +250,13 @@ remove_comments () { # expects 2 arguments: from-file and to-file

 # Applies latest version of user.js and any custom overrides
 update_userjs () {
-  declare -r newfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')
+  declare -r newfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')"
+  [ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed

-  echo 'Please observe the following information:'
-  echo -e "\tFirefox profile:  ${ORANGE}$(pwd)${NC}"
-  echo -e "\tAvailable online: ${ORANGE}$(get_userjs_version $newfile)${NC}"
-  echo -e "\tCurrently using:  ${ORANGE}$(get_userjs_version user.js)\n${NC}\n"
+  echo -e "Please observe the following information:
+    Firefox profile:  ${ORANGE}$(pwd)${NC}
+    Available online: ${ORANGE}$(get_userjs_version $newfile)${NC}
+    Currently using:  ${ORANGE}$(get_userjs_version user.js)${NC}\n\n"

  if [ $CONFIRM = 'yes' ]; then
    echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}"
@ -298,9 +278,7 @@ update_userjs () {
  # backup user.js
  mkdir -p userjs_backups
  local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")"
-  if [ $BACKUP = 'single' ]; then
-    bakname='userjs_backups/user.js.backup'
-  fi
+  [ $BACKUP = 'single' ] && bakname='userjs_backups/user.js.backup'
  cp user.js "$bakname" &>/dev/null

  mv "${newfile}" user.js
@ -336,14 +314,12 @@ update_userjs () {
      echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}"
    else
      echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical.  No diff file was created.${NC}"
-      if [ $BACKUP = 'multiple' ]; then
-        rm $bakname &>/dev/null
-      fi
+      [ $BACKUP = 'multiple' ] && rm $bakname &>/dev/null
    fi
    rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null
  fi

-  if [ "$VIEW" = true ]; then open_file "${PWD}/user.js"; fi
+  [ "$VIEW" = true ] && open_file "${PWD}/user.js"
 }

 #########################
@ -351,16 +327,9 @@ update_userjs () {
 #########################

 if [ $# != 0 ]; then
-  readonly legacy_lc=$(echo $1 | tr '[A-Z]' '[a-z]')
  # Display usage if first argument is -help or --help
  if [ $1 = '--help' ] || [ $1 = '-help' ]; then
    usage
-  elif [ $legacy_lc = '-donotupdate' ]; then
-    UPDATE='no'
-    legacy_argument $1
-  elif [ $legacy_lc = '-update' ]; then
-    UPDATE='yes'
-    legacy_argument $1
  else
    while getopts ":hp:ludsno:bcvre" opt; do
      case $opt in
@ -401,7 +370,8 @@ if [ $# != 0 ]; then
          ESR=true
          ;;
        r)
-          tfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')
+          tfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')"
+          [ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed
          mv $tfile "${tfile}.js"
          echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}"
          open_file "${tfile}.js"
--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 * name: ghacks user.js
-* date: 13 Aug 2020
-* version 79
+* date: 28 Aug 2020
+* version 80-beta
 * url: https://github.com/ghacksuserjs/ghacks-user.js
 * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt

@ -116,7 +116,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false);
 * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
 * [1] https://abouthome-snippets-service.readthedocs.io/ ***/
 user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
-user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "");
+user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{}");
 /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/
 user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
 user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
@ -370,7 +370,7 @@ user_pref("network.prefetch-next", false);
 /* 0602: disable DNS prefetching
 * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/
 user_pref("network.dns.disablePrefetch", true);
-user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true FF70+]
+user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR68 or lower] [DEFAULT: true FF70+]
 /* 0603: disable predictor / prefetching ***/
 user_pref("network.predictor.enabled", false);
 user_pref("network.predictor.enable-prefetch", false); // [FF48+]
@ -529,20 +529,21 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!");
 * [NOTE] This does not clear any passwords already saved
 * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/
   // user_pref("signon.rememberSignons", false);
-/* 0902: use a master password
+/* 0902: use a primary password
 * There are no preferences for this. It is all handled internally.
- * [SETTING] Privacy & Security>Logins and Passwords>Use a master password
+ * [SETTING] Privacy & Security>Logins and Passwords>Use a Primary Password
 * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/
-/* 0903: set how often Firefox should ask for the master password
+/* 0903: set how often Firefox should ask for the primary password
 * 0=the first time (default), 1=every time it's needed, 2=every n minutes (see 0904) ***/
 user_pref("security.ask_for_password", 2);
-/* 0904: set how often in minutes Firefox should ask for the master password (see 0903)
+/* 0904: set how often in minutes Firefox should ask for the primary password (see 0903)
 * in minutes, default is 30 ***/
 user_pref("security.password_lifetime", 5);
 /* 0905: disable auto-filling username & password form fields
 * can leak in cross-site forms *and* be spoofed
 * [NOTE] Username & password is still available when you enter the field
- * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords ***/
+ * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords
+ * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ ***/
 user_pref("signon.autofillForms", false);
 /* 0909: disable formless login capture for Password Manager [FF51+] ***/
 user_pref("signon.formlessCapture.enabled", false);
@ -733,11 +734,13 @@ user_pref("security.mixed_content.block_display_content", true);
 /* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+]
 * [1] https://bugzilla.mozilla.org/1190623 ***/
 user_pref("security.mixed_content.block_object_subrequest", true);
-/* 1244: enable https-only-mode [FF76+]
- * [NOTE] This is experimental
- * [SETTING] Privacy & Security>HTTPS-Only Mode (FF81+)
- * [1] https://bugzilla.mozilla.org/1613063 */
+/* 1244: enable HTTPS-Only mode [FF76+]
+ * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored
+ * [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+)
+ * [SETTING] Privacy & Security>HTTPS-Only Mode (FF80+ with browser.preferences.exposeHTTPSOnly = true)
+ * [1] https://bugzilla.mozilla.org/1613063 ***/
   // user_pref("dom.security.https_only_mode", true); // [FF76+]
+   // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
   // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+]

 /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro]
@ -807,7 +810,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false);
 user_pref("gfx.font_rendering.graphite.enabled", false);
 /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART]
 * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed
- * [NOTE] RFP in FF80+ restricts the whitelist to bundled and "Base Fonts" (see 4618)
+ * [NOTE] in FF80 RFP restricts the whitelist to bundled and "Base Fonts"
+ * ...and in FF81+ the whitelist **overrides** RFP's font visibility (see 4618)
 * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy.
 * Eventually privacy.resistFingerprinting (see 4500) will cover this
 * [1] https://bugzilla.mozilla.org/1121643 ***/
@ -954,16 +958,6 @@ user_pref("media.autoplay.blocking_policy", 2);

 /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/
 user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!");
-/* 2201: prevent websites from disabling new window features ***/
-user_pref("dom.disable_window_open_feature.close", true);
-user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true]
-user_pref("dom.disable_window_open_feature.menubar", true);
-user_pref("dom.disable_window_open_feature.minimizable", true);
-user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar
-user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true]
-user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true]
-user_pref("dom.disable_window_open_feature.titlebar", true);
-user_pref("dom.disable_window_open_feature.toolbar", true);
 /* 2202: prevent scripts from moving and resizing open windows ***/
 user_pref("dom.disable_window_move_resize", true);
 /* 2203: open links targeting new windows in a new tab instead
@ -1768,6 +1762,17 @@ user_pref("webgl.disable-extensions", true);
   // [2] https://trac.torproject.org/projects/tor/ticket/16931
   // [-] https://bugzilla.mozilla.org/1618188
 user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");
+// 2201: prevent websites from disabling new window features
+   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507375,1660524
+user_pref("dom.disable_window_open_feature.close", true);
+user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true]
+user_pref("dom.disable_window_open_feature.menubar", true);
+user_pref("dom.disable_window_open_feature.minimizable", true);
+user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar
+user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true]
+user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true]
+user_pref("dom.disable_window_open_feature.titlebar", true);
+user_pref("dom.disable_window_open_feature.toolbar", true);
 // * * * /
 // FF77
 // 0850e: disable location bar one-off searches [FF51+]
Author	SHA1	Message	Date
Thorin-Oakenpants	5fd7f6de7e	80-alpha	2020-08-28 18:27:20 +00:00
h88e22dgpeps56sg	592b959c24	Updater.sh rework 2 (#1000 ) * rework DOWNLOAD_METHOD, download_file, open_file * remove legacy command leftover line * return empty string if download fails and return/exit if this happens and show error message * fix IFS var typo * bump version * add quotes Co-authored-by: TotallyLeGIT <bbkqx24kxlgvgbss@mailban.de>	2020-08-28 10:51:15 +00:00
Thorin-Oakenpants	c6f53c8768	2201 deprecated (dead prefs removed in 82), #979 (#1002 )	2020-08-26 11:28:47 +00:00
Thorin-Oakenpants	38d772e4c8	https-only mode updates (#1001 )	2020-08-25 14:59:41 +00:00
Thorin-Oakenpants	cfce521919	1409: RFP changes in FF81+ (#998 )	2020-08-23 14:37:18 +00:00
Thorin-Oakenpants	a5ab3e23d6	Update README.md	2020-08-22 22:16:27 +00:00
h88e22dgpeps56sg	b3eee6c9fd	improve readability, remove lots of unnecessary echo commands, remove legacy arguments (#997 ) Co-authored-by: TotallyLeGIT <bbkqx24kxlgvgbss@mailban.de>	2020-08-22 12:07:13 +00:00
Thorin-Oakenpants	8d6d17d46b	1244: HTTPS-only mode: FF80+ site exceptions The option is not shown if https-only-mode is not being applied. I tested with `http://asmjs.org/` since it doesn't redirect/upgrade to secure.	2020-08-21 21:05:08 +00:00
Thorin-Oakenpants	9a37e1340c	0905: add reference, #982	2020-08-20 17:18:22 +00:00
Thorin-Oakenpants	f1e0203ef4	0105b, cleaner value, see #992	2020-08-15 01:56:01 +00:00
Thorin-Oakenpants	726d5bde30	0105b: stop console error, closes #992	2020-08-14 14:12:28 +00:00
Thorin-Oakenpants	f9f0fffd27	Update README.md	2020-08-14 09:01:14 +00:00
Thorin-Oakenpants	93840ca181	0602 not hidden in ESR78	2020-08-13 15:37:25 +00:00
Thorin-Oakenpants	99aa5af356	password master->primary	2020-08-13 15:34:26 +00:00
Thorin-Oakenpants	0358fdac8b	80-alpha	2020-08-13 15:32:45 +00:00