Ensure that when the extension is updated, older rulesets are cleared… #17551
Conversation
In general:
- There should be a space between a keyword and a parenthesis, such as:
if (true) { }
for (;;) { }| rulesets_obj.addFromJson(channel_result.json.rulesets, channel_result.scope); | ||
| let replaces = false; | ||
| for(let channel_result of channel_results) { | ||
| if(channel_result.replaces == true) { |
Use ===, else it will match any trueish value, e.g. [] or {}.
| for(let channel_result of channel_results) { | ||
| rulesets_obj.addFromJson(channel_result.json.rulesets, channel_result.scope); | ||
| let replaces = false; | ||
| for(let channel_result of channel_results) { |
const?
| async function initialize(store_param, cb) { | ||
| store = store_param; | ||
| background_callback = cb; | ||
|
|
||
| await loadUpdateChannelsKeys(); | ||
|
|
||
| if (await store.local.get_promise('extensionTimestamp', 0) != extension_timestamp) { |
!== should be used to avoid edge cases with values that are loosely equal (e.g. 0 and empty string or false).
| @@ -271,12 +284,33 @@ function destroyTimer() { | |||
| } | |||
| } | |||
|
|
|||
| function clear_replacement_update_channels() { | |||
| let keys = []; | |||
| for (let update_channel of combined_update_channels) { | |||
const?
| rulesets_obj.addFromJson(channel_result.json.rulesets, channel_result.scope); | ||
| let replaces = false; | ||
| for(let channel_result of channel_results) { | ||
| if(channel_result.replaces == true) { |
Is it safe to assume channel_result.replaces == true implies the content of channel_result.json.rulesets originates from EFF? My understanding is that if an evil update_channel crafted the response such that channel_result.replaces is true, the bundled rules from EFF might never apply.
That is the assumption - there is no way in the update channels UX to add an update channel that has the replacement flag set to true, and I don't plan on exposing that to the UX either. This means that adding an update channel will not result in your default rulesets being overwritten.
I see your point and I believe this is a reasonable assumption. (though I guess this should be explicitly documented somewhere, possibly in this or later PR).
… from storage and not re-downloaded on next check.
In https://trac.torproject.org/projects/tor/ticket/29454 there's a discussion about how Tor Browser users are often getting older versions of rulesets.
Currently, if any rulesets have been successfully downloaded and verified from the update channels (https://www.https-rulesets.org/ for instance) , this will overwrite the extension built-in rulesets.
Polling of the update channels occurs every 24 hours, or on browser startup if it's been longer than 24 hours since the last poll.
In Tor Browser this is a problem, since the tor circuit hasn't been established at browser startup, when the poll request is made. It fails, and the rulesets aren't updated.
For some Tor Browser users, they've successfully downloaded rulesets once, but subsequently they've gotten fails for the above reason. This means they're stuck on an old version of the rulesets, even after the extension itself is updated and they have newer rules available within the extension.
This PR does a few things:
The text was updated successfully, but these errors were encountered: