Security of pgp block

git-svn-id: http://svn.getfiregpg.org/firegpg@561 1e1cc2a3-b62a-0410-bc93-fb3b3b0a0737
firegpg · Jul 4, 2009 · e1c72f5 · e1c72f5
1 parent ce71dab
commit e1c72f5
Show file tree

Hide file tree

Showing 66 changed files with 332 additions and 237 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -6,6 +6,8 @@
     * FS#317
     * Old api disabled
     * FS#318
+    * Improved inline size
+    * !FS#313
 
 2009-06-21 Maximilien Cuony
     * 0.7.6 released !

diff --git a/api_client/test.html b/api_client/test.html
@@ -88,10 +88,7 @@
 				else
 					error_message("La AKF n'a pas été retournée par FireGPG :(");
 			}
-akf = fireGPGRegister();
-alert(akf);
-akf = fireGPGRegister();
-alert(akf);
+
 			/*
 			 * On signe un texte, pour voir si cela marche ;-)
 			 */

diff --git a/content/Core/firefoxOverlay.xul b/content/Core/firefoxOverlay.xul
@@ -175,10 +175,13 @@
   <!-- end gpgAuth status window -->
 
     <statusbar id="status-bar">
-        <statusbarpanel id="firegpg-statusbar-update"  onclick="firegpg.onMenuItemCommand(null,'UPDATE');" style="display: none;">
+
+        <statusbarpanel id="firegpg-statusbar">
             <img src="chrome://firegpg/skin/firegpg.png" class="statusbarpanel-iconic"/>
-            <label value="An update of FireGPG is available" />
+            <label value="An update of FireGPG is available"   id="firegpg-statusbar-update"  onclick="firegpg.onMenuItemCommand(null,'UPDATE');" style="display: none;"/>
+            <label value=""   id="firegpg-statusbar-trusted-content"  style="display: none;"/>
         </statusbarpanel>
+
         <!-- gpgAuth statusbar button -->
 		    <statusbarpanel id="gpgauth-statusbar-button"
 			    class="statusbarpanel-iconic"

diff --git a/content/Core/inline.js b/content/Core/inline.js
@@ -218,8 +218,13 @@ FireGPGInline.HandleBlock = function(document, range, blockType) {
                 else
                     width = 50;
 
-                self.style.width = cwidth + "px";
-                self.style.height = content.body.scrollHeight + "px";
+                 if (content.body.scrollHeight > 50)
+                    height = content.body.scrollHeight;
+                else
+                    height = 50;
+
+                self.style.width = width + "px";
+                self.style.height = height + "px";
 		    } else {
 			// Wait 100ms and try again:
                 self.try += 1;
@@ -231,6 +236,10 @@ FireGPGInline.HandleBlock = function(document, range, blockType) {
         frame.try = 0;
 		frame.resize(frame, block);
 
+        frame.contentDocument.addEventListener("mouseover", FireGPGInline.mouseOverTrusted, false);
+        frame.contentDocument.addEventListener("mouseout", FireGPGInline.mouseOutTrusted, false);
+        frame.contentDocument.getElementById('trusted-confirm').title = FireGPGInline.i18n.getString("trusted-block") ;
+
 	}, false);
 };
 
@@ -515,3 +524,34 @@ FireGPGInline.initSystem = function() {
 
     FireGPGInline.i18n = document.getElementById("firegpg-strings");
 };
+
+FireGPGInline.mouseOverTrusted = function(aEvent) {
+
+    if (!document.getElementById('firegpg-statusbar-trusted-content'))
+        return;
+
+    var randId = '';
+
+    validchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+
+    for (var i = 0; i < 4; i++)
+        randId += validchars.charAt( Math.floor( Math.random() * validchars.length ) );
+
+    aEvent.target.ownerDocument.getElementById('trusted-confirm').innerHTML = randId;
+
+    document.getElementById('firegpg-statusbar-trusted-content').value = randId;
+    document.getElementById('firegpg-statusbar-trusted-content').style.display = '';
+
+}
+
+FireGPGInline.mouseOutTrusted = function(aEvent) {
+
+
+    if (!document.getElementById('firegpg-statusbar-trusted-content'))
+        return;
+
+    aEvent.target.ownerDocument.getElementById('trusted-confirm').innerHTML = '';
+
+    document.getElementById('firegpg-statusbar-trusted-content').style.display = 'none';
+
+}
diff --git a/content/Core/misc.js b/content/Core/misc.js
@@ -55,7 +55,7 @@ const FIREGPG_VERSION_A = '076';
 
 /* Constant: FIREGPG_STATUS
   The status of the FireGPG's code. Can be _DEVEL_ or _RELASE_. Use _RELASE_ only for.. relases ;). */
-const FIREGPG_STATUS = 'RELASE';
+const FIREGPG_STATUS = 'DEVEL';
 
 /* Constant: FIREGPG_SVN
   The current subversion's revision number, for this file ! */

diff --git a/locale/ar/firegpg.properties b/locale/ar/firegpg.properties
@@ -159,3 +159,4 @@ wrongSignature2=Wrong signature
 keyNotFound=Key not found
 noPublicKey=FireGPG cannot verify this email because you do not have the senders public key.
 switchdirection=Switch direction
+trusted-block=If this number is in your status bar, it\'s a real FireGPG block
diff --git a/locale/ar/prefwindow.dtd b/locale/ar/prefwindow.dtd
@@ -19,12 +19,7 @@
 <!ENTITY gmail-buton-crypt-checkbox "عمِّ">
 <!ENTITY gmail-buton-cryptsend-checkbox "عمِّ ثم أرسل">
 <!ENTITY allvays-to-myself-checkbox "دوما عمِّ لنفسي.">
-<!ENTITY enable-gpgauth-check.label "فعّل gpgAuth">
 <!ENTITY enable-gpgauth-check.accesskey "ع">
-<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
-<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
-<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
-<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
 <!ENTITY global-allow-keyring-pref.label "دائما ظهّر الرسائل من الخواديم المستوثَقة.">
 <!ENTITY global-allow-keyring-check.label "دوما ظهّر الرسائل من الخواديم المستوثَقة">
 <!ENTITY global-allow-keyring-check.accesskey "ث">
@@ -53,10 +48,10 @@
 <!ENTITY gmail-disable-autosave-checkbox "Disable autosave feature">
 <!ENTITY gmail-buton-csign-checkbox "Clearsign">
 <!ENTITY gmail-buton-csignsend-checkbox "Clearsign and send">
-<!ENTITY hide-fireftp-message "Don't show message about old IPC library installed.">
-<!ENTITY use-fireftp-workaround "Try to access to IPC with the old api.">
+<!ENTITY hide-fireftp-message "Don\'t show message about old IPC library installed">
+<!ENTITY use-fireftp-workaround "Try to access to IPC with the old API">
 <!ENTITY keyserver-message "Keyserver">
-<!ENTITY symmetric-algo "Algorithm used for symmetric encryption. Leave blank for default. Use 'gpg --version' to have the list of usable algorithms, in most of case you have this choices:">
+<!ENTITY symmetric-algo "Algorithm used for symmetric encryption. Leave blank for default. Use \'gpg --version\' to have the list of usable algorithms. In most cases, you should have these choices:">
 <!ENTITY gmail-new-interface "New Gmail interface">
 <!ENTITY gmail-select-by-default-label "Selected by default :">
 <!ENTITY gmail-buton-inline-checkbox "Inline">
@@ -67,7 +62,7 @@
 <!ENTITY gmail-smtp-host "Host (smtp.gmail.com) : ">
 <!ENTITY gmail-smtp-port "Port (465) :">
 <!ENTITY gmail-smtp-use-ssl-checkbox "Use SSL :">
-<!ENTITY gmail-disable-sign-detection "Disable reply detection for inline sign (and encryption) (always use the whole mail)">
+<!ENTITY gmail-disable-sign-detection "Disable reply detection for inline sign and encryption(always use the whole mail)">
 <!ENTITY gmail-disable-auto-decryption "Old behavior for decryption">
 <!ENTITY gmail-force-from "Force from value :">
 <!ENTITY gpg-special-path-values "Use {$FxFolder} to have the Firefox's folder and {$SPACE} to have a space inside an argument">
@@ -82,4 +77,9 @@
 <!ENTITY gmail-smtp-no-auth-checkbox "Disable SMTP authentification">
 <!ENTITY dont_ask_to_download_key "Don't try to download missing keys">
 <!ENTITY keyserverproxy-message "Proxy to use for HTTP and HKP keyservers: ">
-<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail use this value to create mails): ">
+<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail support uses this value to create mail.): ">
+<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
+<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
+<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
+<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
+<!ENTITY enable-gpgauth-check.label "Enable gpgAuth">
diff --git a/locale/ca/firegpg.properties b/locale/ca/firegpg.properties
@@ -159,3 +159,4 @@ wrongSignature2=Signatura dolenta
 keyNotFound=No es troba la clau
 noPublicKey=El FireGPG no pot verificar aquest email perquè no tens la clau publica de qui l'envia.
 switchdirection=Canvia la direcció
+trusted-block=If this number is in your status bar, it\'s a real FireGPG block
diff --git a/locale/ca/prefwindow.dtd b/locale/ca/prefwindow.dtd
@@ -19,12 +19,7 @@
 <!ENTITY gmail-buton-crypt-checkbox "Encripta">
 <!ENTITY gmail-buton-cryptsend-checkbox "Encripta i Envia">
 <!ENTITY allvays-to-myself-checkbox "Encripta sempre a mi mateix.">
-<!ENTITY enable-gpgauth-check.label "Activar gpgAuth">
 <!ENTITY enable-gpgauth-check.accesskey "E">
-<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
-<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
-<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
-<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
 <!ENTITY global-allow-keyring-pref.label "Desencripta sempre els missatges de Servidors Autenticats">
 <!ENTITY global-allow-keyring-check.label "Desencripta sempre missatges de Servidors Autenticats">
 <!ENTITY global-allow-keyring-check.accesskey "A">
@@ -83,3 +78,8 @@
 <!ENTITY dont_ask_to_download_key "No provis de descarregar claus perdudes">
 <!ENTITY keyserverproxy-message "Proxy a utilitzar pels servidors de claus HTTP i HKP:">
 <!ENTITY digest-message "Resum (el hash utilitzat per signar) (SHA256, SHA512, etc.) (Gmail utilitza aquest valor per crear correus): ">
+<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
+<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
+<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
+<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
+<!ENTITY enable-gpgauth-check.label "Enable gpgAuth">
diff --git a/locale/cs/firegpg.properties b/locale/cs/firegpg.properties
@@ -159,3 +159,4 @@ wrongSignature2=Špatný podpis
 keyNotFound=Klíč nenalezen
 noPublicKey=FireGPG nemůže ověřit tento email, protože nemáte odesilatelův veřejný klíč.
 switchdirection=Switch direction
+trusted-block=If this number is in your status bar, it\'s a real FireGPG block
diff --git a/locale/cs/prefwindow.dtd b/locale/cs/prefwindow.dtd
@@ -19,12 +19,7 @@
 <!ENTITY gmail-buton-crypt-checkbox "Zašifrovat">
 <!ENTITY gmail-buton-cryptsend-checkbox "Zašifrovat a odeslat">
 <!ENTITY allvays-to-myself-checkbox "Vždy zašifrovat sám sobě">
-<!ENTITY enable-gpgauth-check.label "Zapnout gpgAuth">
 <!ENTITY enable-gpgauth-check.accesskey "E">
-<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
-<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
-<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
-<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
 <!ENTITY global-allow-keyring-pref.label "Vždy dešifrovat zprávy od Ověřených serverů">
 <!ENTITY global-allow-keyring-check.label "Vždy dešifrovat zprávy od Ověřených serverů">
 <!ENTITY global-allow-keyring-check.accesskey "A">
@@ -82,4 +77,9 @@
 <!ENTITY gmail-smtp-no-auth-checkbox "Disable SMTP authentification">
 <!ENTITY dont_ask_to_download_key "Don't try to download missing keys">
 <!ENTITY keyserverproxy-message "Proxy to use for HTTP and HKP keyservers: ">
-<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail use this value to create mails): ">
+<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail support uses this value to create mail.): ">
+<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
+<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
+<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
+<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
+<!ENTITY enable-gpgauth-check.label "Enable gpgAuth">
diff --git a/locale/da/firegpg.properties b/locale/da/firegpg.properties
@@ -159,3 +159,4 @@ wrongSignature2=Forkert underskrift
 keyNotFound=Nøgle blev ikke fundet
 noPublicKey=FireGPG kan ikke kontroller denne e-post, fordi du ikke har den offentlige nøgle fra afsender.
 switchdirection=Skift retning
+trusted-block=If this number is in your status bar, it\'s a real FireGPG block
diff --git a/locale/da/prefwindow.dtd b/locale/da/prefwindow.dtd
@@ -19,12 +19,7 @@
 <!ENTITY gmail-buton-crypt-checkbox "Kryptér">
 <!ENTITY gmail-buton-cryptsend-checkbox "Kryptér og send">
 <!ENTITY allvays-to-myself-checkbox "Kryptér altid til mig selv">
-<!ENTITY enable-gpgauth-check.label "Slå gpgAuth til">
 <!ENTITY enable-gpgauth-check.accesskey "E">
-<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
-<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
-<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
-<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
 <!ENTITY global-allow-keyring-pref.label "Altid dekryptér beskeder fra godkendte servere">
 <!ENTITY global-allow-keyring-check.label "Altid dekryptér beskeder fra godkendte servere">
 <!ENTITY global-allow-keyring-check.accesskey "A">
@@ -83,3 +78,8 @@
 <!ENTITY dont_ask_to_download_key "Undlad at hente manglende nøgler">
 <!ENTITY keyserverproxy-message "Proxy til brug for HTTP og HKP-nøgleservere:">
 <!ENTITY digest-message "Digest (Hash brugt til underskrift) (SHA256, SHA512, etc.) (Gmail bruger denne værdi til at oprette e-poster): ">
+<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
+<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
+<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
+<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
+<!ENTITY enable-gpgauth-check.label "Enable gpgAuth">
diff --git a/locale/de/firegpg.properties b/locale/de/firegpg.properties
@@ -159,3 +159,4 @@ wrongSignature2=Falsche Unterschrift
 keyNotFound=Schlüssel nicht gefunden
 noPublicKey=FireGPG kann diese E-Mail nicht verifizieren, weil Sie den öffentlichen Schlüssel des Absenders nicht haben. 
 switchdirection=Switch direction
+trusted-block=If this number is in your status bar, it\'s a real FireGPG block
diff --git a/locale/de/prefwindow.dtd b/locale/de/prefwindow.dtd
@@ -19,12 +19,7 @@
 <!ENTITY gmail-buton-crypt-checkbox "Verschlüsseln">
 <!ENTITY gmail-buton-cryptsend-checkbox "Verschlüsseln und Versenden">
 <!ENTITY allvays-to-myself-checkbox "Auch auf meinen Namen verschlüsseln">
-<!ENTITY enable-gpgauth-check.label "gpgAuth aktivieren">
 <!ENTITY enable-gpgauth-check.accesskey "E">
-<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
-<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
-<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
-<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
 <!ENTITY global-allow-keyring-pref.label "Nachrichten von authentifizierten Servern immer entschlüsseln">
 <!ENTITY global-allow-keyring-check.label "Nachrichten von authentifizierten Servern immer entschlüsseln">
 <!ENTITY global-allow-keyring-check.accesskey "A">
@@ -82,4 +77,9 @@
 <!ENTITY gmail-smtp-no-auth-checkbox "Disable SMTP authentification">
 <!ENTITY dont_ask_to_download_key "Don't try to download missing keys">
 <!ENTITY keyserverproxy-message "Proxy to use for HTTP and HKP keyservers: ">
-<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail use this value to create mails): ">
+<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail support uses this value to create mail.): ">
+<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
+<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
+<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
+<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
+<!ENTITY enable-gpgauth-check.label "Enable gpgAuth">
diff --git a/locale/el/firegpg.properties b/locale/el/firegpg.properties
@@ -159,3 +159,4 @@ wrongSignature2=Wrong signature
 keyNotFound=Key not found
 noPublicKey=FireGPG cannot verify this email because you do not have the senders public key.
 switchdirection=Switch direction
+trusted-block=If this number is in your status bar, it\'s a real FireGPG block
diff --git a/locale/el/prefwindow.dtd b/locale/el/prefwindow.dtd
@@ -19,12 +19,7 @@
 <!ENTITY gmail-buton-crypt-checkbox "Κρυπτογράφηση">
 <!ENTITY gmail-buton-cryptsend-checkbox "Κρυπτογράφηση και Αποστολή">
 <!ENTITY allvays-to-myself-checkbox "Να κρυπτογραφείται πάντοτε το περιεχόμενο που αποστέλλεται στον εαυτό μου.">
-<!ENTITY enable-gpgauth-check.label "Ενεργοποίηση gpgAuth">
 <!ENTITY enable-gpgauth-check.accesskey "E">
-<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
-<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
-<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
-<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
 <!ENTITY global-allow-keyring-pref.label "Να γίνεται πάντοτε αποκρυπτογράφηση μηνυμάτων από ταυτοποιημένους εξυπηρετητές ">
 <!ENTITY global-allow-keyring-check.label "Να γίνεται πάντοτε αποκρυπτογράφηση μηνυμάτων από ταυτοποιημένους εξυπηρετητές ">
 <!ENTITY global-allow-keyring-check.accesskey "A">
@@ -67,7 +62,7 @@
 <!ENTITY gmail-smtp-host "Host (smtp.gmail.com) : ">
 <!ENTITY gmail-smtp-port "Port (465) :">
 <!ENTITY gmail-smtp-use-ssl-checkbox "Χρήση SSL:">
-<!ENTITY gmail-disable-sign-detection "Disable reply detection for inline sign (and encryption) (always use the whole mail)">
+<!ENTITY gmail-disable-sign-detection "Disable reply detection for inline sign and encryption(always use the whole mail)">
 <!ENTITY gmail-disable-auto-decryption "Old behavior for decryption">
 <!ENTITY gmail-force-from "Εξαναγκασμός από τιμή:">
 <!ENTITY gpg-special-path-values "Use {$FxFolder} to have the Firefox's folder and {$SPACE} to have a space inside an argument">
@@ -82,4 +77,9 @@
 <!ENTITY gmail-smtp-no-auth-checkbox "Disable SMTP authentification">
 <!ENTITY dont_ask_to_download_key "Don't try to download missing keys">
 <!ENTITY keyserverproxy-message "Proxy to use for HTTP and HKP keyservers: ">
-<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail use this value to create mails): ">
+<!ENTITY digest-message "Digest (Hash used to sign) (SHA256, SHA512, etc.) (Gmail support uses this value to create mail.): ">
+<!ENTITY enable-gpgauth-statusbar-check.label "Enable the gpgAuth statusbar icon">
+<!ENTITY enable-gpgauth-statusbar-check.accesskey "S">
+<!ENTITY enable-gpgauth-statuswindow-check.label "Auto-show the status window when using gpgAuth">
+<!ENTITY enable-gpgauth-statuswindow-check.accesskey "W">
+<!ENTITY enable-gpgauth-check.label "Enable gpgAuth">
diff --git a/locale/en-US/firegpg.properties b/locale/en-US/firegpg.properties
@@ -159,3 +159,4 @@ wrongSignature2=Wrong signature
 keyNotFound=Key not found
 noPublicKey=FireGPG cannot verify this email because you do not have the senders public key.
 switchdirection=Switch direction
+trusted-block=If this number is in your status bar, it\'s a real FireGPG block