Only allow whitelisted protocols to load in tor tabs

fix #14664

Author: diracdeltas

app/extensions/brave/locales/en-US/app.properties

@@ -237,8 +237,8 @@ streetAddress=Street Address
 submit=Submit
 tabsSuggestionTitle=Tabs
 topSiteSuggestionTitle=Top Site
-torrentBlockedInTor=For your privacy, torrents are blocked in private tabs when Tor is enabled.
-torrentWarningOk=Ok
+urlBlockedInTor=For your privacy, Brave blocks this URL from loading in a private tab when Tor is enabled.
+urlWarningOk=Ok
 torConnectionError=Unable to connect to the Tor network
 torConnectionErrorInfo=Brave could not make a connection to the Tor network. Disable Tor to continue private browsing without Tor protection.
 torConnectionErrorDisable=Disable Tor

app/filtering.js

@@ -29,7 +29,7 @@ const ipcMain = electron.ipcMain
 const app = electron.app
 const path = require('path')
 const getOrigin = require('../js/lib/urlutil').getOrigin
-const {isTorrentFile, isMagnetURL} = require('./browser/webtorrent')
+const {isTorrentFile} = require('./browser/webtorrent')
 const {adBlockResourceName} = require('./adBlock')
 const {updateElectronDownloadItem} = require('./browser/electronDownloadItem')
 const {fullscreenOption} = require('./common/constants/settingsEnums')
@@ -103,6 +103,13 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => {
   headersReceivedFilteringFns.push(filteringFn)
 }
 
+// Protocols which are safe to load in tor tabs
+const whitelistedTorProtocols = ['http:', 'https:', 'chrome-extension:', 'chrome-devtools:']
+if (process.env.NODE_ENV === 'development') {
+  // Needed for connection to webpack local server
+  whitelistedTorProtocols.push('ws:')
+}
+
 /**
  * Register for notifications for webRequest.onBeforeRequest for a particular
  * session.
@@ -111,6 +118,20 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => {
 function registerForBeforeRequest (session, partition) {
   const isPrivate = module.exports.isPrivate(partition)
   session.webRequest.onBeforeRequest((details, muonCb) => {
+    if (partition === appConfig.tor.partition) {
+      if (!details.url) {
+        muonCb({ cancel: true })
+        return
+      }
+      // To minimize leakage risk, only allow whitelisted protocols in Tor
+      // sessions
+      const protocol = urlParse(details.url).protocol
+      if (!whitelistedTorProtocols.includes(protocol)) {
+        onBlockedInTor(details, muonCb)
+        return
+      }
+    }
+
     if (process.env.NODE_ENV === 'development') {
       let page = appUrlUtil.getGenDir(details.url)
       if (page) {
@@ -136,11 +157,6 @@ function registerForBeforeRequest (session, partition) {
       return
     }
 
-    if ((isMagnetURL(details)) && partition === appConfig.tor.partition) {
-      showTorrentBlockedInTorWarning(details, muonCb)
-      return
-    }
-
     const firstPartyUrl = module.exports.getMainFrameUrl(details)
     // this can happen if the tab is closed and the webContents is no longer available
     if (!firstPartyUrl) {
@@ -377,13 +393,13 @@ function registerForBeforeSendHeaders (session, partition) {
   })
 }
 
-function showTorrentBlockedInTorWarning (details, muonCb) {
+function onBlockedInTor (details, muonCb) {
   const cb = () => muonCb({cancel: true})
-  if (details.tabId) {
+  if (details.tabId && details.resourceType === 'mainFrame') {
     tabMessageBox.show(details.tabId, {
-      message: `${locale.translation('torrentBlockedInTor')}`,
+      message: `${locale.translation('urlBlockedInTor')}`,
       title: 'Brave',
-      buttons: [locale.translation('torrentWarningOk')]
+      buttons: [locale.translation('urlWarningOk')]
     }, cb)
   } else {
     cb()
@@ -404,7 +420,7 @@ function registerForHeadersReceived (session, partition) {
       return
     }
     if ((isTorrentFile(details)) && partition === appConfig.tor.partition) {
-      showTorrentBlockedInTorWarning(details, muonCb)
+      onBlockedInTor(details, muonCb)
       return
     }
     const firstPartyUrl = module.exports.getMainFrameUrl(details)

app/locale.js

@@ -269,8 +269,8 @@ var rendererIdentifiers = function () {
     'downloadPaused',
     'noDownloads',
     'torrentDesc',
-    'torrentBlockedInTor',
-    'torrentWarningOk',
+    'urlBlockedInTor',
+    'urlWarningOk',
     'multiSelectionBookmarks',
     // Caption buttons in titlebar (min/max/close - Windows only)
     'windowCaptionButtonMinimize',