From 9759cc373957e48ef4f4ddad1f0a0ba4d533b69d Mon Sep 17 00:00:00 2001
From: yan <yan@mit.edu>
Date: Thu, 5 Jul 2018 15:42:32 -0700
Subject: [PATCH] Only allow whitelisted protocols to load in tor tabs

fix https://github.com/brave/browser-laptop/issues/14664
---
 app/filtering.js | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/app/filtering.js b/app/filtering.js
index 83d4b801e96..01129bb98e4 100644
--- a/app/filtering.js
+++ b/app/filtering.js
@@ -103,6 +103,13 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => {
   headersReceivedFilteringFns.push(filteringFn)
 }
 
+// Protocols which are safe to load in tor tabs
+const whitelistedTorProtocols = ['http:', 'https:', 'chrome-extension:', 'chrome-devtools:']
+if (process.env.NODE_ENV === 'development') {
+  // Needed for connection to webpack local server
+  whitelistedTorProtocols.push('ws:')
+}
+
 /**
  * Register for notifications for webRequest.onBeforeRequest for a particular
  * session.
@@ -111,6 +118,26 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => {
 function registerForBeforeRequest (session, partition) {
   const isPrivate = module.exports.isPrivate(partition)
   session.webRequest.onBeforeRequest((details, muonCb) => {
+    if (partition === appConfig.tor.partition) {
+      if (isMagnetURL(details)) {
+        // Show a useful warning for magnet urls
+        showTorrentBlockedInTorWarning(details, muonCb)
+        return
+      }
+      if (!details.url) {
+        muonCb({ cancel: true })
+        return
+      }
+      // To minimize leakage risk, only allow whitelisted protocols in Tor
+      // sessions
+      const protocol = urlParse(details.url).protocol
+      if (!whitelistedTorProtocols.includes(protocol)) {
+        console.log('Blocked protocol from loading in tor tab:', protocol)
+        muonCb({ cancel: true })
+        return
+      }
+    }
+
     if (process.env.NODE_ENV === 'development') {
       let page = appUrlUtil.getGenDir(details.url)
       if (page) {
@@ -136,11 +163,6 @@ function registerForBeforeRequest (session, partition) {
       return
     }
 
-    if ((isMagnetURL(details)) && partition === appConfig.tor.partition) {
-      showTorrentBlockedInTorWarning(details, muonCb)
-      return
-    }
-
     const firstPartyUrl = module.exports.getMainFrameUrl(details)
     // this can happen if the tab is closed and the webContents is no longer available
     if (!firstPartyUrl) {