TechnoRelic Posted July 3, 2019 Share Posted July 3, 2019 (edited) On 7/2/2019 at 11:35 AM, Mathwiz said: The man ('MAT' person) needs to look more at what was posted and less at who posted it. Just giving again a THANKS to YOU for doing the 'Pulls' needed to FIX the (Menu) 'HELP' URLs related to RT's Browsers here. It is GOOD to 'head off' further complications related to 'MAT' person. Added Later: RT observed (below) of 'MAT' person --> "(He is) better (seen) using binoculars" Okay, I did LOL on this above from RT. Added Later: VistaLover observed (below) of 'MAT' person --> "(He) wants your arm and shoulder too," GOOD that my HEAD is attached ... somewhere! Edited July 4, 2019 by TechnoRelic Link to comment Share on other sites More sharing options...
VistaLover Posted July 3, 2019 Share Posted July 3, 2019 5 minutes ago, TechnoRelic said: It is GOOD to 'head off' further complications related to 'MAT' person. ... I'm sorry to say this (thus slightly disagreeing with you), but whatever "one" (as in an XP fork maintainer ) does will never be sufficient to keep Matt A. Tobin at bay or make him revisit his opinions/change his behaviour towards the XP forks people... Just consider that @Feodor2 has taken the steps to fully rebrand his forks, yet he's still being treated as trash by the Tobin person ; don't be fooled, he's the kind of people that want your arm and shoulder too, when you're simply extending your hand to them... 1 Link to comment Share on other sites More sharing options...
roytam1 Posted July 3, 2019 Author Share Posted July 3, 2019 12 minutes ago, VistaLover said: he's the kind of people that want your arm and shoulder too, when you're simply extending your hand to them... it is always be safe and keep distance from him, better using binoculars to observe him instead. 4 Link to comment Share on other sites More sharing options...
cc333 Posted July 4, 2019 Share Posted July 4, 2019 On 7/3/2019 at 9:00 AM, roytam1 said: it is always be safe and keep distance from him, better using binoculars to observe him instead. As I do. There's no point in trying to respond to that vitriolic nonsense (now, the point of separating branding and redirecting help/support links to this forum thread instead of his site is a fair point and makes sense. What isn't fair is his seemingly compulsive need to viciously berate anyone who dares modify and use his product (or a derivative thereof) on an OS he doesn't support. Just let him do whatever he does, filter out whatever information is actually useful from that which is intended to insult or criticize, and move on. Some people just don't like to play fair. c 2 Link to comment Share on other sites More sharing options...
Dave-H Posted July 4, 2019 Share Posted July 4, 2019 10 hours ago, cc333 said: As I do. There's no point in trying to respond to that vitriolic nonsense (now, the point of separating branding and redirecting help/support links to this forum thread instead of his site is a fair point and makes sense. What isn't fair is his seemingly compulsive need to viciously berate anyone who dares modify and use his product (or a derivative thereof) on an OS he doesn't support. Just let him do whatever he does, filter out whatever information is actually useful from that which is intended to insult or criticize, and move on. Some people just don't like to play fair. c He presumably doesn't really understand the concept of "open source"! Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted July 4, 2019 Share Posted July 4, 2019 Hi to all. Bug in Firefox allows local files to be stolen: https://bugzilla.mozilla.org/show_bug.cgi?id=1560291 Test: Type in the address bar: file:///c:/ Link to comment Share on other sites More sharing options...
cc333 Posted July 4, 2019 Share Posted July 4, 2019 On 7/4/2019 at 7:05 AM, Dave-H said: He presumably doesn't really understand the concept of "open source"! Indeed! c Link to comment Share on other sites More sharing options...
Mathwiz Posted July 5, 2019 Share Posted July 5, 2019 7 hours ago, Sampei.Nihira said: Hi to all. Bug in Firefox allows local files to be stolen: https://bugzilla.mozilla.org/show_bug.cgi?id=1560291 Test: Type in the address bar: file:///c:/ It's important to be precise here. The bug isn't that typing file:///c:/ in the address bar shows your C: drive - that's what it's supposed to do. The bug is that an HTML document in C:\ can access any other file on the C: drive. This isn't easy to fix though, as Mozilla explains: Quote Chrome has a very restrictive file:// security policy: every single file is a different origin. This unfortunately breaks a lot of use cases (e.g. HTML documentation). We have a security policy where a file can only access things in the same directory or subdirectories. This works fine as long as you don't dump unrelated things in the same directory... It's hard to restrict the thing you're concerned about with here without breaking a huge number of legitimate things people depend on. A fix would probably involve treating certain locations as special cases: drive root directories, "C:\Program Files," the desktop, etc., which are likely to contain "unrelated things." (Mac/Linux would have different exceptions, of course.) Probably along with a new set of prefs so users could control it on a spectrum from Chrome-tight to "anything goes." Unfortunately it would take a much better programmer than I to make a change like this. Probably best to just wait and see what Mozilla and/or MCP come up with. In the meantime, just avoid saving Web pages or other HTML documents to the desktop or similar "high-level" directories. Even if you use your browser's or email client's default "downloads" directory, all anyone will be able to steal is your other downloads. 1 Link to comment Share on other sites More sharing options...
luweitest Posted July 5, 2019 Share Posted July 5, 2019 A misbehaving web page: http://xkctk.hangzhou.gov.cn/yhdl/ The last input field is for verification code that is displayed in the right. Despite how correct your input is, it will mark you a wrong cross and refresh the image, making you fail to log in. IE8 has the same problem. But on my android phone's firefox mobile the page behaves normal. Link to comment Share on other sites More sharing options...
roytam1 Posted July 5, 2019 Author Share Posted July 5, 2019 (edited) 59 minutes ago, luweitest said: A misbehaving web page: http://xkctk.hangzhou.gov.cn/yhdl/ The last input field is for verification code that is displayed in the right. Despite how correct your input is, it will mark you a wrong cross and refresh the image, making you fail to log in. IE8 has the same problem. But on my android phone's firefox mobile the page behaves normal. I got no problem here. Did you choose "Firefox compatibility" in preferences? Edited July 5, 2019 by roytam1 1 Link to comment Share on other sites More sharing options...
VistaLover Posted July 5, 2019 Share Posted July 5, 2019 4 hours ago, roytam1 said: I got no problem here Ditto here, with a slightly older build of New Moon 28.6.0a1 in Firefox Compatibility UA mode: uBlock Origin (legacy) latest, 1.6.4.11, no other content blockers... Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted July 5, 2019 Share Posted July 5, 2019 16 hours ago, Mathwiz said: It's important to be precise here. The bug isn't that typing file:///c:/ in the address bar shows your C: drive - that's what it's supposed to do. The bug is that an HTML document in C:\ can access any other file on the C: drive. This isn't easy to fix though, as Mozilla explains: A fix would probably involve treating certain locations as special cases: drive root directories, "C:\Program Files," the desktop, etc., which are likely to contain "unrelated things." (Mac/Linux would have different exceptions, of course.) Probably along with a new set of prefs so users could control it on a spectrum from Chrome-tight to "anything goes." Unfortunately it would take a much better programmer than I to make a change like this. Probably best to just wait and see what Mozilla and/or MCP come up with. In the meantime, just avoid saving Web pages or other HTML documents to the desktop or similar "high-level" directories. Even if you use your browser's or email client's default "downloads" directory, all anyone will be able to steal is your other downloads. It was not my intention to enter here in too specific details. So it's better to integrate your information to be as accurate as you wrote. Attention must also be paid to SVG files. Link to comment Share on other sites More sharing options...
roytam1 Posted July 6, 2019 Author Share Posted July 6, 2019 (edited) New build of Serpent/UXP for XP! Test binary: Win32 https://o.rths.cf/basilisk/basilisk52-g4.3.win32-git-20190706-a3ed49dde-xpmod.7z Win64 https://o.rths.cf/basilisk/basilisk52-g4.3.win64-git-20190706-a3ed49dde-xpmod.7z source code that is comparable to my current working tree is available here: https://github.com/roytam1/UXP/commits/custom NM28XP build: Win32 https://o.rths.cf/palemoon/palemoon-28.7.0a1.win32-git-20190706-a3ed49dde-xpmod.7z Win64 https://o.rths.cf/palemoon/palemoon-28.7.0a1.win64-git-20190706-a3ed49dde-xpmod.7z Official repo changes since my last build: - Attach FrameProperties to each frame instead of using a shared hashtable (00812e30d) - Issue #1142 - Remove uneeded assertion (#1145) (01e1fcf52) - Issue #1142 - Cleanup unused debug code for unboxed objects (35d29c05c) - Merge pull request #1146 from g4jc/unboxed_debug_bustage (f1a68a3aa) - [Pale Moon] Add a configure flag to functionally disable personas at build time (01af85986) - Merge branch 'pmpersona-work' (98f7e3b16) - Merge branch 'master' into FrameProperties (3051056bb) - Issue #1148 - Part 1: Add StartupWMClass to .desktop for unofficial (a61cca1c1) - Issue #1148 - Part 2: Add StartupWMClass to .desktop for official (4f3ec55dd) - New cycle version bump. (c794a79d8) - Update SSUAO for web.whatsapp.com. (f46e7a46c) - Update 16x16 branding images/icons for improved contrast on grey backgrounds. (893de15c2) - Change softoken password rounds to a more conservative number still within industry standard security, considering our db hashing is more CPU intensive than anticipated. (8ea1f38f9) - Merge pull request #1151 from win7-7/FrameProperties (0e54a0326) - Remove FT's polyfill.io SSUAO now they have fixed their detection. (6fce24e0e) - Add adjusted icon for 2k/XP classic grey toolbar backgrounds. (8096258c0) - Give Mac an Linux (small sizes) the same treatment (15e8d1c91) - Merge pull request #1149 from kbhasi/master (28439778f) - Issue #1158 - Remove extraneous closing brace - This also adjusts code indentation (281b66c7a) - Issue #1158 - Reinstate `tabcontainer` variable - This was erroneously removed in commit 1f5194b5f1deb0f36b36ed886d94ce5f8b62ca9d because it is still being used by surrounding code. (51bf4b3df) - Merge pull request #1159 from FranklinDM/bk_alltabslist-fix (a3ed49dde) My changes since my last build: - ignored rev 8ea1f38f9 since we don't use MCP's NSS Edited July 6, 2019 by roytam1 7 Link to comment Share on other sites More sharing options...
roytam1 Posted July 6, 2019 Author Share Posted July 6, 2019 New build of BOC/UXP for XP! Test binary: MailNews Win32 https://o.rths.cf/boc-uxp/mailnews.win32-20190706-74a3674-uxp-a3ed49dde-xpmod.7z Browser-only Suite Win32 https://o.rths.cf/boc-uxp/bnavigator.win32-20190706-74a3674-uxp-a3ed49dde-xpmod.7z source patch (excluding UXP): https://o.rths.cf/boc-uxp/boc-uxp-src-xpmod-20190223.7z Official repo changes since my last build: - [UXP] Update commit pointer (74a3674) For UXP changes please see above. 4 Link to comment Share on other sites More sharing options...
roytam1 Posted July 6, 2019 Author Share Posted July 6, 2019 (edited) New New Moon 27 Build! 32bit https://o.rths.cf/palemoon/palemoon-27.9.6.win32-git-20190706-0a2ee1ef2-xpmod.7z 32bit SSE https://o.rths.cf/palemoon/palemoon-27.9.6.win32-git-20190706-0a2ee1ef2-xpmod-sse.7z 32bit noSSE https://o.rths.cf/palemoon/palemoon-27.9.6.win32-git-20190706-0a2ee1ef2-xpmod-ia32.7z 64bit https://o.rths.cf/palemoon/palemoon-27.9.6.win64-git-20190706-0a2ee1ef2-xpmod.7z source repo: https://github.com/roytam1/palemoon27 repo changes since my last build: - import change from rmottola/Arctic-Fox: - Bug 1143192 Allow Context initialization to be cancelled. (e408a5854) - Bug 1140065 Check for null actor before using it in CacheStorageChild::RecvOpenResponse(). (3a5875d64) - Bug 1149987 - Part 5: Hold a kungfu death grip in FetchPut::MaybeNotifyListener; (60845a3ef) - Bug 1149987 - Part 6: Release the FetchPut object on the right thread in FetchObserver::OnResponseEnd(); (bf9172b17) - Bug 1109751 - Consume FormData support in Fetch API. (be2ea94d7) - Bug 1149987 - Part 8: Do not store or match Response objects with a Vary:* header; (1f5de94f6) - Bug 1126819 - Part 1: Respect the RequestInit.cache member in Request's constructor; (b11b19aee) - Bug 1126819 - Part 2: Persist the Request.cache attribute in DOM Cache; (31c2db054) - Bug 1147695 - Enable interception of beacons through service workers; r=nsm (899b62ecd) - Bug 1142727 - Do not intercept sandboxed iframes with service workers; r=nsm (fee4c2ae6) - Bug 982726 - Test the number of clients returned by matchAll. (c2c0b0b9b) - Bug 1147367 - Add a test for checking the Request.context attribute for FetchEvents generated for fetch(); (c93d28f40) - Bug 1147699 - Part 1: Move Request::mContext to InternalRequest, and determine the mapping to nsContentPolicyType; r=nsm (356433175) - Bug 1147996 - Enable interception of CSP reports through service workers; r=nsm (9c040e1d6) - bug 1147490 - fix GLContextProviderNull. (95dbbc863) - Bug 1137814 - nsAString and nsACString in URL.cpp/h (687d66aad) - Bug 931249 - patch 1 - Scriptloader use cache if needed. Bug 931249 - Patch 1.1 - Set baseURI when script is obtained from cache. (7ab055659) - Bug 931249 - patch 2 - cachename integration. (f84945f92) - Bug 931249 - patch 2.1 - reuse cache name between updating and installing worker. (bf1846186) - Bug 931249 - patch 2.2 - purge old active worker cache when activating new worker. (116a50da3) - Bug 1131271 - Set ServiceWorker script redirect limit to zero. (af8ae3444) - Bug 931249 - patch 3 - tests. (eb9769c2f) - Bug 931249 - patch 4 - comparison. (ba0b8c833) - Bug 931249 - patch 5 - set redirection limit back to zero. (4ff8f49f2) - Bug 931249 - Patch 4.1 - Fix addref/release declarations on Windows builds. (c58f55fe8) - Bug 931249 - Patch 6 - Fix abort condition in CompareCache::OnStreamComplete. (2054a1d8b) - Bug 931249 - Patch 7 - Call Done() after Succeed() when cache and network match. (31ec38719) - Bug 931249 - Patch 8 - Provide direct getter to the fact that we are loading a worker instead of relying on cache name. (e5f62b684) - Bug 931249 - Patch 9 - Use ServiceWorker cache name as part of it's unique name. r=khuey (d6481d3cd) - Bug 931249 - Patch 10 - Bypass HTTP cache when downloading ServiceWorker script to compare against. r=bkelly (6309eaf90) - Bug 931249 - Patch 11 - Remove unused cacheName. (33bf983c5) - Bug 931249 - Patch 12 - Call LoadingFinished even if channel is not present. r=khuey (2a868e45a) - Bug 931249 - Patch 13 - Fix finish condition in CacheScriptLoader::Fail. r=baku (0033bc2ab) - Bug 931249 - Patch 14 - kungfuDeathGrip. r=baku (8d112108b) - Bug 931249 - Patch 15 - assert later. r=baku (9eca21509) - Bug 931249 - Patch 16 - Keep ServiceWorker alive during installation steps. r=baku (307dbe265) (09883465b) - import change from rmottola/Arctic-Fox: - Bug 1094764 - Implement AudioContext.suspend and friends. r=roc,ehsan (79ff7e5ea) (and GraphDriver.cpp vc2013 fix from bug1163469) - Bug 1147699 - Part 2: Set the content policy type on FetchEvent.request based on the content policy type of the channel; r=nsm (f4bfbb8e2) - Bug 1147699 - Part 3: Add a test for FetchEvent.request.context when intercepting an image load; (36e429469) - Bug 1147699 - Part 4: Add a test for FetchEvent.request.context when intercepting a responsive image load; (c7f4a27f3) - Bug 1147699 - Part 5: Add a test for FetchEvent.request.context when intercepting an audio element load; (40dfbeb87) - Bug 1147699 - Part 6: Add a test for FetchEvent.request.context when intercepting a video element load; (dcc6a359a) - Bug 1147699 - Part 7: Add a test for FetchEvent.request.context when intercepting a beacon load; (8cb913bff) - Bug 1147699 - Part 8: Add a test for FetchEvent.request.context when intercepting a CSP report (67d7ab74a) - Bug 1147699 - Part 9: Add tests for FetchEvent.request.context when intercepting embeds and objects; (b7f8d3c11) - Bug 1147699 - Part 10: Add a test for FetchEvent.request.context when intercepting font loads; (4108db24e) - Bug 1147699 - Part 11: Add tests for FetchEvent.request.context when intercepting iframes and frames; (981c93483) - Bug 1147699 - Part 12: Add a test for FetchEvent.request.context when intercepting new window loads; (cd1ce857f) - Bug 1147699 - Part 13: Add a test for FetchEvent.request.context when intercepting ping loads; r=nsm (377e09600) - Bug 1146610 - Add static_asserts that check the validity of the enum values that we write into the cache database; r=bkelly (ac8c96abc) - Bug 1147699 - Part 14: Add a test for FetchEvent.request.context when intercepting loads coming from plugins; r=nsm (0e1769bb4) - Bug 1148064 - Enable interception of pings through service workers; r=nsm,smaug (8dc3328cb) - Bug 1150608 Do not reuse CacheId values within an origin. (4eb46f1d5) (acfadf1d4) - import change from rmottola/Arctic-Fox: - Bug 1142917 - add logs to GMPChild. (ba458fb52) - Bug 1124996 - Block S3TC on OSX 10.10 & HD3000. (907466fd4) - Bug 1142957 Fallback to main display CVDisplayLink if active displays aren't available. (02e155615) - Bug 1139049 - turn EnumRoleAccessible into template (4285a88c3) - Bug 1139049 - revert EnumRoleAccesisble name change (0bf9e3703) - Bug 1139576 - make accessible creation by tag name faster, (2aac035d6) - Bug 1139900 - make tag name based roles faster (dd3d1a00f) - Bug 1140497 - add more roles into markup map (f106edc6d) - Bug 1140500 - add object attributes declaration into markup map, (d50b288da) (49a83a24e) - import change from rmottola/Arctic-Fox: - Bug 1001634 - Add basic MathML accessibility implementation (bf5b4d740) - Bug 1139576 - New_ functions should be static (04f64cb93) - Bug 1142681 - Let CreateECParamsForCurve() assert a non-null arena parameter (d18f9f721) - Bug 1142863 - Remove unused struct RemoveQuotaInfo in dom/quota/QuotaManager.cpp. (e557fab3a) - Bug 1142860 - Remove unused exception parameter in osx_corewlan.mm. (a5fbc52c0) - Bug 1135543 - Part 2 (no part 1): Add a |metadata| parameter to CrashManager.addCrash() (c01dea4a3) - Bug 1135543 - Part 3: Create events file format crash.main.2 which contains metadata (3aa7f0dc1) - Bug 1135543 - Part 4: Define DailyCrashesMeasurement6 containing main-crash-oom; (Partial only, missing files in AF) (ea64fac70) - Bug 1143239: Add MOZ_OVERRIDE annotations in ClientReadbackLayer. (ac2608288) - Bug 1141858 - Fix error message for unexpected extended attribute on dictionary members. (c395919fd) - Bug 1142338 - Debugger.Memory's census shouldn't use JS::ubi::Node::as<T>; (e2e9eb767) - Bug 1139464 - In GetNearestScrollableFrame(), associate the root APZC with the root scroll frame of the root document (whether chrome or content), not the root content document. (9964d72bc) (0a2ee1ef2) Edited July 6, 2019 by roytam1 2 Link to comment Share on other sites More sharing options...
Recommended Posts