preferences.json

@@ -7,6 +7,20 @@
 		,"description": "This is the extesion's main feature."
 	}
 	,{
+		"name": "uri.mozext.blocking.enabled"
+		,"type": "bool"
+		,"value": true
+		,"title": "Block access to moz-extension:// URIs from Web"
+		,"description": "The possibility for fingerprintable leaks may exist."
+	}
+	,{
+		"name": "uri.ext.blocking.enabled"
+		,"type": "bool"
+		,"value": true
+		,"title": "Block access to extension:// URIs from Web"
+		,"description": "Like moz-extension://, the possibility for fingerprintable leaks may exist in webextensions."
+	}
+	,{
 		"name": "uri.chrome.blocking.enabled"
 		,"type": "bool"
 		,"value": false
@@ -35,6 +49,20 @@
 		,"description": "This may harm your privacy: Only for debugging and as temporary measures (Separated with commas)"
 	}
 	,{
+		"name": "uri.resource.mozextList"
+		,"type": "string"
+		,"value": ""
+		,"title": "Exposed moz-extension:// domains"
+		,"description": "This may harm your privacy: Only for debugging and as temporary measures (Separated with commas)"
+	}
+	,{
+		"name": "uri.resource.extList"
+		,"type": "string"
+		,"value": ""
+		,"title": "Exposed extension:// domains"
+		,"description": "This may harm your privacy: Only for debugging and as temporary measures (Separated with commas)"
+	}
+	,{
 		"name": "uri.about.restricted"
 		,"type": "bool"
 		,"value": false

src/main.js

@@ -33,8 +33,12 @@ const {enablePolicy} = require ('./resource-filter/init');
 const PREF_REDIRECT_MASKED = 'redirect.enableMasking';
 const PREF_URI_RESOURCE_BLOCKED = 'uri.resource.blocking.enabled';
 const PREF_URI_CHROME_BLOCKED = 'uri.chrome.blocking.enabled';
+const PREF_URI_MOZEXT_BLOCKED = 'uri.mozext.blocking.enabled';
+const PREF_URI_EXT_BLOCKED = 'uri.ext.blocking.enabled';
 const PREF_URI_CHROME_WHITELIST = 'uri.chrome.exposedList';
 const PREF_URI_RESOURCE_WHITELIST = 'uri.resource.exposedList';
+const PREF_URI_MOZEXT_WHITELIST = 'uri.resource.mozextList';
+const PREF_URI_EXT_WHITELIST = 'uri.resource.extList';
 const PREF_RESTRICT_ABOUT = 'uri.about.restricted';
 const PREF_DEBUG_ENABLED = 'debug.enabled';
 
@@ -48,6 +52,8 @@ const extractListItems = str =>
 const update = $prefs => enablePolicy ({__proto__: null
 	,enableDebug: !!$prefs[PREF_DEBUG_ENABLED]
 	,blockResourceURIs: !!$prefs[PREF_URI_RESOURCE_BLOCKED]
+	,blockMozextURIs: !!$prefs[PREF_URI_MOZEXT_BLOCKED]
+	,blockExtURIs: !!$prefs[PREF_URI_EXT_BLOCKED]
 	,blockChromeURIs: !!$prefs[PREF_URI_CHROME_BLOCKED]
 	,enableRedirectMasking: !!$prefs[PREF_REDIRECT_MASKED]
 	,restrictAboutPages: !!$prefs[PREF_RESTRICT_ABOUT]
@@ -55,8 +61,13 @@ const update = $prefs => enablePolicy ({__proto__: null
 		extractListItems ($prefs[PREF_URI_RESOURCE_WHITELIST])
 	,exposedChromeDomains:
 		extractListItems ($prefs[PREF_URI_CHROME_WHITELIST])
+	,exposedMozextDomains:
+		extractListItems ($prefs[PREF_URI_MOZEXT_WHITELIST])
+	,exposedExtDomains:
+		extractListItems ($prefs[PREF_URI_EXT_WHITELIST])
 });
 
 update (_$prefs);
 require ('sdk/simple-prefs').on ('control.update', () => void update (_$prefs));
 
+//Build:git-3e7f3809346d94a85b0dddf30abdc43df7dee6cd

src/resource-filter/init.js

@@ -11,7 +11,7 @@
 const setPolicy = (() => {
   try {
     const {processes, remoteRequire} = require ('sdk/remote/parent');
-    remoteRequire ('./process/filter', module);
+    remoteRequire ('resource://no-resource-uri-leak/resource-filter/process/filter');
     // For every current and future process
     return options =>
       processes.forEvery (process => void process.port.emit ('setPolicy', options));

src/resource-filter/process/filter.js

@@ -19,26 +19,39 @@ const policyState = {__proto__: null
   ,debug: false
   ,exposedResourceDomains: new Set
   ,exposedChromeDomains: new Set
+  ,exposedMozextDomains: new Set
+  ,exposedExtDomains: new Set
   ,blockResourceUris: true
+  ,blockMozextUris: true
+  ,blockExtUris: true
   ,blockChromeUris: true
   ,filterRedirects: true
   ,whitelistAboutUris: false
   ,secureAboutUris: new Set (['addons', 'home', 'preferences', 'support', 'newtab', 'debugging', 'config', 'downloads', 'profiles', 'sessionrestore', 'privatebrowsing', 'plugins'])
   ,veryInsecureAboutUris: new Set (['blank', 'srcdoc'])
+  ,mozextWhitelist: new Set
+  ,extWhitelist: new Set
 };
 
 
 // Note: view-source: scheme is no longer accessible from content (thus no leaks)
 const isWhitelistedOrigin = u => (!u)
   || u.schemeIs ('chrome') || u.schemeIs ('resource') || u.schemeIs ('view-source')
-  || u.schemeIs ('about') && (!policyState.veryInsecureAboutUris.has (u.path))
-    && (policyState.secureAboutUris.has (u.path) || policyState.whitelistAboutUris);
+  || u.schemeIs ('extension') || u.schemeIs ('moz-extension') || u.schemeIs ('about')
+	&& (!policyState.veryInsecureAboutUris.has (u.path))
+    && (policyState.secureAboutUris.has (u.path) || policyState.mozextWhitelist.has (u.path) 
+	|| policyState.extWhitelist.has (u.path) || policyState.whitelistAboutUris);
 
 const shouldBeBlocked = u => (!u)
   || policyState.blockResourceUris
     && u.schemeIs ('resource') && (!policyState.exposedResourceDomains.has (u.host))
   || policyState.blockChromeUris
-    && u.schemeIs ('chrome') && (!policyState.exposedChromeDomains.has (u.host));
+    && u.schemeIs ('chrome') && (!policyState.exposedChromeDomains.has (u.host))
+  || policyState.blockMozextUris
+    && u.schemeIs ('moz-extension') && (!policyState.exposedMozextDomains.has (u.host))
+  || policyState.exposedExtDomains
+    && u.schemeIs ('extension') && (!policyState.exposedExtDomains.has (u.host));	
+	
 
 registerContentPolicy ({__proto__: null
   ,contractId: '@addons.mozilla.org/resource-masking-policy;1'
@@ -92,7 +105,7 @@ const requestObserver = {__proto__: null
         }
       }
     } catch (e) {
-      console.exception (e);
+      //console.exception (e);
     }
   }
 };
@@ -103,16 +116,20 @@ try {
     observerService.removeObserver (requestObserver, 'http-on-examine-response'));
 } catch (e) {}
 
-const setPolicy = ({enableRedirectMasking, blockChromeURIs, blockResourceURIs
-  , enableDebug, restrictAboutPages, exposedResourceDomains, exposedChromeDomains}) =>
+const setPolicy = ({enableRedirectMasking, blockChromeURIs, blockMozextUris, blocExtUris, blockResourceURIs
+  , enableDebug, restrictAboutPages, exposedResourceDomains, exposedChromeDomains, exposedMozextDomains, exposedExtDomains}) =>
 {
   policyState.filterRedirects = !!enableRedirectMasking;
   policyState.blockChromeUris = !!blockChromeURIs;
   policyState.blockResourceUris = !!blockResourceURIs;
+  policyState.blockMozextUris = !!blockMozextURIs;
+  policyState.blockExtUris = !!blockExtURIs;
   policyState.debug = !!enableDebug;
   policyState.whitelistAboutUris = !restrictAboutPages;
   policyState.exposedResourceDomains = new Set (exposedResourceDomains || []);
   policyState.exposedChromeDomains = new Set (exposedChromeDomains || []);
+  policyState.exposedMozextDomains = new Set (exposedMozextDomains || []);
+  policyState.exposedExtDomains = new Set (exposedExtDomains || []);
 };
 
 try {

version_info

@@ -22,7 +22,7 @@
 addon_id="no-resource-uri-leak"
 
 # Canonical version of the addon (may be converted into different formats on build)
-addon_version="1.1.0"
+addon_version="1.2.1"
 
 # Alpha versions (may not be feature complete): x.y.z~a1, x.y.z~a2, ...
 # Beta versions (feature-frozen): x.y.z~b1, x.y.z~b2, ...