Firefox Mobile(and Orfox) allows the user to copy the url to another app

An user is able to copy URL from the web browser URL bar to another app when both apps are diving the screen(multi window support), violating the no-proxy-bypass rule.

This bug is reproducible just on Samsung Galaxy Note devices.

added TorBrowserTeam201812 component::applications/tor browser owner::tbb-team priority::medium resolution::fixed severity::normal status::closed tbb-mobile tbb-torbutton type::defect labels

What do you mean with "proxy bypass" in this case? The user is able to copy a URL and then they paste it in another app and the requested page shows up? That's okay I think and "happening" on desktop as well: If I copy a URL in Tor Browser and open my Firefox then I am able to paste and load it.

Trac:
Cc: geko, sysrqb, mcs, arthuredelstein to gk, sysrqb, mcs, arthuredelstein
Owner: N/A to tbb-team
Keywords: N/A deleted, tbb-torbutton added
Component: Applications/Torbutton to Applications/Tor Browser

Trac:
Keywords: N/A deleted, tbb-mobile added

Indeed, it copies the url that has the text/html format, however it filters out the Mozilla URL Object(text/x-moz-url) that has more information about the site. At least it is what the log message says:

[03-27 10:55:30] Torbutton INFO: The DataTransfer is available
[03-27 10:55:30] Torbutton INFO: Inspecting the data transfer: 0
[03-27 10:55:30] Torbutton INFO: Type is: text/plain
[03-27 10:55:30] Torbutton INFO: Type is: text/x-moz-url
[03-27 10:55:30] Torbutton INFO: Removing text/x-moz-url

and the drag and drop filter code as well:

        if (type == "text/x-moz-url" ||
            type == "text/x-moz-url-data" ||
            type == "text/uri-list" ||
            type == "application/x-moz-file-promise-url") {
          aDataTransfer.clearData(type);
          this.logger.log(3, "Removing " + type);
        }

Trac:
Parent: N/A to #25703 (moved)

igt0: So, is that bug still an issue we think should get fixed? If so, what exactly is the problem? (As I indicated in comment:1 that's the behavior on the desktop and I think it's okay)

Trac:
Status: new to needs_information

It is fixed by the dragDropFilter.js in TorButton. About the problem:

When the Android multi window is enabled[1] and the user drags and drop the URL to other window, the data contains not just the URL but the current tab title.

[1] https://developer.android.com/guide/topics/ui/multi-window

Okay, so we get this fixed once we ship Tor Browser for Mobile with Torbutton, good.

So, we do include Torbutton now, igt0, can you verify if we are good here now?

Trac:
Parent: #25703 (moved) to N/A

igt0: Are we good here now?

Trac:
Cc: gk, sysrqb, mcs, arthuredelstein to gk, sysrqb, mcs, arthuredelstein, igt0
Keywords: N/A deleted, TorBrowserTeam201812 added

yes, torbutton already has the needed code to handle this.

Okay, then we can close this ticket, thanks.

Trac:
Resolution: N/A to fixed
Status: needs_information to closed

closed

moved to tpo/applications/tor-browser#25635 (closed)