search

dadler / thumbnail-zoom

Thumbnail Zoom Plus is a Firefox plug-in which shows a full-size image pop-up when you hover over a thumbnail or image link. When you hover your mouse over a thumbnail or an image or video link, the add-on displays the full-size image or video still-frame in a floating window. Supported sites include Amazon, Bing, Facebook, Flickr, Google, IMDb, LinkedIn, Netflix, Pinterest, Reddit, Tumblr, Twitter, Yandex.ru, YouTube, Wikipedia, WordPress, Yahoo Images, and many more.
30 stars 7 forks source link

Does not respect Private Browsing cache when using Private Tab extension #211

Open Hakkin opened 9 years ago

Hakkin commented 9 years ago

Private browsing is respected in regards to adding links to history, but files loaded in private browsing mode with thumbnail zoom are cached to disk, without a private flag on them.

Examples: Expected cache after viewing file in private browsing: non-private file cache, private file cache Cache after viewing file in private browsing with thumbnail zoom: non-private file cache, private file cache

dadler commented 9 years ago

Thanks, I'll take a look. For the record, the screenshots are from about:cache

For private use about:cache?storage=&context=p, (including the trailing comma)

dadler commented 9 years ago

So far I haven't reproduced a problem in ff37.0.1 and TZP current origin/master.

Merely having an entry in the disk after private browsing may not indicate a problem since a non-private window may have caused a page to load e.g. via a timer or AJAX call. It's only a problem if "List Cache Entries" confirms that it's the URL of something TZP displayed from a private browsing window. Do you know if the cached file is from a private TZP pop-up?

Hakkin commented 9 years ago

Note: I'm keeping everything below because it's probably still useful, but I think this is actually only a problem when using the extension Private Tab (github page). I've tried this test again using a private window launched from Firefox's menu and it worked as expected. I'm going to modify the title to reflect this.

I'm positive the entries are the images looked at, and I've provided screenshots of my caches at every step below. The cache was cleared before each test, and I made sure no tabs were making requests during it.

Loading image in Private Browsing mode without TZP (opening it in a new tab, which is also private) Normal cache before request Private cache before request

I then middle clicked on a link to https://i.imgur.com/piGH9hN.png, opening it in a new tab.

Normal cache after request Private cache after request Notice the normal cache has no entries at all. Private cache memory entry Private cache disk entry

I then closed all private tabs and the private cache was cleared. This is the expected behavior, now for what happens with TZP:

Loading image in Private Browsing mode with TZP Normal cache before request Private cache before request

Normal cache after request Immediately something is wrong, there should be no entries in the normal cache, since requests have only been made in private browsing mode. Normal cache disk entry This confirms that images loaded with TPZ on my configuration are being cached to disk with no private flag set (anything "private" shouldn't touch disk at all, everything in private browsing is stored in ram) Private cache after request Just to be complete.

If you would like to try the same test I used, host the follow HTML and follow the same routine I did above, make sure no other tabs are running and you clear the cache between each test (the about:cache about should say 0 entries for both normal and private caches)

<html>
<body>
<a href="https://i.imgur.com/piGH9hN.png">Example</a>
</body>
</html>
dadler commented 9 years ago

Good detective work and documentation of it!

The problem may be that when TZP show its pop-up, it's not coming from a particular tab. It's a pop-up based on an internal XUL doc associated with the window (TZP modifies an img tag's src attribute to make it show the desired image). The pop-up automatically inherits the window's private browsing state, but it doesn't know about the tab's private browsing state. I see that they have an API to query a tab's state, but I don't know if it's even possible to set a particular private browsing state of an XUL document.

I suggest you report this as a bug against the Private Tab extension, and reference this issue. I'm happy to discuss the issue with them if they're interested, and to change TZP if there's an easy fix.

Thanks, David

Hakkin commented 9 years ago

I've opened an issue on the Private Tab page here: Infocatcher/Private_Tab#172

Infocatcher commented 9 years ago

The problem may be that when TZP show its pop-up, it's not coming from a particular tab. It's a pop-up based on an internal XUL doc associated with the window (TZP modifies an img tag's src attribute to make it show the desired image). The pop-up automatically inherits the window's private browsing state, but it doesn't know about the tab's private browsing state. I see that they have an API to query a tab's state, but I don't know if it's even possible to set a particular private browsing state of an XUL document.

Hmm... I think, you may try to use <iframe> or <browser> with desired private state to show pop-up. It's possible to change private state of global browser window, but all internal requests will be affected.

Something like

//Components.utils.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
var privacyContext = PrivateBrowsingUtils.privacyContextFromWindow(frame.contentWindow);
privacyContext.usePrivateBrowsing = true;

Note: there is warning about usePrivateBrowsing usage:

Warning: Only internal code is allowed to set the usePrivateBrowsing attribute

This is only warning and all works fine (and Private Tab can't work without this).