BUG: addon easiliy bypassable

[Migliutin]

Trying to access Preferences via menu or about:preferences prompts to input the password, as it should.

But jumping directly to a subsection, like:

• about:preferences#general
• about:preferences#privacy
• about:preferences#search
• about:preferences#sync

is enough for having the controls totally bypassed.

Such bug makes the addon useless.

[SabreCat]

If I'm reading it right, this code is supposed to take care of the issue: https://github.com/mrigor/publicfox/blob/cad9c7afd96cbd98258259acf04a9c7345251f4b/chrome/content/dlwatchoverlay.js#L118-L128 In fact, this appears to be a recurrence of issue #1.

Other than a couple of code style things (window._content is deprecated in favor of window.content and one should use !== when possible instead of !=), I can't tell what'd be wrong tho... I wonder if for some reason adding the anchor bypasses the event listener that's supposed to fire dlwatch.checkurl?

[palepine]

Add

*#general
*#privacy
*#search
*#sync

to your blacklist. Not a very comfortable solution, but still.