revisit: dom.popup_allowed_events

[emphoeller]

Is it possible to use user-overrides.js to prevent a pref set in arkenfox’s original user.js from being set at all, keeping the current value, or leaving it unset and thus as the default? As I understand it, it isn’t, because user-overrides.js is simply appended to user.js, so there is no way to remove a line in user.js via user-overrides.js.

I could just look up what the current value is in about:config and override arkenfox’s value with that, but that would not

• respect changes to the default value via an update,
• maintain changes to the value via the Settings across restarts.

[rusty-snake]

Windows

updater.bat has a -Merge option.

Unix

Write your own updater.

I've one that can uncomment in the user.js: https://codeberg.org/rusty-snake/firefox-config/src/branch/main/assets/updater2.sh
It shouldn't be that difficult to change the sed to add // instead of remove.

[emphoeller]

Thanks for the link.

I’m on *NIX. If this is relevant enough that people have started automating it, maybe it should be made a feature on all platforms.

If someone cares for my two cents, I would not gate this feature behind a command-line option (enabled by default) and have the syntax be something like:

user_pref("example.pref", ARKENFOX_UNSET);

[Thorin-Oakenpants]

The number of active prefs has been decreasing ... I've tried to minimize things that are hidden or nasty to override (like URLS). Hidden is a usually boolean (from memory) .. but the others you can always just reset in about:config to look at the default value. But that's yet another "risk" in that defaults might change. Can I ask what pref is so concerning that you want to basically uncomment it?

You still need to reset it from about:config if it was ever applied - user.js cannot reset prefs - it can only SET them, which is why I strongly recommend that you set them in user-overrides

there is of course prefsCleaner which resets everything, once per update if you use it

[emphoeller]

I want to keep the pref dom.popup_allowed_events as Firefox’s default. arkenfox sets it to click dblclick mousedown pointerdown and Firefox’s current default is change click dblclick auxclick mousedown mouseup pointerdown pointerup notificationclick reset submit touchend contextmenu. I haven’t had experiences with unwanted popups being triggered by things other than clicks, so I don’t undestand why we would remove events from this list. (We obviously need to allow click/mousedown/… to keep sites working.) I’d rather keep the default provided by Firefox to avoid breakage of good-natured sites; I trust Firefox enough to believe that this default is reasonable. Additionally, Firefox’s list has several events on it that I have never even heard of, so it seems to me like the situation might still evolve (new events might yet be added to the standard), which in turn might require the expansion of this list. Hence, I would like to use the value suggested by the Firefox devs, as they seem to have an eye on the situation.

One could also argue that this value is fingerprintable, but if you tell me that it most likely isn’t used, I’m going to believe you.

[Thorin-Oakenpants]

I haven’t had experiences with unwanted popups being triggered by things other than clicks,

I think most of us never see them (without the pref being modified) because we're not exactly bouncing around the internet on dodgy websites and diving down dubious rabbit holes chasing free money and hookers and blow (can't speak for rusty-snake though) - so it's probably rare'ish .. who knows

but all these events are used to spam and annoy (and phish) .. hence the pref

I’d rather keep the default provided by Firefox to avoid breakage of good-natured sites

The question you need to ask yourself is ... have you ever encountered any breakage, and if not then why change it?. - but I guess it's hard to spot something that isn't there. Did you miss it?

I’m going to believe you

I don't think it's directly fingerprintable, i.e it would require user gestures at a minimum, and thus it's not reliable or useful really for cross site linkage

[Thorin-Oakenpants]

anyway ... just override with the default, which you can get from about:config by resetting it .. closing

[Thorin-Oakenpants]

I'm going to move this pref to [SECTION 5000]: OPTIONAL OPSEC ... inactive of course

17a81e9