tenfourfox/browser/base/content/sanitize.js

789 lines
28 KiB
JavaScript
Raw Normal View History

2017-04-19 07:56:45 +00:00
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
Components.utils.import("resource://gre/modules/Services.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "PlacesUtils",
"resource://gre/modules/PlacesUtils.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "FormHistory",
"resource://gre/modules/FormHistory.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "Downloads",
"resource://gre/modules/Downloads.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "Promise",
"resource://gre/modules/Promise.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "Task",
"resource://gre/modules/Task.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "DownloadsCommon",
"resource:///modules/DownloadsCommon.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "TelemetryStopwatch",
"resource://gre/modules/TelemetryStopwatch.jsm");
function Sanitizer() {}
Sanitizer.prototype = {
// warning to the caller: this one may raise an exception (e.g. bug #265028)
clearItem: function (aItemName)
{
if (this.items[aItemName].canClear)
this.items[aItemName].clear();
},
canClearItem: function (aItemName, aCallback, aArg)
{
let canClear = this.items[aItemName].canClear;
if (typeof canClear == "function") {
canClear(aCallback, aArg);
return false;
}
aCallback(aItemName, canClear, aArg);
return canClear;
},
prefDomain: "",
getNameFromPreference: function (aPreferenceName)
{
return aPreferenceName.substr(this.prefDomain.length);
},
/**
* Deletes privacy sensitive data in a batch, according to user preferences.
* Returns a promise which is resolved if no errors occurred. If an error
* occurs, a message is reported to the console and all other items are still
* cleared before the promise is finally rejected.
*
* If the consumer specifies the (optional) array parameter, only those
* items get cleared (irrespective of the preference settings)
*/
sanitize: function (aItemsToClear)
{
var deferred = Promise.defer();
var seenError = false;
if (Array.isArray(aItemsToClear)) {
var itemsToClear = [...aItemsToClear];
} else {
let branch = Services.prefs.getBranch(this.prefDomain);
itemsToClear = Object.keys(this.items).filter(itemName => {
try {
return branch.getBoolPref(itemName);
} catch (ex) {
return false;
}
});
}
// Ensure open windows get cleared first, if they're in our list, so that they don't stick
// around in the recently closed windows list, and so we can cancel the whole thing
// if the user selects to keep a window open from a beforeunload prompt.
let openWindowsIndex = itemsToClear.indexOf("openWindows");
if (openWindowsIndex != -1) {
itemsToClear.splice(openWindowsIndex, 1);
let item = this.items.openWindows;
let ok = item.clear(() => {
try {
let clearedPromise = this.sanitize(itemsToClear);
clearedPromise.then(deferred.resolve, deferred.reject);
} catch(e) {
let error = "Sanitizer threw after closing windows: " + e;
Cu.reportError(error);
deferred.reject(error);
}
});
// When cancelled, reject immediately
if (!ok) {
deferred.reject("Sanitizer canceled closing windows");
}
return deferred.promise;
}
let cookiesIndex = itemsToClear.indexOf("cookies");
if (cookiesIndex != -1) {
itemsToClear.splice(cookiesIndex, 1);
let item = this.items.cookies;
item.range = this.range;
let ok = item.clear(() => {
try {
if (!itemsToClear.length) {
// we're done
deferred.resolve();
return;
}
let clearedPromise = this.sanitize(itemsToClear);
clearedPromise.then(deferred.resolve, deferred.reject);
} catch(e) {
let error = "Sanitizer threw after clearing cookies: " + e;
Cu.reportError(error);
deferred.reject(error);
}
});
// When cancelled, reject immediately
if (!ok) {
deferred.reject("Sanitizer canceled clearing cookies");
}
return deferred.promise;
}
TelemetryStopwatch.start("FX_SANITIZE_TOTAL");
// Cache the range of times to clear
if (this.ignoreTimespan)
var range = null; // If we ignore timespan, clear everything
else
range = this.range || Sanitizer.getClearRange();
let itemCount = Object.keys(itemsToClear).length;
let onItemComplete = function() {
if (!--itemCount) {
TelemetryStopwatch.finish("FX_SANITIZE_TOTAL");
seenError ? deferred.reject() : deferred.resolve();
}
};
for (let itemName of itemsToClear) {
let item = this.items[itemName];
item.range = range;
if ("clear" in item) {
let clearCallback = (itemName, aCanClear) => {
// Some of these clear() may raise exceptions (see bug #265028)
// to sanitize as much as possible, we catch and store them,
// rather than fail fast.
// Callers should check returned errors and give user feedback
// about items that could not be sanitized
let item = this.items[itemName];
try {
if (aCanClear)
item.clear();
} catch(er) {
seenError = true;
Components.utils.reportError("Error sanitizing " + itemName +
": " + er + "\n");
}
onItemComplete();
};
this.canClearItem(itemName, clearCallback);
} else {
onItemComplete();
}
}
return deferred.promise;
},
// Time span only makes sense in certain cases. Consumers who want
// to only clear some private data can opt in by setting this to false,
// and can optionally specify a specific range. If timespan is not ignored,
// and range is not set, sanitize() will use the value of the timespan
// pref to determine a range
ignoreTimespan : true,
range : null,
items: {
cache: {
clear: function ()
{
TelemetryStopwatch.start("FX_SANITIZE_CACHE");
var cache = Cc["@mozilla.org/netwerk/cache-storage-service;1"].
getService(Ci.nsICacheStorageService);
try {
// Cache doesn't consult timespan, nor does it have the
// facility for timespan-based eviction. Wipe it.
cache.clear();
} catch(er) {}
var imageCache = Cc["@mozilla.org/image/tools;1"].
getService(Ci.imgITools).getImgCacheForDocument(null);
try {
imageCache.clearCache(false); // true=chrome, false=content
} catch(er) {}
TelemetryStopwatch.finish("FX_SANITIZE_CACHE");
},
get canClear()
{
return true;
}
},
cookies: {
clear: function (aCallback)
{
TelemetryStopwatch.start("FX_SANITIZE_COOKIES");
TelemetryStopwatch.start("FX_SANITIZE_COOKIES_2");
var cookieMgr = Components.classes["@mozilla.org/cookiemanager;1"]
.getService(Ci.nsICookieManager);
if (this.range) {
// Iterate through the cookies and delete any created after our cutoff.
var cookiesEnum = cookieMgr.enumerator;
while (cookiesEnum.hasMoreElements()) {
var cookie = cookiesEnum.getNext().QueryInterface(Ci.nsICookie2);
if (cookie.creationTime > this.range[0])
// This cookie was created after our cutoff, clear it
cookieMgr.remove(cookie.host, cookie.name, cookie.path, false);
}
}
else {
// Remove everything
cookieMgr.removeAll();
}
TelemetryStopwatch.finish("FX_SANITIZE_COOKIES_2");
// Clear deviceIds. Done asynchronously (returns before complete).
let mediaMgr = Components.classes["@mozilla.org/mediaManagerService;1"]
.getService(Ci.nsIMediaManagerService);
mediaMgr.sanitizeDeviceIds(this.range && this.range[0]);
// Clear plugin data.
TelemetryStopwatch.start("FX_SANITIZE_PLUGINS");
this.clearPluginCookies().then(
function() {
TelemetryStopwatch.finish("FX_SANITIZE_PLUGINS");
TelemetryStopwatch.finish("FX_SANITIZE_COOKIES");
aCallback();
});
return true;
},
clearPluginCookies: function() {
const phInterface = Ci.nsIPluginHost;
const FLAG_CLEAR_ALL = phInterface.FLAG_CLEAR_ALL;
let ph = Cc["@mozilla.org/plugin/host;1"].getService(phInterface);
// Determine age range in seconds. (-1 means clear all.) We don't know
// that this.range[1] is actually now, so we compute age range based
// on the lower bound. If this.range results in a negative age, do
// nothing.
let age = this.range ? (Date.now() / 1000 - this.range[0] / 1000000) : -1;
if (!this.range || age >= 0) {
let tags = ph.getPluginTags();
function iterate(tag) {
let promise = new Promise(resolve => {
try {
let onClear = function(rv) {
// If the plugin doesn't support clearing by age, clear everything.
if (rv == Components.results. NS_ERROR_PLUGIN_TIME_RANGE_NOT_SUPPORTED) {
ph.clearSiteData(tag, null, FLAG_CLEAR_ALL, -1, function() {
resolve();
});
} else {
resolve();
}
};
ph.clearSiteData(tag, null, FLAG_CLEAR_ALL, age, onClear);
} catch (ex) {
resolve();
}
});
return promise;
}
let promises = [];
for (let tag of tags) {
promises.push(iterate(tag));
}
return Promise.all(promises);
}
},
get canClear()
{
return true;
}
},
offlineApps: {
clear: function ()
{
TelemetryStopwatch.start("FX_SANITIZE_OFFLINEAPPS");
Components.utils.import("resource:///modules/offlineAppCache.jsm");
OfflineAppCacheHelper.clear();
TelemetryStopwatch.finish("FX_SANITIZE_OFFLINEAPPS");
},
get canClear()
{
return true;
}
},
history: {
clear: function ()
{
TelemetryStopwatch.start("FX_SANITIZE_HISTORY");
if (this.range)
PlacesUtils.history.removeVisitsByTimeframe(this.range[0], this.range[1]);
else
PlacesUtils.history.removeAllPages();
try {
var os = Components.classes["@mozilla.org/observer-service;1"]
.getService(Components.interfaces.nsIObserverService);
let clearStartingTime = this.range ? String(this.range[0]) : "";
os.notifyObservers(null, "browser:purge-session-history", clearStartingTime);
}
catch (e) { }
try {
var predictor = Components.classes["@mozilla.org/network/predictor;1"]
.getService(Components.interfaces.nsINetworkPredictor);
predictor.reset();
} catch (e) { }
TelemetryStopwatch.finish("FX_SANITIZE_HISTORY");
},
get canClear()
{
// bug 347231: Always allow clearing history due to dependencies on
// the browser:purge-session-history notification. (like error console)
return true;
}
},
formdata: {
clear: function ()
{
TelemetryStopwatch.start("FX_SANITIZE_FORMDATA");
// Clear undo history of all searchBars
var windowManager = Components.classes['@mozilla.org/appshell/window-mediator;1']
.getService(Components.interfaces.nsIWindowMediator);
var windows = windowManager.getEnumerator("navigator:browser");
while (windows.hasMoreElements()) {
let currentWindow = windows.getNext();
let currentDocument = currentWindow.document;
let searchBar = currentDocument.getElementById("searchbar");
if (searchBar)
searchBar.textbox.reset();
let tabBrowser = currentWindow.gBrowser;
for (let tab of tabBrowser.tabs) {
if (tabBrowser.isFindBarInitialized(tab))
tabBrowser.getFindBar(tab).clear();
}
// Clear any saved find value
tabBrowser._lastFindValue = "";
}
let change = { op: "remove" };
if (this.range) {
[ change.firstUsedStart, change.firstUsedEnd ] = this.range;
}
FormHistory.update(change);
TelemetryStopwatch.finish("FX_SANITIZE_FORMDATA");
},
canClear : function(aCallback, aArg)
{
var windowManager = Components.classes['@mozilla.org/appshell/window-mediator;1']
.getService(Components.interfaces.nsIWindowMediator);
var windows = windowManager.getEnumerator("navigator:browser");
while (windows.hasMoreElements()) {
let currentWindow = windows.getNext();
let currentDocument = currentWindow.document;
let searchBar = currentDocument.getElementById("searchbar");
if (searchBar) {
let transactionMgr = searchBar.textbox.editor.transactionManager;
if (searchBar.value ||
transactionMgr.numberOfUndoItems ||
transactionMgr.numberOfRedoItems) {
aCallback("formdata", true, aArg);
return false;
}
}
let tabBrowser = currentWindow.gBrowser;
let findBarCanClear = Array.some(tabBrowser.tabs, function (aTab) {
return tabBrowser.isFindBarInitialized(aTab) &&
tabBrowser.getFindBar(aTab).canClear;
});
if (findBarCanClear) {
aCallback("formdata", true, aArg);
return false;
}
}
let count = 0;
let countDone = {
handleResult : aResult => count = aResult,
handleError : aError => Components.utils.reportError(aError),
handleCompletion :
function(aReason) { aCallback("formdata", aReason == 0 && count > 0, aArg); }
};
FormHistory.count({}, countDone);
return false;
}
},
downloads: {
clear: function ()
{
TelemetryStopwatch.start("FX_SANITIZE_DOWNLOADS");
Task.spawn(function*() {
let filterByTime = null;
if (this.range) {
// Convert microseconds back to milliseconds for date comparisons.
let rangeBeginMs = this.range[0] / 1000;
let rangeEndMs = this.range[1] / 1000;
filterByTime = download => download.startTime >= rangeBeginMs &&
download.startTime <= rangeEndMs;
}
// Clear all completed/cancelled downloads
let list = yield Downloads.getList(Downloads.ALL);
list.removeFinished(filterByTime);
TelemetryStopwatch.finish("FX_SANITIZE_DOWNLOADS");
}.bind(this)).then(null, error => {
TelemetryStopwatch.finish("FX_SANITIZE_DOWNLOADS");
Components.utils.reportError(error);
});
},
canClear : function(aCallback, aArg)
{
aCallback("downloads", true, aArg);
return false;
}
},
sessions: {
clear: function ()
{
TelemetryStopwatch.start("FX_SANITIZE_SESSIONS");
// clear all auth tokens
var sdr = Components.classes["@mozilla.org/security/sdr;1"]
.getService(Components.interfaces.nsISecretDecoderRing);
sdr.logoutAndTeardown();
// clear FTP and plain HTTP auth sessions
var os = Components.classes["@mozilla.org/observer-service;1"]
.getService(Components.interfaces.nsIObserverService);
os.notifyObservers(null, "net:clear-active-logins", null);
TelemetryStopwatch.finish("FX_SANITIZE_SESSIONS");
},
get canClear()
{
return true;
}
},
siteSettings: {
clear: function ()
{
TelemetryStopwatch.start("FX_SANITIZE_SITESETTINGS");
// Clear site-specific permissions like "Allow this site to open popups"
// we ignore the "end" range and hope it is now() - none of the
// interfaces used here support a true range anyway.
let startDateMS = this.range == null ? null : this.range[0] / 1000;
var pm = Components.classes["@mozilla.org/permissionmanager;1"]
.getService(Components.interfaces.nsIPermissionManager);
if (startDateMS == null) {
pm.removeAll();
} else {
pm.removeAllSince(startDateMS);
}
// Clear site-specific settings like page-zoom level
var cps = Components.classes["@mozilla.org/content-pref/service;1"]
.getService(Components.interfaces.nsIContentPrefService2);
if (startDateMS == null) {
cps.removeAllDomains(null);
} else {
cps.removeAllDomainsSince(startDateMS, null);
}
// Clear "Never remember passwords for this site", which is not handled by
// the permission manager
// (Note the login manager doesn't support date ranges yet, and bug
// 1058438 is calling for loginSaving stuff to end up in the
// permission manager)
var pwmgr = Components.classes["@mozilla.org/login-manager;1"]
.getService(Components.interfaces.nsILoginManager);
var hosts = pwmgr.getAllDisabledHosts();
for (var host of hosts) {
pwmgr.setLoginSavingEnabled(host, true);
}
// Clear site security settings - no support for ranges in this
// interface either, so we clearAll().
var sss = Cc["@mozilla.org/ssservice;1"]
.getService(Ci.nsISiteSecurityService);
sss.clearAll();
// Clear all push notification subscriptions
try {
var push = Cc["@mozilla.org/push/NotificationService;1"]
.getService(Ci.nsIPushNotificationService);
push.clearAll();
} catch (e) {
dump("Web Push may not be available.\n");
}
TelemetryStopwatch.finish("FX_SANITIZE_SITESETTINGS");
},
get canClear()
{
return true;
}
},
openWindows: {
privateStateForNewWindow: "non-private",
_canCloseWindow: function(aWindow) {
if (aWindow.CanCloseWindow()) {
// We already showed PermitUnload for the window, so let's
// make sure we don't do it again when we actually close the
// window.
aWindow.skipNextCanClose = true;
return true;
}
},
_resetAllWindowClosures: function(aWindowList) {
for (let win of aWindowList) {
win.skipNextCanClose = false;
}
},
clear: function(aCallback)
{
// NB: this closes all *browser* windows, not other windows like the library, about window,
// browser console, etc.
if (!aCallback) {
throw "Sanitizer's openWindows clear() requires a callback.";
}
// Keep track of the time in case we get stuck in la-la-land because of onbeforeunload
// dialogs
let existingWindow = Services.appShell.hiddenDOMWindow;
let startDate = existingWindow.performance.now();
// First check if all these windows are OK with being closed:
let windowEnumerator = Services.wm.getEnumerator("navigator:browser");
let windowList = [];
while (windowEnumerator.hasMoreElements()) {
let someWin = windowEnumerator.getNext();
windowList.push(someWin);
// If someone says "no" to a beforeunload prompt, we abort here:
if (!this._canCloseWindow(someWin)) {
this._resetAllWindowClosures(windowList);
return false;
}
// ...however, beforeunload prompts spin the event loop, and so the code here won't get
// hit until the prompt has been dismissed. If more than 1 minute has elapsed since we
// started prompting, stop, because the user might not even remember initiating the
// 'forget', and the timespans will be all wrong by now anyway:
if (existingWindow.performance.now() > (startDate + 60 * 1000)) {
this._resetAllWindowClosures(windowList);
return false;
}
}
// If/once we get here, we should actually be able to close all windows.
TelemetryStopwatch.start("FX_SANITIZE_OPENWINDOWS");
// First create a new window. We do this first so that on non-mac, we don't
// accidentally close the app by closing all the windows.
let handler = Cc["@mozilla.org/browser/clh;1"].getService(Ci.nsIBrowserHandler);
let defaultArgs = handler.defaultArgs;
let features = "chrome,all,dialog=no," + this.privateStateForNewWindow;
let newWindow = existingWindow.openDialog("chrome://browser/content/", "_blank",
features, defaultArgs);
// Window creation and destruction is asynchronous. We need to wait
// until all existing windows are fully closed, and the new window is
// fully open, before continuing. Otherwise the rest of the sanitizer
// could run too early (and miss new cookies being set when a page
// closes) and/or run too late (and not have a fully-formed window yet
// in existence). See bug 1088137.
let newWindowOpened = false;
function onWindowOpened(subject, topic, data) {
if (subject != newWindow)
return;
Services.obs.removeObserver(onWindowOpened, "browser-delayed-startup-finished");
newWindowOpened = true;
// If we're the last thing to happen, invoke callback.
if (numWindowsClosing == 0) {
TelemetryStopwatch.finish("FX_SANITIZE_OPENWINDOWS");
aCallback();
}
}
let numWindowsClosing = windowList.length;
function onWindowClosed() {
numWindowsClosing--;
if (numWindowsClosing == 0) {
Services.obs.removeObserver(onWindowClosed, "xul-window-destroyed");
// If we're the last thing to happen, invoke callback.
if (newWindowOpened) {
TelemetryStopwatch.finish("FX_SANITIZE_OPENWINDOWS");
aCallback();
}
}
}
Services.obs.addObserver(onWindowOpened, "browser-delayed-startup-finished", false);
Services.obs.addObserver(onWindowClosed, "xul-window-destroyed", false);
// Start the process of closing windows
while (windowList.length) {
windowList.pop().close();
}
newWindow.focus();
return true;
},
get canClear()
{
return true;
}
},
}
};
// "Static" members
Sanitizer.prefDomain = "privacy.sanitize.";
Sanitizer.prefShutdown = "sanitizeOnShutdown";
Sanitizer.prefDidShutdown = "didShutdownSanitize";
// Time span constants corresponding to values of the privacy.sanitize.timeSpan
// pref. Used to determine how much history to clear, for various items
Sanitizer.TIMESPAN_EVERYTHING = 0;
Sanitizer.TIMESPAN_HOUR = 1;
Sanitizer.TIMESPAN_2HOURS = 2;
Sanitizer.TIMESPAN_4HOURS = 3;
Sanitizer.TIMESPAN_TODAY = 4;
Sanitizer.TIMESPAN_5MIN = 5;
Sanitizer.TIMESPAN_24HOURS = 6;
// Return a 2 element array representing the start and end times,
// in the uSec-since-epoch format that PRTime likes. If we should
// clear everything, return null. Use ts if it is defined; otherwise
// use the timeSpan pref.
Sanitizer.getClearRange = function (ts) {
if (ts === undefined)
ts = Sanitizer.prefs.getIntPref("timeSpan");
if (ts === Sanitizer.TIMESPAN_EVERYTHING)
return null;
// PRTime is microseconds while JS time is milliseconds
var endDate = Date.now() * 1000;
switch (ts) {
case Sanitizer.TIMESPAN_5MIN :
var startDate = endDate - 300000000; // 5*60*1000000
break;
case Sanitizer.TIMESPAN_HOUR :
startDate = endDate - 3600000000; // 1*60*60*1000000
break;
case Sanitizer.TIMESPAN_2HOURS :
startDate = endDate - 7200000000; // 2*60*60*1000000
break;
case Sanitizer.TIMESPAN_4HOURS :
startDate = endDate - 14400000000; // 4*60*60*1000000
break;
case Sanitizer.TIMESPAN_TODAY :
var d = new Date(); // Start with today
d.setHours(0); // zero us back to midnight...
d.setMinutes(0);
d.setSeconds(0);
startDate = d.valueOf() * 1000; // convert to epoch usec
break;
case Sanitizer.TIMESPAN_24HOURS :
startDate = endDate - 86400000000; // 24*60*60*1000000
break;
default:
throw "Invalid time span for clear private data: " + ts;
}
return [startDate, endDate];
};
Sanitizer._prefs = null;
Sanitizer.__defineGetter__("prefs", function()
{
return Sanitizer._prefs ? Sanitizer._prefs
: Sanitizer._prefs = Components.classes["@mozilla.org/preferences-service;1"]
.getService(Components.interfaces.nsIPrefService)
.getBranch(Sanitizer.prefDomain);
});
// Shows sanitization UI
Sanitizer.showUI = function(aParentWindow)
{
var ww = Components.classes["@mozilla.org/embedcomp/window-watcher;1"]
.getService(Components.interfaces.nsIWindowWatcher);
#ifdef XP_MACOSX
ww.openWindow(null, // make this an app-modal window on Mac
#else
ww.openWindow(aParentWindow,
#endif
"chrome://browser/content/sanitize.xul",
"Sanitize",
"chrome,titlebar,dialog,centerscreen,modal",
null);
};
/**
* Deletes privacy sensitive data in a batch, optionally showing the
* sanitize UI, according to user preferences
*/
Sanitizer.sanitize = function(aParentWindow)
{
Sanitizer.showUI(aParentWindow);
};
Sanitizer.onStartup = function()
{
// we check for unclean exit with pending sanitization
Sanitizer._checkAndSanitize();
};
Sanitizer.onShutdown = function()
{
// we check if sanitization is needed and perform it
Sanitizer._checkAndSanitize();
};
// this is called on startup and shutdown, to perform pending sanitizations
Sanitizer._checkAndSanitize = function()
{
const prefs = Sanitizer.prefs;
if (prefs.getBoolPref(Sanitizer.prefShutdown) &&
!prefs.prefHasUserValue(Sanitizer.prefDidShutdown)) {
// One time migration to remove support for the clear saved passwords on exit feature.
if (!Services.prefs.getBoolPref("privacy.sanitize.migrateClearSavedPwdsOnExit")) {
let deprecatedPref = "privacy.clearOnShutdown.passwords";
let doUpdate = Services.prefs.prefHasUserValue(deprecatedPref) &&
Services.prefs.getBoolPref(deprecatedPref);
if (doUpdate) {
Services.logins.removeAllLogins();
Services.prefs.setBoolPref("signon.rememberSignons", false);
}
Services.prefs.clearUserPref(deprecatedPref);
Services.prefs.setBoolPref("privacy.sanitize.migrateClearSavedPwdsOnExit", true);
}
// this is a shutdown or a startup after an unclean exit
var s = new Sanitizer();
s.prefDomain = "privacy.clearOnShutdown.";
s.sanitize().then(function() {
prefs.setBoolPref(Sanitizer.prefDidShutdown, true);
});
}
};