[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful



#15502: URL.createObjectURL() considered harmful
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-linkability, tbb-newnym,
  Browser                |  tbb-4.5-alpha, TorBrowserTeam201504R,
   Resolution:           |  MikePerry201504R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 The tor-browser patch looks mostly ok to me, though I am a little worried
 about the use of nsContentUtils::GetDocumentFromCaller() in
 ThirdPartyUtil::GetFirstPartyHostFromCaller(). It is reminding me of
 #13027. We ultimately discovered that WebWorkers were given the correct
 Javascript context after creation, but can we explicitly test WebWorkers
 to ensure they can't access blob uris from different first party domains
 as well, just to be sure? Probably also wise to make this an actual in-
 tree test to ensure that it doesn't change on us in ff38-esr.

 I think it might also be helpful to have mcs+brade to weigh in on this
 approach.

 I filed #15703 to remind us about mediasource: and associated tests in
 ff38-esr.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15502#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs