[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3580 [TorBrowserButton]: tor problem with hotmail
#3580: tor problem with hotmail
----------------------------------------+-----------------------------------
Reporter: spinnaker83 | Owner: mikeperry
Type: defect | Status: assigned
Priority: major | Milestone: TorBrowserBundle 2.2.x-stable
Component: TorBrowserButton | Version:
Keywords: MikePerryIteration20110828 | Parent:
Points: 3 | Actualpoints:
----------------------------------------+-----------------------------------
Comment(by mikeperry):
Some more details:
Hotmail indeed appears to be loading the scripts as object tags, perhaps
as some kind of performance hack to get the browser to cache all the
scripts that may be used on various pieces of the site without actually
parsing and interpreting them on every page (they are 100's of K each). It
appears to convert the object tags that it wants interpreted into script
tags though DOM manipulation on a given page. I am not sure exactly where
it does this.
docShell.allowPlugins does in fact trigger that content policy check
mentioned above. Disabling that check in the source and rebuilding Firefox
does in fact fix the problem for hotmail..
The downside is that there is no clear way to allow these objects without
risking loading all plugins.
We can potentially disable Torbutton's plugin protections on Tor Browser
and let it fall back to NoScript, but I feel like this is a dangerous
default configuration. Perhaps once we implement #3547 we can do that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3580#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs