[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation

Subject: Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 25 Jun 2015 01:57:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 Jun 2015 21:57:42 -0400
In-reply-to: <042.7a427d072cbb0c411e24cbdea838a237@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.7a427d072cbb0c411e24cbdea838a237@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16300: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  mcs
         Type:  task     |     Status:  needs_revision
     Priority:  major    |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  ff38-esr, tbb-linkability, tbb-5
   Resolution:           |  .0a-highrisk, TorBrowserTeam201506R,
Actual Points:           |  GeorgKoppen201506R
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------
Changes (by mikeperry):

 * status:  needs_review => needs_revision


Comment:

 It seems like GetFirstPartyHost() can fail to get an isolation host in
 InitializeRunnable::MainThreadRun() in
 dom/broadcastchannel/BroadcastChannel.cpp if there is no document yet in
 the Worker. Doesn't this mean that workers who can trigger this case can
 still broadcast to eachother even if they are launched from different
 isolation domains, because their empty isolation host strings will match?

 I'm not completely clear on what is the best way to handle this case.
 Perhaps broadcast messages should fail if isolation is enabled and the
 isolation host is either empty (and also if prefixed with "--
 NoFirstPartyHost-", for when the getFirstPartyHostForIsolation API itself
 fails)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16300#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16397 [Tor Browser]: Tor Browser closes unexpectedly
Next by Author: [tor-bugs] #16441 [Tor Browser]: 8-month-old Tor Browser offers to "Reset Tor Browser", removes extensions
Previous by thread: Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
Next by thread: Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
Index(es):
- Author
- Thread