[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22357 [User Experience/Website]: Drop down menus are broken on Tor Browser download page



#22357: Drop down menus are broken on Tor Browser download page
-------------------------------------+---------------------------------
 Reporter:  arthuredelstein          |          Owner:  arthuredelstein
     Type:  defect                   |         Status:  accepted
 Priority:  Medium                   |      Milestone:
Component:  User Experience/Website  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:                           |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+---------------------------------
Changes (by arthuredelstein):

 * cc: gk, boklm (added)
 * owner:  linda => arthuredelstein
 * status:  new => accepted


Comment:

 I noticed in the JS console that the following error is being reported:
 {{{
 Content Security Policy: The page’s settings blocked the loading of a
 resource at self (“script-src https://www.torproject.org”;). Source:
   function updateLang() {
     var calle....
 }}}

 Turns out CSP is being enforced and the website is not including "script-
 src 'unsafe-inline'", so the inline `updateLang` function doesn't run. Did
 our CSP get changed recently?

 I wrote a patch that moves this inline function to an existing external
 JavaScript file instead. Unfortunately the bundle version numbers are
 stored in webml variables and these are only inserted in `.html` files.
 Therefore I introduced an invisible `<span>` in our `.html` file whose
 contents contain the version numbers. The updateLang function then parses
 these version numbers and inserts them into the links as needed.

 https://github.com/arthuredelstein/commit/22357

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22357#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs