[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox through Tor



Thus spake Mike Perry (mikepery@xxxxxxxxxx):

> > but if you're asking whether XPCOM allows one to use a proxy on/off
> > based on a page and all its components (images, css files, js files), the
> > answer is yes.
> 
> Yes, excellent. That is the property that is needed. If you use that
> level of control, you are fine.
> 
> Incidentally, the problem above can happen with ftp://, gopher:// and
> whatever other protocol the browser might accept, so make sure you are
> updating all proxy settings for each page.

So I've noticed a couple other gotchas when looking at the html
content of a couple of sites.

1. Frames and iframes. Frames are not very common on email sites, but
I believe about.com does use them and has been known to pass
information between frames. iframes are used by google adsense. I
could easily see XPCOM interpreting frames/iframes as being distinct
pages. 

2. Links. Say I want to know who baz@xxxxxxxxx is. I send them a mail
(possibly spoofed to look like it's from a previous correspondent of
theirs) instructing them to click on some link that I control that no
one else has seen. This can happen inadvertantly or accidentally even,
I know I've accidentally clicked on an ad banner/stray link here or
there.

Can you provide some sort of option so that the proxy stays enabled
for links clicked from a proxy-enabled page? Would be useful for those
of us with over-sensitive touchpads :)

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs