[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr



#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,              |  Actual Points:
  TorBrowserTeam201703, GeorgKoppen201703        |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by mcs):

 Replying to [comment:28 gk]:
 > > b) We should verify that the new `<input>` types do not leak locale
 information, e.g., `<input type="time">`, `type="date"`, `type="week"`,
 etc.
 > >  https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input
 >
 > Hm. The docs say these are not implemented yet and the linked bug
 (https://bugzilla.mozilla.org/show_bug.cgi?id=888320) seems to second
 that. What made you believe they are wrong?

 I don't remember what we saw, but you are correct: the implementation
 seems to be a work in progress and the new input types are disabled via a
 `dom.forms.datetime` pref.

 > > d) HTTP Opportunistic Security may add some linkability risks,
 although it seems okay at a glance.
 > >  http://httpwg.org/http-extensions/opsec.html
 > >  https://bugzilla.mozilla.org/show_bug.cgi?id=1301117
 >
 > It seems that needs HTTP2/Alternative Services being enabled which is
 both not the case for us?

 Yes, I think #16673 took care of disabling it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs