[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services



#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
-------------------------------------------------+-------------------------
 Reporter:  isabela                              |          Owner:
                                                 |  pospeselr
     Type:  project                              |         Status:
                                                 |  needs_revision
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, tor-hs,                     |  Actual Points:
  TorBrowserTeam201805                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by mcs):

 Very nice work. I have these additional comments:
 * In browser/base/content/browser.js, a space is missing after the `if`
 here: `if(this._isEV) {`
 * In dom/security/nsMixedContentBlocker.cpp, a space is missing after the
 `if` here: `if(NS_FAILED(rv)) {`
 * Should we remove the comments and meta data (title, desc, defs) from the
 SVG files?
 * In browser/base/content/pageinfo/security.js,
 dom/security/nsMixedContentBlocker.cpp, and
 security/manager/ssl/nsSecureBrowserUIImpl.cpp: is it safe to assume the
 host name is lower case? The browser seems to switch `.ONION` to `.onion`
 when I try to use the former but I don't know why that happens.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:52>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs