[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16757 [Tor Browser]: Verify that new DOM properties are really disabled

#16757: Verify that new DOM properties are really disabled
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  new
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-fingerprinting,
  Browser                |  tbb-5.0-regression, TorBrowserTeam201509
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 I suppose the list in comment:description was generated in a chrome-
 privileged document. I tried running the following code in the web console
 of `about:blank`:

 {{{
 var data = "onlanguagechange, mozRequestOverfill, back, forward, home,
 openDialog, controllers, realFrameElement, MozSelfSupport, _content,
 Symbol, WeakSet, HTMLPictureElement, AnimationEffect, PerformanceMeasure,
 PluginCrashedEvent, MenuBoxObject, ScrollViewChangeEvent,
 SelectionStateChangedEvent, DOMMatrixReadOnly, DOMMatrix, PopupBoxObject,
 AnimationTimeline, PerformanceMark, DOMApplication, IDBMutableFile,
 StereoPannerNode, CameraDetectedFace, CameraStateChangeEvent,
 CSSCounterStyleRule, CameraRecorderVideoProfile, CameraRecorderProfile,
 CameraRecorderProfiles, AnonymousContent, NamedNodeMap,
 DOMApplicationsManager, ContentProcessMessageManager,
 CameraConfigurationEvent, HTMLAllCollection, PromiseDebugging,
 SubtleCrypto, Animation, CameraRecorderAudioProfile, RadioNodeList,
 WindowRoot, CameraClosedEvent, CryptoKey, CameraFacesDetectedEvent,
 MozSettingsTransactionEvent, IDBFileRequest, BroadcastChannel,
 MessageChannel, AnimationPlayer";
 var names = data.split(",").map(x => x.trim());
 for (var name of names) console.log(name, window[name]);
 }}}

 And the result was:
 {{{

 "onlanguagechange" null
 "mozRequestOverfill" undefined
 "back" undefined
 "forward" undefined
 "home" undefined
 "openDialog" undefined
 "controllers" XULControllers {  }
 "realFrameElement" undefined
 "MozSelfSupport" undefined
 "_content" undefined
 "Symbol" function Symbol()
 "WeakSet" function WeakSet()
 "HTMLPictureElement" function ()
 "AnimationEffect" undefined
 "PerformanceMeasure" function ()
 "PluginCrashedEvent" undefined
 "MenuBoxObject" undefined
 "ScrollViewChangeEvent" undefined
 "SelectionStateChangedEvent" undefined
 "DOMMatrixReadOnly" function ()
 "DOMMatrix" function ()
 "PopupBoxObject" undefined
 "AnimationTimeline" undefined
 "PerformanceMark" function ()
 "DOMApplication" undefined
 "IDBMutableFile" function ()
 "StereoPannerNode" function ()
 "CameraDetectedFace" undefined
 "CameraStateChangeEvent" undefined
 "CSSCounterStyleRule" DOMPrototype { , 1 moreâ }
 "CameraRecorderVideoProfile" undefined
 "CameraRecorderProfile" undefined
 "CameraRecorderProfiles" undefined
 "AnonymousContent" undefined
 "NamedNodeMap" function ()
 "DOMApplicationsManager" undefined
 "ContentProcessMessageManager" undefined
 "CameraConfigurationEvent" undefined
 "HTMLAllCollection" function ()
 "PromiseDebugging" undefined
 "SubtleCrypto" function ()
 "Animation" undefined
 "CameraRecorderAudioProfile" undefined
 "RadioNodeList" function ()
 "WindowRoot" undefined
 "CameraClosedEvent" undefined
 "CryptoKey" function ()
 "CameraFacesDetectedEvent" undefined
 "MozSettingsTransactionEvent" undefined
 "IDBFileRequest" function ()
 "BroadcastChannel" function ()
 "MessageChannel" undefined
 "AnimationPlayer" undefined
 }}}

 The non-undefined properties were:
 {{{
 > for (var name of names) if (window[name]) console.log(name,
 window[name]);

 "controllers" XULControllers {  }
 "Symbol" function Symbol()
 "WeakSet" function WeakSet()
 "HTMLPictureElement" function ()
 "PerformanceMeasure" function ()
 "DOMMatrixReadOnly" function ()
 "DOMMatrix" function ()
 "PerformanceMark" function ()
 "IDBMutableFile" function ()
 "StereoPannerNode" function ()
 "CSSCounterStyleRule" DOMPrototype { , 1 moreâ }
 "NamedNodeMap" function ()
 "HTMLAllCollection" function ()
 "SubtleCrypto" function ()
 "RadioNodeList" function ()
 "CryptoKey" function ()
 "IDBFileRequest" function ()
 "BroadcastChannel" function ()
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16757#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs