[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3580 [TorBrowserButton]: tor problem with hotmail



#3580: tor problem with hotmail
----------------------------------------+-----------------------------------
 Reporter:  spinnaker83                 |          Owner:  mikeperry                    
     Type:  defect                      |         Status:  assigned                     
 Priority:  major                       |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  TorBrowserButton            |        Version:                               
 Keywords:  MikePerryIteration20110828  |         Parent:                               
   Points:  3                           |   Actualpoints:                               
----------------------------------------+-----------------------------------

Comment(by mikeperry):

 Some more details:

 Hotmail indeed appears to be loading the scripts as object tags, perhaps
 as some kind of performance hack to get the browser to cache all the
 scripts that may be used on various pieces of the site without actually
 parsing and interpreting them on every page (they are 100's of K each). It
 appears to convert the object tags that it wants interpreted into script
 tags though DOM manipulation on a given page. I am not sure exactly where
 it does this.

 docShell.allowPlugins does in fact trigger that content policy check
 mentioned above. Disabling that check in the source and rebuilding Firefox
 does in fact fix the problem for hotmail..

 The downside is that there is no clear way to allow these objects without
 risking loading all plugins.

 We can potentially disable Torbutton's plugin protections on Tor Browser
 and let it fall back to NoScript, but I feel like this is a dangerous
 default configuration. Perhaps once we implement #3547 we can do that.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3580#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs