[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level

Subject: Re: [tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 20 Jul 2015 21:53:54 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Jul 2015 17:54:03 -0400
In-reply-to: <046.911e58d32b66594218d88cf9289faec4@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.911e58d32b66594218d88cf9289faec4@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16607: Allow SVG for extensions, even on "high" security level
-----------------------------+-------------------------------
     Reporter:  mbauer       |      Owner:  tbb-team
         Type:  defect       |     Status:  needs_information
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-usability
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-------------------------------

Comment (by mbauer):

 I created a sample addon, including two resource-pages using inline svg.
 Installing the addon opens a new tab, that links these pages. Source is
 attached. https://www.dropbox.com/s/ycj8vva7u3cg5c4/svg-testaddon.zip?dl=0

 Actually, you should be aware of issue #16495. It describes a problem that
 crashes Tor Browser on pages that include svg elements, if the security
 level is set to high. The first page is small enough to not crash the
 browser, but the second page will (that's my current graphic). According
 to #16495, the crash is caused by the svg blocking code.

 For the whitelisting idea: Maybe you should apply it to the page that
 wants to include svg. If a !resource:// page includes svg, it's fine, if a
 !http:// page includes svg from an addon resource, it would still be
 blocked.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16607#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13313 [Tor Browser]: Enable bundled fonts in Tor Browser
Next by Author: Re: [tor-bugs] #16574 [Outreach]: Onion service hackathon summary
Previous by thread: Re: [tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level
Next by thread: Re: [tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level
Index(es):
- Author
- Thread