[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #27427 [Applications/Tor Browser]: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages
#27427: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages
-------------------------------------------------+-------------------------
Reporter: rustybird | Owner:
| arthuredelstein
Type: defect | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201809R, | Actual Points:
tbb-8.0.1-can |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks3):
Replying to [comment:15 ma1]:
> It should not: NoScript defers all the HTTP(S) traffic until its policy
is configured and ready to be enforced.
Ok, so let's say it only breaks in harmless cases. Regardless, it still
looks like a bug to me: the handler for `fetchChildPolicy` is running
before making sure the state is properly initialised; for example, the
object `ns.policy` is used and dereferenced in `getForDocument` even
though it could still be null. Or maybe I'm wrong, I'm just reading this
code now.
> about:blank, data: and file: URLs are those which might suffer of this
problem, because NoScript has no means to prevent them from loading before
it's initialized.
Does that mean that the approach mentioned there [ticket:27553#comment:3]
is unreliable because of this race?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27427#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs