[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r14351: Fix favicon leak regression caused by r13901. (torbutton/trunk/src/components)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r14351: Fix favicon leak regression caused by r13901. (torbutton/trunk/src/components)
From: mikeperry@xxxxxxxx
Date: Thu, 10 Apr 2008 20:17:45 -0400 (EDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Thu, 10 Apr 2008 20:17:51 -0400
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: mikeperry
Date: 2008-04-10 20:17:44 -0400 (Thu, 10 Apr 2008)
New Revision: 14351

Modified:
   torbutton/trunk/src/components/cssblocker.js
Log:

Fix favicon leak regression caused by r13901.



Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js	2008-04-10 15:12:24 UTC (rev 14350)
+++ torbutton/trunk/src/components/cssblocker.js	2008-04-11 00:17:44 UTC (rev 14351)
@@ -174,7 +174,8 @@
             }
         } else {
             // rules based on request origin:
-            // 1) privileged schemes can access anything
+            // 1) privileged schemes can access local content but 
+            //    must be checked for network access (favicons)
             // 2) locally privileged schemes can access local content
             // 3) forbidden schemes should be blocked
             // 4) all others cannot access any (unwrapped) local content
@@ -184,10 +185,17 @@
             // 
             switch (requestOrigin.scheme) {
             case "chrome":
+                // privileged
+                if ((contentLocation.scheme in localSchemes) ||
+                    (contentLocation.scheme in hostFreeSchemes)) {
+                    return ok;
+                }
+                // Chrome can source favicons from non-local protocols.
+                // This needs to be checked below.
+                break;
             case "about":
             case "resource":
                 // privileged
-                // NOTE: don't log, chrome fills error console with chrome requests
                 return ok;
                 break;
             case "view-source":

Prev by Author: [or-cvs] r14348: Fix thrown exception in content policy. (torbutton/trunk/src/components)
Next by Author: [or-cvs] r14356: Prevent popup windows from displaying at all if the opener's (torbutton/trunk/src/chrome/content)
Previous by thread: [or-cvs] r14350: Make dumpstats() log the size and fullness of openssl-intern (in tor/trunk: . src/common src/or)
Next by thread: [or-cvs] r14352: and forward-port that (tor/trunk)
Index(es):
- Author
- Thread