[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbutton/master] Bug 22457: Allow resources loaded by view-source://

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torbutton/master] Bug 22457: Allow resources loaded by view-source://
From: gk@xxxxxxxxxxxxxx
Date: Fri, 2 Jun 2017 08:40:43 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Jun 2017 04:40:52 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 137c0527b1d152c5999db53894badc54ab9e34c9
Author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date:   Thu Jun 1 09:26:11 2017 +0000

    Bug 22457: Allow resources loaded by view-source://
    
    Instead of whitelisting single resources for view-source requests that
    might allow platform detection we allow all of those that are needed by
    requests with a view-source origin. This should be safe now that
    https://bugzilla.mozilla.org/show_bug.cgi?id=1172165 landed.
---
 src/components/content-policy.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index a63919c..b2fdff7 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -83,8 +83,12 @@ ContentPolicy.prototype = {
       return Ci.nsIContentPolicy.ACCEPT;
     }
 
-    // Accept if no origin URI or if origin scheme is chrome/resource/about.
-    if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
+    // Accept if no origin URI or if origin scheme is
+    // chrome/resource/about/view-source.
+    if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') ||
+                           aRequestOrigin.schemeIs('chrome') ||
+                           aRequestOrigin.schemeIs('about') ||
+                           aRequestOrigin.schemeIs('view-source'))
       return Ci.nsIContentPolicy.ACCEPT;
 
     // Accept if resource directly loaded into a tab.

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torbutton/master] Bug 22104: Adjust our content policy whitelist for ff52-esr.
Next by Author: [tor-commits] [tor-browser/tor-browser-52.1.1esr-7.0-1] Bug 16485: Improve about:cache page
Previous by thread: [tor-commits] [tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 21862: Rip out potentially unsafe rust code
Next by thread: [tor-commits] [tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 16485: Improve about:cache page
Index(es):
- Author
- Thread