[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [or-cvs] r13714: Err, actually, this is a bad idea. Jars can be non-local, an (torbutton/trunk/src/components)

To: or-cvs@xxxxxxxxxxxxx
Subject: Re: [or-cvs] r13714: Err, actually, this is a bad idea. Jars can be non-local, an (torbutton/trunk/src/components)
From: Mike Perry <mikeperry@xxxxxxxx>
Date: Sun, 24 Feb 2008 18:39:27 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Sun, 24 Feb 2008 21:40:35 -0500
In-reply-to: <20080225003944.1F4A6141BAC5@xxxxxxxxxxxxxx>
References: <20080225003944.1F4A6141BAC5@xxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.2i

Thus spake mikeperry@xxxxxxxx (mikeperry@xxxxxxxx):

> Author: mikeperry
> Date: 2008-02-24 19:39:44 -0500 (Sun, 24 Feb 2008)
> New Revision: 13714
> 
> Modified:
>    torbutton/trunk/src/components/cssblocker.js
> Log:
> 
> Err, actually, this is a bad idea. Jars can be non-local, and
> the vector for history disclosure actually undergoes a url

err s/history disclosure/chrome disclosure

> rewrite before being re-sent to the content policy.
> 
> 
> 
> Modified: torbutton/trunk/src/components/cssblocker.js
> ===================================================================
> --- torbutton/trunk/src/components/cssblocker.js	2008-02-25 00:30:35 UTC (rev 13713)
> +++ torbutton/trunk/src/components/cssblocker.js	2008-02-25 00:39:44 UTC (rev 13714)
> @@ -93,7 +93,7 @@
>       "pippki":true};
>  
>  var hostFreeSchemes = { "resource":true, "data":true, "cid":true, 
> -     "javascript":true, "file":true, "jar":true};
> +     "javascript":true, "file":true};
>  
>  var safeOriginSchemes = { "about":true, "chrome":true, "file":true};
>  

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpp1WRJicIHS.pgp
Description: PGP signature

References:
- [or-cvs] r13714: Err, actually, this is a bad idea. Jars can be non-local, an (torbutton/trunk/src/components)
  - From: mikeperry

Prev by Author: [or-cvs] r13441: First working implementation of simplified authorization pro (in tor/branches/121-hs-authorization: doc doc/spec src/common src/or)
Next by Author: [or-cvs] r13349: Fix "open in new window" bug introduced in r13324. (torbutton/trunk/src/components)
Previous by thread: [or-cvs] r13714: Err, actually, this is a bad idea. Jars can be non-local, an (torbutton/trunk/src/components)
Next by thread: [or-cvs] r13715: bump to 0.2.0.20-rc (in tor/trunk: . contrib src/win32)
Index(es):
- Author
- Thread