[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #14205 [Tor Browser]: Closely review all uses of IsCallerChrome() for e10s
#14205: Closely review all uses of IsCallerChrome() for e10s
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: assigned
Type: task | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-fingerprinting, tbb-e10s, tbb-
Browser | rebase, ff38-esr
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mcs):
Kathy and I spent some time analyzing our use of
nsContentUtils::isCallerChrome() and also thinking about when it makes
sense to use it and when it does not.
Currently, we use it in the following Tor Browser patches:
1c671d687504e1886587f86c176248b6367bf7ac (#13016 - Hide CSS -moz-osx-font-
smoothing)
1df6eeba14da4e1924e3576ce1103e2c56d786d5 (#6253 - Add canvas image
extraction prompt)
797a6165050e97c3cdd700e342aea059e8afe895 (#4755 - Return window coords for
mouse screenX/Y)
8d2b33f78f325cc50ebbe1e2a6657254bacdd9fc (#15646 - Prevent keyboard layout
fingerprinting)
In each of the above cases, content JavaScript is always involved when we
want to block access to fingerprinting vectors, so isCallerChrome() is OK
to use. Actually, it would be better to use
nsContentUtils::ThreadsafeIsCallerChrome() instead in all cases because
that call will do the right thing for web workers.
We have not yet evaluated the situation when electrolysis is enabled.
An alternative to IsCallerChrome() and ThreadsafeIsCallerChrome() is to
use calls such as nsDocShell::GetIsContent() and
nsPresContext::IsChrome(). Those methods return a value that is not based
on who is asking (i.e., not based on what is in the call stack); the value
returned is based on the context in which the document was created. The
problem with this approach is that if privileged code is manipulating a
content document, we may want to allow access to otherwise blocked info...
in which case ThreadsafeIsCallerChrome() is a better choice.
For TB 5.0, Kathy and I think we should replace all of our
IsCallerChrome() calls with ThreadsafeIsCallerChrome() but otherwise leave
things as-is.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14205#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs