[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation

Subject: Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 19 Jun 2015 15:04:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 19 Jun 2015 11:04:54 -0400
In-reply-to: <042.7a427d072cbb0c411e24cbdea838a237@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.7a427d072cbb0c411e24cbdea838a237@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16300: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  mcs
         Type:  task     |     Status:  needs_review
     Priority:  major    |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  ff38-esr, tbb-linkability, tbb-5
   Resolution:           |  .0a-highrisk, TorBrowserTeam201506R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------
Changes (by mcs):

 * status:  assigned => needs_review
 * keywords:  ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
     TorBrowserTeam201506 => ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
     TorBrowserTeam201506R


Comment:

 I attached our proposed fix.  Please review.

 The patch is kind of long, but many of the changes involve just passing
 the isolation host through. Kathy and I think this approach is best and
 that it is what Mozilla will want (an alternative would be to hack the
 isolation domain into the existing origin string).

 We did disallow use of Broadcast Channels from SharedWorkers when
 isolation is enabled because, as with blob URLs (#15502), there is no good
 way to get at the document or channel.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16300#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
Next by Author: Re: [tor-bugs] #16400 [Tor]: Bug: Assertion cp failed in microdescs_parse_from_string at ../src/or/routerparse.c:4168
Previous by thread: Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
Next by thread: Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
Index(es):
- Author
- Thread