[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
#16300: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
-------------------------+-------------------------------------------------
Reporter: gk | Owner: mcs
Type: task | Status: needs_review
Priority: major | Milestone:
Component: Tor | Version:
Browser | Keywords: ff38-esr, tbb-linkability, tbb-5
Resolution: | .0a-highrisk, TorBrowserTeam201506R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Changes (by mcs):
* status: assigned => needs_review
* keywords: ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
TorBrowserTeam201506 => ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
TorBrowserTeam201506R
Comment:
I attached our proposed fix. Please review.
The patch is kind of long, but many of the changes involve just passing
the isolation host through. Kathy and I think this approach is best and
that it is what Mozilla will want (an alternative would be to hack the
isolation domain into the existing origin string).
We did disallow use of Broadcast Channels from SharedWorkers when
isolation is enabled because, as with blob URLs (#15502), there is no good
way to get at the document or channel.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16300#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs