[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr
#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-7.0-must, | Actual Points:
TorBrowserTeam201703, GeorgKoppen201703 |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by mcs):
Replying to [comment:28 gk]:
> > b) We should verify that the new `<input>` types do not leak locale
information, e.g., `<input type="time">`, `type="date"`, `type="week"`,
etc.
> > https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input
>
> Hm. The docs say these are not implemented yet and the linked bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=888320) seems to second
that. What made you believe they are wrong?
I don't remember what we saw, but you are correct: the implementation
seems to be a work in progress and the new input types are disabled via a
`dom.forms.datetime` pref.
> > d) HTTP Opportunistic Security may add some linkability risks,
although it seems okay at a glance.
> > http://httpwg.org/http-extensions/opsec.html
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1301117
>
> It seems that needs HTTP2/Alternative Services being enabled which is
both not the case for us?
Yes, I think #16673 took care of disabling it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs