[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #4527 [HTTPS Everywhere: Chrome]: Rule list context menu doesn't get cleared for new https urls

To: undisclosed-recipients:;
Subject: [tor-bugs] #4527 [HTTPS Everywhere: Chrome]: Rule list context menu doesn't get cleared for new https urls
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 21 Nov 2011 04:18:43 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 20 Nov 2011 23:18:59 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4527: Rule list context menu doesn't get cleared for new https urls
--------------------------------------+-------------------------------------
 Reporter:  mikeperry                 |          Owner:  mikeperry
     Type:  defect                    |         Status:  new      
 Priority:  normal                    |      Milestone:           
Component:  HTTPS Everywhere: Chrome  |        Version:           
 Keywords:                            |         Parent:           
   Points:                            |   Actualpoints:           
--------------------------------------+-------------------------------------
 Due to the fact that we don't listen to https url events for
 onBeforeRequest, we do not have a way to clear stale rules from the url
 bar when the user manually navigates to a new URL (for example, visits
 "eff.org" and then types in "https://encrypted.google.com"; the eff rules
 will remain displayed on the Google page). We don't want to listen to
 blocking https onBeforeRequest events because this would impede
 performance.

 This bug is way more tricky than it seems. There are several possible
 solutions. I've tried the following four, and none of them really have
 worked out so far.

 1. Listen to onBeforeRequest async for https
 (https://code.google.com/chrome/extensions/trunk/experimental.webRequest.html
 #event-onBeforeRequest)

 I tried purging the rules whenever we had a details.type == "main_frame"
 and an https scheme in the async handler, but this causes premature rule
 clearing for redirects unless you also listen to onBeforeRedirect. If you
 do listen to onBeforeRedirect, it still fails on JS redirects. eff.org has
 a JS redirect to www.eff.org.

 2. Listen to tabs.onUpdated async
 (https://code.google.com/chrome/extensions/tabs.html#event-onUpdated)

 Had similar issues to #1, with some additional event ordering problems.

 3. Track rule destination urls used for each tab

 In desperation, I even tried tracking the destination URL from our url
 engine for each tab, with the intention of clearing the list if the
 current URL differed from the last rule url.

 However, I was again defeated by the inability to detect JS redirects.

 4. Listen to WebNavigation.onCommitted for details.transitionType ==
 "typed" and possibly also "link"
 (https://code.google.com/chrome/extensions/trunk/webNavigation.html#event-
 onCommitted)

 This was the most promising, because we could use it to clear the rule
 sets when we detected a user-driven navigation to a new https url.

 However, transitionType == "typed" is still set for redirects that happen
 after a typed URL (and possibly for all JS redirects). This seems like an
 API bug to me. Should we file one?


 It seems like we might be left with just adding some heuristics to option
 3 only clear the rules if the domain smells different enough?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4527>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #4527 [HTTPS Everywhere: Chrome]: Rule list context menu doesn't get cleared for new https urls
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #4526 [Tor Relay]: Use OpenSSL 1.0.0's counter-mode code
Next by Author: Re: [tor-bugs] #4428 [EFF-HTTPS Everywhere]: Update HTTPS-Everywhere for Chrome
Previous by thread: Re: [tor-bugs] #4526 [Tor Relay]: Use OpenSSL 1.0.0's counter-mode code
Next by thread: Re: [tor-bugs] #4527 [HTTPS Everywhere: Chrome]: Rule list context menu doesn't get cleared for new https urls
Index(es):
- Author
- Thread