[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch

Subject: Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 21 Oct 2015 11:36:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Oct 2015 07:36:58 -0400
In-reply-to: <049.5584f96ec4e6d0d2cea2f546e121e3f8@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.5584f96ec4e6d0d2cea2f546e121e3f8@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16620: Transform window.name handling into Firefox patch
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  mcs
     Type:  defect                               |         Status:
 Priority:  Medium                               |  needs_review
Component:  Tor Browser                          |      Milestone:
 Severity:  Normal                               |        Version:
 Keywords:  tbb-torbutton-conversion,            |     Resolution:
  TorBrowserTeam201510R                          |  Actual Points:
Parent ID:                                       |         Points:
  Sponsor:  SponsorU                             |
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:5 arthuredelstein]:
 > As an experiment, I browsed to https://www.torproject.org, opened the
 page's JS console and entered `window.name = "test"`. Then I navigated to
 https://trac.torproject.org. I noticed that `window.name` was reset to an
 empty string. This behavior is different from our isolation policy for
 caches, DOM storage, favicons, etc, where we isolate by base domain. Might
 we want to use ThirdPartyUtil::GetBaseDomain instead of
 CheckSameOriginURI, so that www.torproject.org and trac.torproject.org are
 allowed to share data via `window.name`?

 Not sure what "navigated" in this context means. Are you saying the patch
 behaves differently than specified in 4.5.12 of our design document?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16620#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17305 [Tor Browser]: Make our Gitian setup able to build hardened Linux bundles (64bit)
Next by Author: [tor-bugs] #17398 [Tor]: Memory leak in batch signature checking
Previous by thread: Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
Next by thread: Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
Index(es):
- Author
- Thread