[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch

Subject: Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 30 Oct 2015 15:35:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 30 Oct 2015 11:36:02 -0400
In-reply-to: <049.5584f96ec4e6d0d2cea2f546e121e3f8@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.5584f96ec4e6d0d2cea2f546e121e3f8@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16620: Transform window.name handling into Firefox patch
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  mcs
     Type:  defect                               |         Status:
 Priority:  Medium                               |  needs_revision
Component:  Tor Browser                          |      Milestone:
 Severity:  Normal                               |        Version:
 Keywords:  tbb-torbutton-conversion,            |     Resolution:
  TorBrowserTeam201510R                          |  Actual Points:
Parent ID:                                       |         Points:
  Sponsor:  SponsorU                             |
-------------------------------------------------+-------------------------

Comment (by mcs):

 Replying to [comment:14 gk]:
 > Could you try testing with
 http://www.thomasfrank.se/sessvarsTestPage1.html? I am currently
 recompiling my build to be absolutely sure I tested your patches but it
 seems your patch does not handle this testcase (see #3414 for context).
 >
 > There seem to be in fact two issues:
 >
 > 1) If I understand this correctly then caching might bypass the
 protections in your patch.
 > 2) But even if I disable caching and disable sending the Referer header
 your code behaves differently than the one in 5.0.3.

 For the http://www.thomasfrank.se/sessvarsTestPage1.html page (which I
 assume is issue 2 above), the problem is that our patch clears window.name
 too soon. That page installs an unload event handler that re-saves its
 "session variables" to window.name after we clear it. We are working on a
 new patch that fixes this problem by relocating our code that clears
 window.name.

 But can you explain more about issue 1? Is the concern that pages loaded
 from the cache will not cause window.name to be cleared? Do you have a
 test case? (if not, Kathy and I will come up with one).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16620#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17453 [Tor Messenger]: Crashing on Windows 10
Next by Author: Re: [tor-bugs] #17453 [Tor Messenger]: Crashing on Windows 10
Previous by thread: Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
Next by thread: Re: [tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
Index(es):
- Author
- Thread