[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23723 [Applications/Tor Browser]: Loading entities from NoScript .dtd files is blocked

#23723: Loading entities from NoScript .dtd files is blocked
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:  noscript                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by ma1):

 Replying to [comment:1 gk]:


 > : a workaround would be to set
 `extensions.torbutton.resource_and_chrome_uri_fingerprinting` to `true`.

 I'm implementing this in next dev build, out in minutes, and it apparently
 works, with exposure minimized to the quasy-synchronous (local filesystem)
 load/parsing.

 You can preview it by running this code in a browser-scoped Scratchpad
 window with any NoScript 5.1.x installed:

 {
   let xhr = new XMLHttpRequest();
   xhr.open("GET", "!chrome://noscript/content/noscriptOverlayFx57.xul");
   try {
     // work around to resolve overlay's XML entities despite the Tor
 Browser

     let TOR_PREF =
 "extensions.torbutton.resource_and_chrome_uri_fingerprinting";
     let torPrefValue = Services.prefs.getBoolPref(TOR_PREF);
     let restorePref = () => Services.prefs.setBoolPref(TOR_PREF,
 torPrefValue);
     for (let e of ["progress", "loadend"]) { // restore as early as
 possible (almost sync)
       xhr.addEventListener(e, restorePref);
     }
     xhr.addEventListener("loadstart", () => {
       Services.prefs.setBoolPref(TOR_PREF, true);
     });

   } catch (e) {
     // no pref value, it doesn't seem to be a Tor Browser :)
   }
   xhr.addEventListener("load", () => {
     alert(xhr.responseXML.getElementById("noscript-tbb"));
   });
  xhr.send()
 }

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23723#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs