[tbb-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 20 21:53:54 UTC 2015

#16607: Allow SVG for extensions, even on "high" security level
     Reporter:  mbauer       |      Owner:  tbb-team
         Type:  defect       |     Status:  needs_information
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-usability
Actual Points:               |  Parent ID:
       Points:               |

Comment (by mbauer):

 I created a sample addon, including two resource-pages using inline svg.
 Installing the addon opens a new tab, that links these pages. Source is
 attached. https://www.dropbox.com/s/ycj8vva7u3cg5c4/svg-testaddon.zip?dl=0

 Actually, you should be aware of issue #16495. It describes a problem that
 crashes Tor Browser on pages that include svg elements, if the security
 level is set to high. The first page is small enough to not crash the
 browser, but the second page will (that's my current graphic). According
 to #16495, the crash is caused by the svg blocking code.

 For the whitelisting idea: Maybe you should apply it to the page that
 wants to include svg. If a !resource:// page includes svg, it's fine, if a
 !http:// page includes svg from an addon resource, it would still be

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16607#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list