[tbb-bugs] #19200 [Applications/Tor Browser]: HTML5 video not blocked with placeholder, plays automatically
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 7 12:34:11 UTC 2016
#19200: HTML5 video not blocked with placeholder, plays automatically
-------------------------------------------------+-------------------------
Reporter: potato | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-security-slider, | Actual Points:
tbb-6.0-issues, GeorgKoppen201610, |
TorBrowserTeam201610, noscript |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by bugzilla):
* keywords:
tbb-security-slider, tbb-6.0-issues, GeorgKoppen201610,
TorBrowserTeam201610
=>
tbb-security-slider, tbb-6.0-issues, GeorgKoppen201610,
TorBrowserTeam201610, noscript
Comment:
Replying to [comment:16 ma1]:
Giorgio, gk asked you about the security hole 3 mo ago. Do you think it's
not about NoScript or it shouldn't be addressed in a timely fashion?
> The only partial work around I can think of is to implement a "special
case" ClickToPlay for MSE, activating all the elements of a certain page
if any placeholder gets clicked (the key would be page's URL, rather than
the non-existent "media URL", and a page reload would occur). Would that
work for you?
It looks like TBB shouldn't expose MSE availability to sites for which JS
is disabled (to make HTML5 A/V visible). But for JS-enabled sites your
"ClickToPlay for MSE" feature looks good.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19200#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list