[tbb-bugs] #27427 [Applications/Tor Browser]: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 14 11:34:37 UTC 2018
#27427: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages
-------------------------------------------------+-------------------------
Reporter: rustybird | Owner:
| arthuredelstein
Type: defect | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201809R, | Actual Points:
tbb-8.0.1-can |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by rustybird):
Replying to [comment:11 cypherpunks3]:
> Replying to [comment:8 rustybird]:
> > Which could mean that it occasionally affects real websites as well.
>
> Ok. And your fix is to ignore the [fetchChildPolicy] message? Isn't it
evident that there's a concurrency bug in NoScript that should be fixed?
Hmm, now that you mention it... If this race hypothetically affects real
websites (i.e. not just `about:blank` and empty `data:` pages), then it
seems like the NoScript policy would not be applied correctly for such a
page, with or without the proposed Torbutton patch.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27427#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list