[tbb-dev] Current thoughts on tb-manual presentation

Kathleen Brade brade at pearlcrescent.com
Wed May 28 18:42:34 UTC 2014

On 5/28/14, 12:34 PM, Matt Pagan wrote:
> How salient are the risks of accessing the network if there are no
> external links in the manual and the window is opened with arguments
> similar to:
> window.open("file://" + dir + "index.html", "_blank",
> "status=0,toolbar=0,location=0,menubar=0"),
> ?
> That is, why would escaping and accessing the network be a consideration
> if the address bar, menubar, and toolbar aren't loaded?

One possibility is that the user intentionally (or accidentally) drags a 
URL into the help window.  There are probably several other 
possibilities that should be blocked.  Research is needed.

There is also an issue that the Tor Launcher wizard is in a modal window 
that floats above all other TBB windows.  A help viewer window will need 
to be opened as a modal window (which means users would not be able to 
interact with the wizard window until they close the help window).  As I 
recall, there are annoying platform-specific differences in Firefox 
related to dialogs and modality.  More research and design is needed here.

-- Kathy

More information about the tbb-dev mailing list