[tor-bugs] #3580 [TorBrowserButton]: tor problem with hotmail

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Aug 23 01:14:25 UTC 2011

#3580: tor problem with hotmail
 Reporter:  spinnaker83                 |          Owner:  mikeperry                    
     Type:  defect                      |         Status:  assigned                     
 Priority:  major                       |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  TorBrowserButton            |        Version:                               
 Keywords:  MikePerryIteration20110828  |         Parent:                               
   Points:  3                           |   Actualpoints:                               

Comment(by mikeperry):

 Some more details:

 Hotmail indeed appears to be loading the scripts as object tags, perhaps
 as some kind of performance hack to get the browser to cache all the
 scripts that may be used on various pieces of the site without actually
 parsing and interpreting them on every page (they are 100's of K each). It
 appears to convert the object tags that it wants interpreted into script
 tags though DOM manipulation on a given page. I am not sure exactly where
 it does this.

 docShell.allowPlugins does in fact trigger that content policy check
 mentioned above. Disabling that check in the source and rebuilding Firefox
 does in fact fix the problem for hotmail..

 The downside is that there is no clear way to allow these objects without
 risking loading all plugins.

 We can potentially disable Torbutton's plugin protections on Tor Browser
 and let it fall back to NoScript, but I feel like this is a dangerous
 default configuration. Perhaps once we implement #3547 we can do that.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3580#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list