[tor-bugs] #1968 [Torbutton]: window.name is persistent across websites
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Mar 1 07:07:40 UTC 2011
#1968: window.name is persistent across websites
-------------------------------------------------------------------+--------
Reporter: katmagic | Owner: mikeperry
Type: defect | Status: needs_review
Priority: blocker | Milestone:
Component: Torbutton | Version: Torbutton: 1.2.5
Keywords: TorbuttonIteration20110305 MikePerryIteration20110305 | Parent:
Points: 8 | Actualpoints:
-------------------------------------------------------------------+--------
Comment(by mikeperry):
Replying to [comment:13 katmagic]:
> Replying to [comment:12 mikeperry]:
>
> > We want to do this on Toggle because that is the codepath that is used
for resetting browser state. I think we want to allow window.name to live
for a single Tor session (or until the timer from #523 goes off).
>
> I'd definitely say that it should be reset every time a new domain is
requested. I can't see any reason why someone would want it to persist
between sites. It seems much cleaner to clear it.
I don't think we want to mess with how this property works by default. I
can envision websites breaking in the odd corners of the web if we try to
disable window.name entirely.. I could also see using the same origin
policy definitions to reset window.name to make this break less.. This
would be a good option for NoScript, or a hidden Torbutton option, but I
still don't think it should be a default.
I can see clearing window.name and any other state data periodically by
default, a-la #523, if we can figure out a way to do that without causing
users to perceive breakage.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1968#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list