[tor-bugs] #4517 [Tor Browser]: drag-n-drop bypasses tor
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Nov 19 23:44:38 UTC 2011
#4517: drag-n-drop bypasses tor
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_information
Priority: blocker | Milestone:
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by aagbsn):
Replying to [comment:8 mikeperry]:
> There also appears to be an issue where you can also get proxy bypass
even without using Unity when you release the dragged image into any non-
Tor apps that decide to treat it as a url and download it. At least on my
system.
>
> Does this mean we should break these urls? Turn them into tor:// and
tors:// urls? Or remove Drag and Drop entirely? Something tells me Unity
might be dumb enough to still do a non-tor DNS query even without a valid
scheme...
What about other url types? ftp://?
Can drag-n-drop be proxied by rewriting the URL to file:// in the browser
cache?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4517#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list