[tor-bugs] #4527 [HTTPS Everywhere: Chrome]: Rule list context menu doesn't get cleared for new https urls

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Nov 21 04:18:43 UTC 2011 

#4527: Rule list context menu doesn't get cleared for new https urls
--------------------------------------+-------------------------------------
 Reporter:  mikeperry                 |          Owner:  mikeperry
     Type:  defect                    |         Status:  new      
 Priority:  normal                    |      Milestone:           
Component:  HTTPS Everywhere: Chrome  |        Version:           
 Keywords:                            |         Parent:           
   Points:                            |   Actualpoints:           
--------------------------------------+-------------------------------------
 Due to the fact that we don't listen to https url events for
 onBeforeRequest, we do not have a way to clear stale rules from the url
 bar when the user manually navigates to a new URL (for example, visits
 "eff.org" and then types in "https://encrypted.google.com" the eff rules
 will remain displayed on the Google page). We don't want to listen to
 blocking https onBeforeRequest events because this would impede
 performance.

 This bug is way more tricky than it seems. There are several possible
 solutions. I've tried the following four, and none of them really have
 worked out so far.

 1. Listen to onBeforeRequest async for https
 (https://code.google.com/chrome/extensions/trunk/experimental.webRequest.html
 #event-onBeforeRequest)

 I tried purging the rules whenever we had a details.type == "main_frame"
 and an https scheme in the async handler, but this causes premature rule
 clearing for redirects unless you also listen to onBeforeRedirect. If you
 do listen to onBeforeRedirect, it still fails on JS redirects. eff.org has
 a JS redirect to www.eff.org.

 2. Listen to tabs.onUpdated async
 (https://code.google.com/chrome/extensions/tabs.html#event-onUpdated)

 Had similar issues to #1, with some additional event ordering problems.

 3. Track rule destination urls used for each tab

 In desperation, I even tried tracking the destination URL from our url
 engine for each tab, with the intention of clearing the list if the
 current URL differed from the last rule url.

 However, I was again defeated by the inability to detect JS redirects.

 4. Listen to WebNavigation.onCommitted for details.transitionType ==
 "typed" and possibly also "link"
 (https://code.google.com/chrome/extensions/trunk/webNavigation.html#event-
 onCommitted)

 This was the most promising, because we could use it to clear the rule
 sets when we detected a user-driven navigation to a new https url.

 However, transitionType == "typed" is still set for redirects that happen
 after a typed URL (and possibly for all JS redirects). This seems like an
 API bug to me. Should we file one?


 It seems like we might be left with just adding some heuristics to option
 3 only clear the rules if the domain smells different enough?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4527>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list