[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Apr 20 08:43:33 UTC 2012
#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
------------------------------------------------------+---------------------
Reporter: Drugoy | Owner: ma1
Type: defect | Status: needs_revision
Priority: major | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: address spoofing, critical vulnerability | Parent:
Points: | Actualpoints:
------------------------------------------------------+---------------------
Comment(by ma1):
@mikeperry:
The channel/window matching hack is there because some extensions which
use hidden browsers (usually for prerendering) caused new windows to be
spawned instead of frame navigations and similar unpleasant issues. As you
can see, my noscript-merge.sh bash script attached above takes care of
replacing the ABE dependency with equivalent self-contained code.
@pde:
Sorry, I have to rejected your patch ;)
The ClassID in my code is correct (__without__ the trailing ";1"), but
it's there for Fx 3.x legacy compatibility: Safe Browsing needed to be
invoked explicitly that way in Gecko 1.9.1, now (Gecko >= 2) it's
hardcoded and the component is gone.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list