[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu May 17 03:28:24 UTC 2012


#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
-------------------------------------+--------------------------------------
    Reporter:  Drugoy                |       Owner:  ma1     
        Type:  defect                |      Status:  reopened
    Priority:  blocker               |   Milestone:          
   Component:  EFF-HTTPS Everywhere  |     Version:          
  Resolution:                        |    Keywords:          
      Parent:                        |      Points:          
Actualpoints:                        |  
-------------------------------------+--------------------------------------

Comment(by pde):

 Aside from the horrible about:blank#id hack solution discussed above,
 another horrible approach would be to try to get a callback when the
 malicious code alters the content of the http://www.apple.com window.  If
 someone changes the content of a window that we're replaceChanneling, we
 could try to abort the channel replacement.  Although that does sound a
 little racy.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list