[tor-bugs] #7740 [Flashproxy]: flashproxy badge works just like a web bug

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 16 08:32:33 UTC 2013 

#7740: flashproxy badge works just like a web bug
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:  dcf         
     Type:  defect      |         Status:  needs_review
 Priority:  normal      |      Milestone:              
Component:  Flashproxy  |        Version:              
 Keywords:              |         Parent:              
   Points:              |   Actualpoints:              
------------------------+---------------------------------------------------
Changes (by saint):

  * status:  new => needs_review


Comment:

 Because of spammers abusing empty referrers, this is a bit of an arms race
 in and of itself. And what works for FireFox might not work for Chrome,
 etc.

 Right now there is at least one way to keep the referring site from being
 sent to the server no matter which browser the user is using:

 Option 1: PHP header redirect

 Blog => iframe.php (redirects to) => embed.html

 {{{
 <?''php ''header('Location:
 http://crypto.stanford.edu/flashproxy/embed.html'); ?>
 }}}
 Option 2: Create the iframe using javascript (probably a nesting iframe
 situation)

 {{{
 {{{
 ''//doesn't block the load event'''''function''' createIframe() {
 '''var''' i '''=''' document.createElement("iframe");    i.src '''='''
 "//crypto.stanford.edu/flashproxy/embed.html";    i.scrolling '''='''
 "none";    i.frameborder '''=''' "0";    i.width '''=''' "80px";
 i.height '''=''' "15px";
 document.getElementById("bridge").appendChild(i);};''// Check for browser
 support of event handling capability'''''if''' (window.addEventListener)
 window.addEventListener("load", createIframe, '''false''');'''else'''
 '''if''' (window.attachEvent) window.attachEvent("onload",
 createIframe);'''else''' window.onload '''=''' createIframe;
 }}}

 }}}


 {{{
 <div id="bridge"></div>
 }}}
 Option 3: Set parent.location for the iframe (doesn't work in FireFox)

 {{{
 <iframe
 src="javascript:parent.location='//crypto.stanford.edu/flashproxy/embed.html'"></iframe>
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7740#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list