[tor-bugs] #9881 [Tor Browser]: Javascript can create/resize windows to consume the entire desktop

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 4 10:10:36 UTC 2014 

#9881: Javascript can create/resize windows to consume the entire desktop
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mikeperry
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-fingerprinting, tbb-testcase,
  Browser                |  tbb-firefox-patch
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gk):

 Replying to [comment:28 cypherpunks]:
 > Replying to [comment:26 gk]:
 > > Replying to [comment:22 cypherpunks]:
 > > > Set `browser.link.open_newwindow.restriction = 0` to open ''all''
 popups as tabs, ignoring any sizes. Together with
 `dom.disable_window_move_resize = true`, and (see #12609:) `full-screen-
 api.enabled = false`, that should squash 'em all.
 > >
 > > Giving the preference modifications belonging to this bug a quick shot
 I have found one machine where the test in comment:21 got not properly
 rounded window dimensions extracted.
 >
 > After setting the three prefs, did the test not open in a new ''tab''?
 But its size was still unexpected?

 It opened in a new tab but running the test in comment:21 trying to get
 some information out of the user showed at least on one testing machine
 that it worked. This means, that the current code responsible for rounding
 the window dimensions does not cope with the use-case you have in mind.

 > Replying to [comment:27 gk]:
 > > And I still think we should not prohibit moving popup windows.
 >
 > With `browser.link.open_newwindow.restriction = 0` diverting all popups
 to tabs,  `dom.disable_window_move_resize = true` would just stop remote
 moving and remote resizing of the user-opened windows.

 And this still works even though
 https://bugzilla.mozilla.org/show_bug.cgi?id=565541 got fixed long ago? Do
 you have a) example code showing this and b) how is this related to the
 bug at hand?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9881#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list