[tor-bugs] #13044 [Tor Browser]: Enumerate all objects available to WebWorkers and content

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 3 00:28:24 UTC 2014 

#13044: Enumerate all objects available to WebWorkers and content
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  boklm
  mikeperry              |     Status:  new
         Type:  task     |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff31-esr, tbb-testcase,
  Browser                |  TorBrowserTeam201409
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gacar):

 I checked ESR31 with the attached code:

  * ESR31 brings 4 new navigator properties: `taintEnabled, appCodeName,
 product, onLine`.
  * there's no `screen` in worker context and `window` (`self`) properties
 are limited.
  * mismatching !`window` properties doesn't seem harmful

 Below is the list of all properties in ESR31 worker context and whether
 they match the global window (PASS) or not (FAIL):

  * PASS - navigator.taintEnabled: function taintEnabled() { [native code]
 }
  * PASS - navigator.appCodeName: Mozilla
  * PASS - navigator.appName: Netscape
  * PASS - navigator.appVersion: 5.0 (X11)
  * PASS - navigator.platform: Linux i686
  * PASS - navigator.userAgent: Mozilla/5.0 (X11; Linux i686; rv:31.0)
 Gecko/20100101 Firefox/31.0
  * PASS - navigator.product: Gecko
  * PASS - navigator.onLine: true
  * PASS - window.postMessage: function postMessage() { [native code] }
  * PASS - window.onmessage: null
  * PASS - window.close: function close() { [native code] }
  * '''FAIL - window.importScripts: function importScripts() { [native
 code] } != undefined'''
  * PASS - window.dump: function dump() { [native code] }
  * PASS - window.btoa: function btoa() { [native code] }
  * PASS - window.atob: function atob() { [native code] }
  * PASS - window.setTimeout: function setTimeout() { [native code] }
  * PASS - window.clearTimeout: function clearTimeout() { [native code] }
  * PASS - window.setInterval: function setInterval() { [native code] }
  * PASS - window.clearInterval: function clearInterval() { [native code] }
  * '''FAIL - window.self: [object DedicatedWorkerGlobalScope] != [object
 Window]'''
  * PASS - window.console: [object Console]
  * '''FAIL - window.location: test_pages/worker_test.js !=
 test_pages/worker_test.html'''
  * PASS - window.onerror: null
  * PASS - window.onoffline: null
  * PASS - window.ononline: null
  * '''FAIL - window.navigator: [object WorkerNavigator] != [object
 Navigator]'''
  * '''FAIL - window.onclose: null != undefined'''
  * PASS - window.addEventListener: function addEventListener() { [native
 code] }
  * PASS - window.removeEventListener: function removeEventListener() {
 [native code] }
  * PASS - window.dispatchEvent: function dispatchEvent() { [native code] }

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13044#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list