[tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 16 02:29:33 UTC 2015
#15502: URL.createObjectURL() considered harmful
-------------------------+-------------------------------------------------
Reporter: | Owner: arthuredelstein
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-linkability, tbb-newnym,
Browser | tbb-4.5-alpha, TorBrowserTeam201504R,
Resolution: | MikePerry201504R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
The tor-browser patch looks mostly ok to me, though I am a little worried
about the use of nsContentUtils::GetDocumentFromCaller() in
ThirdPartyUtil::GetFirstPartyHostFromCaller(). It is reminding me of
#13027. We ultimately discovered that WebWorkers were given the correct
Javascript context after creation, but can we explicitly test WebWorkers
to ensure they can't access blob uris from different first party domains
as well, just to be sure? Probably also wise to make this an actual in-
tree test to ensure that it doesn't change on us in ff38-esr.
I think it might also be helpful to have mcs+brade to weigh in on this
approach.
I filed #15703 to remind us about mediasource: and associated tests in
ff38-esr.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15502#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list