[tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 16 16:29:13 UTC 2015
#15502: URL.createObjectURL() considered harmful
-------------------------+-------------------------------------------------
Reporter: | Owner: arthuredelstein
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-linkability, tbb-newnym,
Browser | tbb-4.5-alpha, TorBrowserTeam201504R,
Resolution: | MikePerry201504R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by arthuredelstein):
Replying to [comment:15 mikeperry]:
> The tor-browser patch looks mostly ok to me, though I am a little
worried about the use of nsContentUtils::GetDocumentFromCaller() in
ThirdPartyUtil::GetFirstPartyHostFromCaller(). It is reminding me of
#13027. We ultimately discovered that WebWorkers were given the correct
Javascript context after creation, but can we explicitly test WebWorkers
to ensure they can't access blob uris from different first party domains
as well, just to be sure? Probably also wise to make this an actual in-
tree test to ensure that it doesn't change on us in ff38-esr.
Good idea. I'll work on this today.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15502#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list