[tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 17 01:15:59 UTC 2015


#16607: Allow SVG for extensions, even on "high" security level
-------------------------+--------------------------
 Reporter:  mbauer       |          Owner:  tbb-team
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:  tbb-5.0a     |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 When setting the security level to "high" (in the privacy and security
 settings), SVG images are blocked everywhere. Even for internal (or addon)
 pages, there is no possibility to show SVG images, which might prevent
 some addons from working.

 Is it possible to introduce a whitelist of pages/protocols that can use
 svg?

 Good candidates for a whitelist are: "about:*", "chrome://*" and
 "resource://*".
 Actually, the NoScript addon already comes with such a whitelist, which
 allows javascript for addon pages.



 For my case, I'm creating an addon (for Tor Browser 5.0+) that uses a
 library to create graphs on a resource://... page. The library uses an
 inline svg element ("<svg>...</svg>") to display it's graphics.
 Currently, the "high" mode breaks my addon.

 Best
 Markus

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16607>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list