[tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 30 15:40:55 UTC 2015
#16607: Allow SVG for extensions, even on "high" security level
-----------------------------+-------------------------------
Reporter: mbauer | Owner: tbb-team
Type: defect | Status: needs_information
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-usability
Actual Points: | Parent ID:
Points: |
-----------------------------+-------------------------------
Comment (by mcs):
Thank you for the sample add-on. It really just creates content pages,
and the SVG blocking code has no way to tell the difference between a page
from your add-on and one created by a website.
I am still somewhat uncomfortable with the idea of a whitelist because I
fear that it could be used somehow by a web site to cause SVG content to
be loaded (which is what we want to avoid). I cannot say exactly how that
would happen though.
mbauer: Do you know if there is a way to detect that a resource: page or
other page which is loaded in the content area actually belongs to an add-
on? I suspect there is no way to detect that, but if there was, using
such an approach would be better than implementing a whitelist.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16607#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list