[tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 19 15:04:44 UTC 2015


#16300: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  mcs
         Type:  task     |     Status:  needs_review
     Priority:  major    |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  ff38-esr, tbb-linkability, tbb-5
   Resolution:           |  .0a-highrisk, TorBrowserTeam201506R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------
Changes (by mcs):

 * status:  assigned => needs_review
 * keywords:  ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
     TorBrowserTeam201506 => ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
     TorBrowserTeam201506R


Comment:

 I attached our proposed fix.  Please review.

 The patch is kind of long, but many of the changes involve just passing
 the isolation host through. Kathy and I think this approach is best and
 that it is what Mozilla will want (an alternative would be to hack the
 isolation domain into the existing origin string).

 We did disallow use of Broadcast Channels from SharedWorkers when
 isolation is enabled because, as with blob URLs (#15502), there is no good
 way to get at the document or channel.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16300#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list