[tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 23 15:46:08 UTC 2015
#16300: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
-------------------------+-------------------------------------------------
Reporter: gk | Owner: mcs
Type: task | Status: needs_review
Priority: major | Milestone:
Component: Tor | Version:
Browser | Keywords: ff38-esr, tbb-linkability, tbb-5
Resolution: | .0a-highrisk, TorBrowserTeam201506R,
Actual Points: | GeorgKoppen201506R
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by gk):
Replying to [comment:5 mcs]:
> We did disallow use of Broadcast Channels from SharedWorkers when
isolation is enabled because, as with blob URLs (#15502), there is no good
way to get at the document or channel.
This is okay and won't hurt especially as we disable SharedWorkers (we
have #15564 for the URL bar domain isolation). I am wondering though how
they determine the origin and whether we have to update our
ThirdPartyUtils for this then...
Might need another pair of eyes due to being a C++ patch but I am happy
with it, thanks!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16300#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list