[tor-bugs] #14429 [Tor Browser]: Automated rounding of content window dimensions

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 8 15:29:16 UTC 2015 

#14429: Automated rounding of content window dimensions
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  arthuredelstein        |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-fingerprinting-resolution, tbb-
  Browser                |  torbutton, TorBrowserTeam201505R,
   Resolution:           |  GeorgKoppen201505R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------
Changes (by gk):

 * status:  needs_review => needs_revision


Comment:

 Part 2

 Minor things and general thoughts

 -s/linux/Linux
 -The comment in `sortBy()` is confusing as least *is* best in this case if
 I understand that right
 -`if (!stop)` on line 443 is redundant as the while clause is only running
 if `!stop`
 -Why is the loop in `updateDimensions()` running 8 times? Does this just
 happen to work?
 -There is something wrong with the `Even more unfortunately` sentence on
 line 407ff.
 -The comment for `canBeResized()` should mention "not minimized" for
 completeness sake as well
 -the `};` on line 499 is wrongly indented.

 I am wondering about usability issues for people that need to zoom certain
 websites to be able to read them  better/at all. Just leaving the site to
 search something and coming back is destroying the previous zoom and they
 have to start over.

 And what I mentioned in an earlier comment. Have you thought about
 possible timing side-channels given that the code is quite resource
 hungry. Could an attacker induce the resizing logic and get information
 out of it?

 Could we avoid roping the zoom in to fix corner cases (and it seems given
 the DPI on Windows issues) and think about fixes in native code instead?
 Does that make sense?

 And, finally: This is really nice work, Arthur, really appreciated! Just
 in case my comments and corner cases I find/found seem to be overly
 negative.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14429#comment:111>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list