[tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 20 19:45:06 UTC 2015


#16620: Transform window.name handling into Firefox patch
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  mcs
     Type:  defect                               |         Status:
 Priority:  Medium                               |  needs_review
Component:  Tor Browser                          |      Milestone:
 Severity:  Normal                               |        Version:
 Keywords:  tbb-torbutton-conversion,            |     Resolution:
  TorBrowserTeam201510R                          |  Actual Points:
Parent ID:                                       |         Points:
  Sponsor:  SponsorU                             |
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 (Sorry for the delay in reviewing.)

 I built and tested the C++ patch and it seems to be working as intended.

 Instead of
 {{{
 +    nsCOMPtr<nsIDocShellTreeItem> item(this);
 +    nsCOMPtr<nsIScriptGlobalObject> sgo = do_GetInterface(item);
 +    nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(sgo));
 }}}
 would it be possible to use
 {{{
 +    nsCOMPtr<nsIDocShellTreeItem> item(this);
 +    nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(item));
 }}}
 ?


 As an experiment, I browsed to https://www.torproject.org, opened the
 page's JS console and entered `window.name = "test"`. Then I navigated to
 https://trac.torproject.org. I noticed that `window.name` was reset to an
 empty string. This behavior is different from our isolation policy for
 caches, DOM storage, favicons, etc, where we isolate by base domain. Might
 we want to use ThirdPartyUtil::GetBaseDomain instead of
 CheckSameOriginURI, so that www.torproject.org and trac.torproject.org are
 allowed to share data via window.name?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16620#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list