[tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 21 11:36:48 UTC 2015
#16620: Transform window.name handling into Firefox patch
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: mcs
Type: defect | Status:
Priority: Medium | needs_review
Component: Tor Browser | Milestone:
Severity: Normal | Version:
Keywords: tbb-torbutton-conversion, | Resolution:
TorBrowserTeam201510R | Actual Points:
Parent ID: | Points:
Sponsor: SponsorU |
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:5 arthuredelstein]:
> As an experiment, I browsed to https://www.torproject.org, opened the
page's JS console and entered `window.name = "test"`. Then I navigated to
https://trac.torproject.org. I noticed that `window.name` was reset to an
empty string. This behavior is different from our isolation policy for
caches, DOM storage, favicons, etc, where we isolate by base domain. Might
we want to use ThirdPartyUtil::GetBaseDomain instead of
CheckSameOriginURI, so that www.torproject.org and trac.torproject.org are
allowed to share data via `window.name`?
Not sure what "navigated" in this context means. Are you saying the patch
behaves differently than specified in 4.5.12 of our design document?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16620#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list