[tor-bugs] #15555 [Tor Browser]: view-source requests hit the network and are not isolated by URL bar domain

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 29 07:57:14 UTC 2016


#15555: view-source requests hit the network and are not isolated by URL bar domain
-----------------------------+--------------------------
 Reporter:  gk               |          Owner:  tbb-team
     Type:  defect           |         Status:  new
 Priority:  High             |      Milestone:
Component:  Tor Browser      |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  tbb-linkability  |  Actual Points:
Parent ID:                   |         Points:
  Sponsor:                   |
-----------------------------+--------------------------
Changes (by arthuredelstein):

 * severity:   => Normal


Comment:

 Here's what I have worked out so far. The key function appears to be
 `viewSource(URL, outerWindowID, lineNumber)`,
 here:
 https://dxr.mozilla.org/mozilla-
 central/rev/aa90f482e16db77cdb7dea84564ea1cbd8f7f6b3/toolkit/components/viewsource/content
 /viewSource-content.js#222

 `outerWindowID` refers to the content window for the document whose source
 we want to view.
 The subsequent line,
 `let contentWindow = Services.wm.getOuterWindowWithId(outerWindowID)`,
 gives us a reference to that content window object.
 So we should be able to use this to obtain the first party URL. Then we
 will need to work out how to alter the function call
 `this.loadSource(URL, pageDescriptor, lineNumber, forcedCharSet);`
 to force it to retrieve the file from the cache partition assigned to that
 first party, or, if that is somehow not available, to load over the
 corresponding first-party Tor circuit.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15555#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list