[tor-bugs] #19726 [- Select a component]: Tor permits web sites to maximize window

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 21 05:49:11 UTC 2016


#19726: Tor permits web sites to maximize window
--------------------------------------+-----------------
     Reporter:  oiafwej               |      Owner:
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+-----------------
 I can't pinpoint exactly which web site is doing it, but when I start the
 Tor browser with "restore tabs from last session" enabled, it will often
 maximize the window and then give a warning saying not to maximize the
 window. I'm not, and Tor browser should not allow web sites to do so
 either.

 Reproduction steps:
 1. Enable "restore tabs from last session".
 2. Find a web site which maximizes the window using e.g. JavaScript and
 enable javascript permanently for that site.
 3. Close and reopen Tor Browser.

 Expected results: Tor should prevent window maximize operations as it is a
 potential security risk.

 Actual results: Tor allows window maximize operations.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19726>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list