[tor-bugs] #18913 [Applications/Tor Browser]: about:tor should not have chrome privileges
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 21 11:28:29 UTC 2017
#18913: about:tor should not have chrome privileges
--------------------------------------------+------------------------------
Reporter: mcs | Owner: mcs
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, TorBrowserTeam201706 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+------------------------------
Changes (by gk):
* keywords: ff52-esr, TorBrowserTeam201706R => ff52-esr,
TorBrowserTeam201706
* status: needs_review => needs_revision
Comment:
Replying to [comment:7 mcs]:
> Here is a patch for review:
>
https://gitweb.torproject.org/user/brade/torbutton.git/commit/?h=bug18913-01&id=984af558af58bb8715af72c4811acc7fc4253bc1
> This change fixes #21948 and #22525 as well, so it would be great to
include it in a Tor Browser release soon. While the patch is somewhat
large, that is mainly because we had to move a lot of code out of
torbutton.js into the new aboutTor-content.js content script (so it can
run in the content process where the about:tor DOM is accessible).
Looks good to me, thanks! Just some nits:
{{{
+ // process that is only available here (in the chrome process). It is
sent
+ // sent to the content process when an about:tor window is opened and
in
}}}
just one "sent"
{{{
+ kAboutTorMessages: [ "AboutTor:ChromeData", "AboutTor:ToolbarData" ],
+
+ get isAboutTor() {
+ return content.document.documentURI.toLowerCase() == "about:tor";
}}}
Indentation
"the Tor Button item's x coordinate" -> "the x coordinate of Torbutton's
toolbar item"
"torbutton toolbar item" -> "Torbutton toolbar item"
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18913#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list