[tor-bugs] #23723 [Applications/Tor Browser]: Loading entities from NoScript .dtd files is blocked
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Oct 1 20:53:23 UTC 2017
#23723: Loading entities from NoScript .dtd files is blocked
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by ma1):
Replying to [comment:1 gk]:
> : a workaround would be to set
`extensions.torbutton.resource_and_chrome_uri_fingerprinting` to `true`.
I'm implementing this in next dev build, out in minutes, and it apparently
works, with exposure minimized to the quasy-synchronous (local filesystem)
load/parsing.
You can preview it by running this code in a browser-scoped Scratchpad
window with any NoScript 5.1.x installed:
{
let xhr = new XMLHttpRequest();
xhr.open("GET", "!chrome://noscript/content/noscriptOverlayFx57.xul");
try {
// work around to resolve overlay's XML entities despite the Tor
Browser
let TOR_PREF =
"extensions.torbutton.resource_and_chrome_uri_fingerprinting";
let torPrefValue = Services.prefs.getBoolPref(TOR_PREF);
let restorePref = () => Services.prefs.setBoolPref(TOR_PREF,
torPrefValue);
for (let e of ["progress", "loadend"]) { // restore as early as
possible (almost sync)
xhr.addEventListener(e, restorePref);
}
xhr.addEventListener("loadstart", () => {
Services.prefs.setBoolPref(TOR_PREF, true);
});
} catch (e) {
// no pref value, it doesn't seem to be a Tor Browser :)
}
xhr.addEventListener("load", () => {
alert(xhr.responseXML.getElementById("noscript-tbb"));
});
xhr.send()
}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23723#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list