[tor-bugs] #25147 [Applications/Tor Browser]: Backport of fix shipped in Firefox 58.0.1?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 18 23:26:25 UTC 2018
#25147: Backport of fix shipped in Firefox 58.0.1?
--------------------------------------+-----------------------------------
Reporter: gk | Owner: pospeselr
Type: task | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201804R | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Changes (by pospeselr):
* keywords: TorBrowserTeam201804 => TorBrowserTeam201804R
Comment:
So the innerHTML property has been changed such that all existing
assignments will automatically sanitize the HTML if it's running within
the system context. The new UnsafeSetInnerHTML method that has replaced
some of the innerHTML = X statements is meant to circumvent this check for
known cases where firefox needs to hand craft some HTML within the system
context.
Any issues here with this patch would result in breaking functionality,
rather than making system context pages less safe.
I've gone through all the dependent bugs against
[https://bugzilla.mozilla.org/show_bug.cgi?id=1432966 #1432966] and
verified they either don't apply or have already been brought down to our
latest branch ( origin/tor-browser-52.7.3esr-8.0-1 )
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25147#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list