[tor-bugs] #25484 [- Select a component]: document.referrer leaks hidden service to clearnet service.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 13 22:07:10 UTC 2018
#25484: document.referrer leaks hidden service to clearnet service.
--------------------------------------+--------------------
Reporter: kkm | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------
Onion services might implement third-parties via clearnet like
`https://www.nytimes3xbfgragh.onion/` loads
`https://securepubads.g.doubleclick.net/`.
Most of the times, these third-party scripts collects referrer via
`document.referrer`. In these cases `document.referrer` gives access to
the onion url, which is then sent to these third-parties.
Although, Tor does prevent sending referrer to clearnet sites on
click(https://trac.torproject.org/projects/tor/ticket/9623), but in cases
explained above, this does not hold true.
Also, because these third-parties also sends the current URL home, even in
that case onion service URL is sent.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25484>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list