[tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 22 19:14:20 UTC 2018
#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
-------------------------------------------------+-------------------------
Reporter: isabela | Owner:
| pospeselr
Type: project | Status:
| needs_revision
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, tor-hs, | Actual Points:
TorBrowserTeam201805 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mcs):
Very nice work. I have these additional comments:
* In browser/base/content/browser.js, a space is missing after the `if`
here: `if(this._isEV) {`
* In dom/security/nsMixedContentBlocker.cpp, a space is missing after the
`if` here: `if(NS_FAILED(rv)) {`
* Should we remove the comments and meta data (title, desc, defs) from the
SVG files?
* In browser/base/content/pageinfo/security.js,
dom/security/nsMixedContentBlocker.cpp, and
security/manager/ssl/nsSecureBrowserUIImpl.cpp: is it safe to assume the
host name is lower case? The browser seems to switch `.ONION` to `.onion`
when I try to use the former but I don't know why that happens.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:52>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list