[tor-bugs] #27627 [Applications/Tor Browser]: Prevent sending screen size to server via CSS when JavaScript is disabled

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 12 04:26:15 UTC 2018


#27627: Prevent sending screen size to server via CSS when JavaScript is disabled
--------------------------------------+--------------------------
 Reporter:  Keritano                  |          Owner:  tbb-team
     Type:  enhancement               |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:  wontfix
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks3):

 Notice that "resizing" also includes changing the viewport's scale factor
 (or zoom level), not just changing the window size. Also CSS is not the
 only vector; there is, for example, `srcset` and related.

 Keritano's suggestions are the obvious safe choices to make.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27627#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list