[tor-bugs] #31395 [Applications/Tor Browser]: Remove inline <script> in aboutTor.xhtml
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 29 15:50:07 UTC 2020
#31395: Remove inline <script> in aboutTor.xhtml
-------------------------------------------------+-------------------------
Reporter: acat | Owner: tbb-
| team
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff68-esr, BugSmashFund, | Actual Points: 0.25
TorBrowserTeam202001R |
Parent ID: | Points: 0.25
Reviewer: brade, mcs | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mcs):
Replying to [comment:12 acat]:
> Patch for review in
https://github.com/acatarineu/torbutton/commit/31395.
Overall, the patch looks good. Kathy and I have one question/concern: are
we OK with making all of the torbutton code accessible to content via
`contentaccessible=yes`? If not, you could place the new `aboutTor.js`
file in a subdirectory and only apply `contentaccessible=yes` to that
subdirectory.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31395#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list