[or-cvs] r14351: Fix favicon leak regression caused by r13901. (torbutton/trunk/src/components)

mikeperry at seul.org mikeperry at seul.org
Fri Apr 11 00:17:45 UTC 2008


Author: mikeperry
Date: 2008-04-10 20:17:44 -0400 (Thu, 10 Apr 2008)
New Revision: 14351

Modified:
   torbutton/trunk/src/components/cssblocker.js
Log:

Fix favicon leak regression caused by r13901.



Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js	2008-04-10 15:12:24 UTC (rev 14350)
+++ torbutton/trunk/src/components/cssblocker.js	2008-04-11 00:17:44 UTC (rev 14351)
@@ -174,7 +174,8 @@
             }
         } else {
             // rules based on request origin:
-            // 1) privileged schemes can access anything
+            // 1) privileged schemes can access local content but 
+            //    must be checked for network access (favicons)
             // 2) locally privileged schemes can access local content
             // 3) forbidden schemes should be blocked
             // 4) all others cannot access any (unwrapped) local content
@@ -184,10 +185,17 @@
             // 
             switch (requestOrigin.scheme) {
             case "chrome":
+                // privileged
+                if ((contentLocation.scheme in localSchemes) ||
+                    (contentLocation.scheme in hostFreeSchemes)) {
+                    return ok;
+                }
+                // Chrome can source favicons from non-local protocols.
+                // This needs to be checked below.
+                break;
             case "about":
             case "resource":
                 // privileged
-                // NOTE: don't log, chrome fills error console with chrome requests
                 return ok;
                 break;
             case "view-source":



More information about the tor-commits mailing list