[or-cvs] r13714: Err, actually, this is a bad idea. Jars can be non-local, an (torbutton/trunk/src/components)
mikeperry at seul.org
mikeperry at seul.org
Mon Feb 25 00:39:44 UTC 2008
Author: mikeperry
Date: 2008-02-24 19:39:44 -0500 (Sun, 24 Feb 2008)
New Revision: 13714
Modified:
torbutton/trunk/src/components/cssblocker.js
Log:
Err, actually, this is a bad idea. Jars can be non-local, and
the vector for history disclosure actually undergoes a url
rewrite before being re-sent to the content policy.
Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js 2008-02-25 00:30:35 UTC (rev 13713)
+++ torbutton/trunk/src/components/cssblocker.js 2008-02-25 00:39:44 UTC (rev 13714)
@@ -93,7 +93,7 @@
"pippki":true};
var hostFreeSchemes = { "resource":true, "data":true, "cid":true,
- "javascript":true, "file":true, "jar":true};
+ "javascript":true, "file":true};
var safeOriginSchemes = { "about":true, "chrome":true, "file":true};
More information about the tor-commits
mailing list