[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-102.11.0esr-12.5-1] fixup! Bug 23247: Communicating security expectations for .onion
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Wed May 24 07:24:23 UTC 2023
Pier Angelo Vendrame pushed to branch tor-browser-102.11.0esr-12.5-1 at The Tor Project / Applications / Tor Browser
Commits:
4c0986cb by cypherpunks1 at 2023-05-23T14:06:01-08:00
fixup! Bug 23247: Communicating security expectations for .onion
Bug 33298: Warn when submitting form data from http onion sites over an insecure connection
- - - - -
1 changed file:
- dom/html/HTMLFormElement.cpp
Changes:
=====================================
dom/html/HTMLFormElement.cpp
=====================================
@@ -893,7 +893,10 @@ nsresult HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
formIsHTTPS = OwnerDoc()->GetDocumentURI()->SchemeIs("https");
}
if (!formIsHTTPS) {
- return NS_OK;
+ bool formIsOnion = nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(OwnerDoc()->GetDocumentURI());
+ if (!formIsOnion) {
+ return NS_OK;
+ }
}
if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aActionURL)) {
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c0986cba54ebdab7246c1aa9eea66f0c5e0a5dd
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c0986cba54ebdab7246c1aa9eea66f0c5e0a5dd
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230524/b86ee276/attachment-0001.htm>
More information about the tbb-commits
mailing list