[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-102.11.0esr-12.5-1] fixup! Bug 23247: Communicating security expectations for .onion

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Wed May 24 07:24:23 UTC 2023



Pier Angelo Vendrame pushed to branch tor-browser-102.11.0esr-12.5-1 at The Tor Project / Applications / Tor Browser


Commits:
4c0986cb by cypherpunks1 at 2023-05-23T14:06:01-08:00
fixup! Bug 23247: Communicating security expectations for .onion

Bug 33298: Warn when submitting form data from http onion sites over an insecure connection

- - - - -


1 changed file:

- dom/html/HTMLFormElement.cpp


Changes:

=====================================
dom/html/HTMLFormElement.cpp
=====================================
@@ -893,7 +893,10 @@ nsresult HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
     formIsHTTPS = OwnerDoc()->GetDocumentURI()->SchemeIs("https");
   }
   if (!formIsHTTPS) {
-    return NS_OK;
+    bool formIsOnion = nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(OwnerDoc()->GetDocumentURI());
+    if (!formIsOnion) {
+      return NS_OK;
+    }
   }
 
   if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aActionURL)) {



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c0986cba54ebdab7246c1aa9eea66f0c5e0a5dd

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c0986cba54ebdab7246c1aa9eea66f0c5e0a5dd
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230524/b86ee276/attachment-0001.htm>


More information about the tbb-commits mailing list