[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu May 17 03:28:24 UTC 2012
#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
-------------------------------------+--------------------------------------
Reporter: Drugoy | Owner: ma1
Type: defect | Status: reopened
Priority: blocker | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
-------------------------------------+--------------------------------------
Comment(by pde):
Aside from the horrible about:blank#id hack solution discussed above,
another horrible approach would be to try to get a callback when the
malicious code alters the content of the http://www.apple.com window. If
someone changes the content of a window that we're replaceChanneling, we
could try to abort the channel replacement. Although that does sound a
little racy.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list