[tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Apr 19 03:09:05 UTC 2015
#15502: URL.createObjectURL() considered harmful
-------------------------+-------------------------------------------------
Reporter: | Owner: arthuredelstein
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-linkability, tbb-newnym,
Browser | tbb-4.5-alpha, TorBrowserTeam201504R,
Resolution: | MikePerry201504R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by arthuredelstein):
Mike, Mark and Kathy -- you were all right to be worried about
GetDocumentFromCaller. I wrote tests, here:
https://github.com/arthuredelstein/tor-
browser/commit/e5cef7f72932f3c5eb54da4bf97b8886f85c846a
and, embarrassingly, I found out my patch does not properly isolate blob
URLs created or read inside Web Workers.
I looked into how to fix this patch, but the Web Worker case is quite
complex. Also I feel much less comfortable with GetDocumentFromCaller()
now that it's already failed once. So for now (for Firefox 31) I would be
in favor of disabling blob URLs in content. Here's a patch that does that:
https://github.com/arthuredelstein/tor-
browser/commit/dfbd283c17225d79e1ff82bb933c59a77853ddf3
(I'll keep looking at how to write a different patch that isolates blob
URLs per url bar domain without any stupid tricks like
GetDocumentFromCaller.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15502#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list