[tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 20 17:36:56 UTC 2015
#15502: URL.createObjectURL() considered harmful
-------------------------+-------------------------------------------------
Reporter: | Owner: arthuredelstein
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-linkability, tbb-newnym,
Browser | tbb-4.5-alpha, TorBrowserTeam201504R,
Resolution: | MikePerry201504R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
Won't applying [ChromeOnly] to the whole URL constructor also prevent
access to the URLUtils portions of the URL API
(https://developer.mozilla.org/en-US/docs/Web/API/URL)? Those are benign,
and likely used elsewhere. We really want to keep this focused only on
createObjectURL()..
It might also be nice to have a console log message recording when/where
createObjectURL() was called, so we can more easily inspect if it is what
is breaking some random site..
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15502#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list