[tor-bugs] #16775 [Tor Browser]: about:preferences is broken with security slider set to "High"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 21 19:23:00 UTC 2015
#16775: about:preferences is broken with security slider set to "High"
-------------------------+-------------------------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: Tor | Version:
Browser | Keywords: tbb-usability, tbb-5.0-regression,
Resolution: | TorBrowserTeam201508R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Changes (by mcs):
* status: needs_information => needs_review
* keywords: tbb-usability, tbb-5.0-regression => tbb-usability,
tbb-5.0-regression, TorBrowserTeam201508R
Comment:
Replying to [comment:7 gk]:
> We only need to allow the about: scheme for this bug, right? If so, this
is fine to me. Generally, I am very hesitant to water down our "High
Security" mode. We know that things are breaking in this mode and users
ought to do the same. I don't feel the usability in this mode is so bad at
the moment that we should jump off the cliff allowing chrome: and
resource: (too) and see what happens.
OK. Whitelisting based on the top-level page turned out to be somewhat
messy (for example, some SVG images are loaded as CSS background images,
and therefore we need to extract the top document from the channel's load
context). We also added some debug printfs because we found them useful
for verifying correct behavior. Here is the patch:
https://gitweb.torproject.org/user/brade/tor-
browser.git/commit/?h=bug16775-01&id=0b4c8b589077d054b60a609871dd023bc4d9c444
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16775#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list