[tor-bugs] #16607 [Tor Browser]: Allow SVG for extensions, even on "high" security level
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 20 21:53:54 UTC 2015
#16607: Allow SVG for extensions, even on "high" security level
-----------------------------+-------------------------------
Reporter: mbauer | Owner: tbb-team
Type: defect | Status: needs_information
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-usability
Actual Points: | Parent ID:
Points: |
-----------------------------+-------------------------------
Comment (by mbauer):
I created a sample addon, including two resource-pages using inline svg.
Installing the addon opens a new tab, that links these pages. Source is
attached. https://www.dropbox.com/s/ycj8vva7u3cg5c4/svg-testaddon.zip?dl=0
Actually, you should be aware of issue #16495. It describes a problem that
crashes Tor Browser on pages that include svg elements, if the security
level is set to high. The first page is small enough to not crash the
browser, but the second page will (that's my current graphic). According
to #16495, the crash is caused by the svg blocking code.
For the whitelisting idea: Maybe you should apply it to the page that
wants to include svg. If a !resource:// page includes svg, it's fine, if a
!http:// page includes svg from an addon resource, it would still be
blocked.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16607#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list