[tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 19 15:04:44 UTC 2015
#16300: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
-------------------------+-------------------------------------------------
Reporter: gk | Owner: mcs
Type: task | Status: needs_review
Priority: major | Milestone:
Component: Tor | Version:
Browser | Keywords: ff38-esr, tbb-linkability, tbb-5
Resolution: | .0a-highrisk, TorBrowserTeam201506R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Changes (by mcs):
* status: assigned => needs_review
* keywords: ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
TorBrowserTeam201506 => ff38-esr, tbb-linkability, tbb-5.0a-highrisk,
TorBrowserTeam201506R
Comment:
I attached our proposed fix. Please review.
The patch is kind of long, but many of the changes involve just passing
the isolation host through. Kathy and I think this approach is best and
that it is what Mozilla will want (an alternative would be to hack the
isolation domain into the existing origin string).
We did disallow use of Broadcast Channels from SharedWorkers when
isolation is enabled because, as with blob URLs (#15502), there is no good
way to get at the document or channel.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16300#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list