[tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 20 19:45:06 UTC 2015
#16620: Transform window.name handling into Firefox patch
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: mcs
Type: defect | Status:
Priority: Medium | needs_review
Component: Tor Browser | Milestone:
Severity: Normal | Version:
Keywords: tbb-torbutton-conversion, | Resolution:
TorBrowserTeam201510R | Actual Points:
Parent ID: | Points:
Sponsor: SponsorU |
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
(Sorry for the delay in reviewing.)
I built and tested the C++ patch and it seems to be working as intended.
Instead of
{{{
+ nsCOMPtr<nsIDocShellTreeItem> item(this);
+ nsCOMPtr<nsIScriptGlobalObject> sgo = do_GetInterface(item);
+ nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(sgo));
}}}
would it be possible to use
{{{
+ nsCOMPtr<nsIDocShellTreeItem> item(this);
+ nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(item));
}}}
?
As an experiment, I browsed to https://www.torproject.org, opened the
page's JS console and entered `window.name = "test"`. Then I navigated to
https://trac.torproject.org. I noticed that `window.name` was reset to an
empty string. This behavior is different from our isolation policy for
caches, DOM storage, favicons, etc, where we isolate by base domain. Might
we want to use ThirdPartyUtil::GetBaseDomain instead of
CheckSameOriginURI, so that www.torproject.org and trac.torproject.org are
allowed to share data via window.name?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16620#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list