[tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 30 15:55:13 UTC 2015


#16620: Transform window.name handling into Firefox patch
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  mcs
     Type:  defect                               |         Status:
 Priority:  Medium                               |  needs_revision
Component:  Tor Browser                          |      Milestone:
 Severity:  Normal                               |        Version:
 Keywords:  tbb-torbutton-conversion,            |     Resolution:
  TorBrowserTeam201510R                          |  Actual Points:
Parent ID:                                       |         Points:
  Sponsor:  SponsorU                             |
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:16 mcs]:
 > Replying to [comment:14 gk]:
 > > Could you try testing with
 http://www.thomasfrank.se/sessvarsTestPage1.html? I am currently
 recompiling my build to be absolutely sure I tested your patches but it
 seems your patch does not handle this testcase (see #3414 for context).
 > >
 > > There seem to be in fact two issues:
 > >
 > > 1) If I understand this correctly then caching might bypass the
 protections in your patch.
 > > 2) But even if I disable caching and disable sending the Referer
 header your code behaves differently than the one in 5.0.3.
 >
 > For the http://www.thomasfrank.se/sessvarsTestPage1.html page (which I
 assume is issue 2 above), the problem is that our patch clears window.name
 too soon. That page installs an unload event handler that re-saves its
 "session variables" to window.name after we clear it. We are working on a
 new patch that fixes this problem by relocating our code that clears
 window.name.
 >
 > But can you explain more about issue 1? Is the concern that pages loaded
 from the cache will not cause window.name to be cleared? Do you have a
 test case? (if not, Kathy and I will come up with one).

 Yes, that was the concern. I don't have a special test case just
 http://www.thomasfrank.se/sessvarsTestPage1.html. I saw no network
 requests and hence no Referers that could influence the behavior while
 testing which gave me the general idea. This is no issue in our current
 Torbutton patch and the behavior I saw might solely be due to the unload
 event handler.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16620#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list