[tor-bugs] #16620 [Tor Browser]: Transform window.name handling into Firefox patch
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 30 15:55:13 UTC 2015
#16620: Transform window.name handling into Firefox patch
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: mcs
Type: defect | Status:
Priority: Medium | needs_revision
Component: Tor Browser | Milestone:
Severity: Normal | Version:
Keywords: tbb-torbutton-conversion, | Resolution:
TorBrowserTeam201510R | Actual Points:
Parent ID: | Points:
Sponsor: SponsorU |
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:16 mcs]:
> Replying to [comment:14 gk]:
> > Could you try testing with
http://www.thomasfrank.se/sessvarsTestPage1.html? I am currently
recompiling my build to be absolutely sure I tested your patches but it
seems your patch does not handle this testcase (see #3414 for context).
> >
> > There seem to be in fact two issues:
> >
> > 1) If I understand this correctly then caching might bypass the
protections in your patch.
> > 2) But even if I disable caching and disable sending the Referer
header your code behaves differently than the one in 5.0.3.
>
> For the http://www.thomasfrank.se/sessvarsTestPage1.html page (which I
assume is issue 2 above), the problem is that our patch clears window.name
too soon. That page installs an unload event handler that re-saves its
"session variables" to window.name after we clear it. We are working on a
new patch that fixes this problem by relocating our code that clears
window.name.
>
> But can you explain more about issue 1? Is the concern that pages loaded
from the cache will not cause window.name to be cleared? Do you have a
test case? (if not, Kathy and I will come up with one).
Yes, that was the concern. I don't have a special test case just
http://www.thomasfrank.se/sessvarsTestPage1.html. I saw no network
requests and hence no Referers that could influence the behavior while
testing which gave me the general idea. This is no issue in our current
Torbutton patch and the behavior I saw might solely be due to the unload
event handler.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16620#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list