[tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 3 15:29:37 UTC 2017
#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, TorBrowserTeam201702, | Actual Points:
tbb-7.0-must |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by mcs):
Replying to [comment:15 gk]:
> Replying to [comment:9 mcs]:
> > a) `DateTimeFormat.formatToParts`. We should verify that timezone
and/or locale not leaked to web content by new API.
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1289340
> > https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat/formatToParts
>
> That's in mozill52, right? But, yes, we should double-check that. I
opened #21608.
Thanks. That bug and the docs say it is in mozilla51, but in any case we
should take a look.
> ...
> > e) window.showModalDialog() is not available when e10s is enabled.
Should we always make it unavailable (even when e10s is disabled)? Or
maybe we don't care because we will probably enable e10s for all Tor
Browser users or none.
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1234700
>
> I think we should not care. Besides that it seems that non of our code
is using `showModalDialog()` anyway.
Okay. Kathy and I were thinking about regular web pages using that API
and/or detecting that it is not available. But there are probably other
ways to detect that e10s is enabled.
> > f) Looking through the bug lists reminded us about Web Animations
possibly providing a high resolution timing source. But we do have #18273
for that issue.
>
> I guess you mean #16337?
Yes; thanks.
> > h) We will need to set `network.dns.blockDotOnion = false`.
>
> Hm. You mean for the transparent proxying option?
I was thinking that the Firefox code would block .onion requests even when
they go through the SOCKS proxy. But you may be correct.
> > k) Is the Fetch API safe? It includes fetch events with mode=navigate,
and Kathy and I are not sure if there are any linkability concerns with
that API.
> > https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
>
> This is already #16326. Or did you find something new we should look at?
No, I don't think we found anything new. Kathy and I forgot that we had
looked at this API before. There were some small changes since Firefox 45,
but if I remember correctly they are not significant.
Thanks for making another pass at this and filing tickets!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list